Research Activities

A 10member Ethics & Data Protection Advisory Board will continuously overview and monitor the implementation of project’s activities and deal with ethical and practical aspects of the project related to risk, personal data protection, safeguarding intellectual property rights, compliance with the national and EU regulations, legal and other relevant aspects of the project. The Board will undertake to prepare a set of recommendations on uniform processes & measures for governance and protection of personal and sensitive data of CSAM and CSEM victims and service users; relevant legislation and the jurisdictions of all involved parties will be taken into account to ensure that any preventive or repressive control is carried out in accordance with the applicable legislation and under the supervision of competent authorities, such as prosecutors.

The aim of WP2 is to study the necessary conditions for operating databases including hashes or other type of indicators related to CSAM and CSEM. To this end, activities under WP2 include the development of research methodology (including protocols and study visits) and conducting relevant studies including the review of currently applicable national and EU legal framework for the development and maintaining of a database including CSAM and CSEM related indicators (hashes or other) and for the collection of personal data in relation to privacy of children involved in CSAM, CSEM and grooming incidents; review of national and EU legislation and practices related to CSAM, CSEM and grooming cases’ administration; in addition, interviews with Prosecutors of Minors and/or other professionals in the field of justice will be conducted aiming to identify gaps in the national legislation that need to be addressed concerning the administration of online CSA cases, including child sexual exploitation, grooming cases and CSAM; and review of systems currently used for the classification of CSAM/CSEM types including relevant EU directives, existing work prepared by INTERPOL and taking into account the General Comment 13 of the UN Committee for the right of the child to freedom from all forms of violence [CRC/C/GC/13(2011)] focusing on the legal analysis of the article 19 of the CRC. Moreover, the development of a methodology will take place to conceptually define and operationally describe indicators other than hashes on the basis of which detection of online CSA would be facilitated taking into account existing knowledge regarding offline CSA as well as the results of the above mentioned reviews along with information security and data protection frameworks that may include material confirmed by competent authorities to constitute or to have a provable link to manifestly illegal content.

In addition, cooperating internet service providers will also participate in a series of studies (such as focus group discussions and interviews) to identify commonly accepted practices that work effectively to be recommended to scale up, avoiding in this way isolated dispersed initiatives of specific providers.

The last main activity under WP2 will focus on creating synergies with relevant EU MS stakeholders and establish linkages with projects selected under the SA CSA, given that the Commission continuously provides funding for projects fighting child sexual abuse (under both the Internal Security Fund and Horizon Europe framework programme for research and innovation). Cooperation routes will be established with relevant EU Member States’ stakeholders as well as with initiatives targeting to combat and prevent CSA, including project(s) to be selected under the specific action supporting combatting and prevention of child sexual abuse. The aim of this activity, that will be implemented in close collaboration with WP.3, will be to ensure throughout the projects’ life that the produced results can be adapted, adopted and exploited by other EU MS and the future EU Centre (in terms, for example, of developing a common classification system for the CSAM and grooming, applying common technical methods and tools to handling hashes/indicators and relevant databases, and ensuring compatibility and interoperability of the database to be developed with other relevant databases). Moreover, close cooperation with relevant initiatives will allow to timely identify what already exists avoiding in this way duplication of work and, at the same time, to ensure production of results that are in accordance with existing policies and practices in the field of online CSA prevention at EU level.

The main purpose of the project is to develop an Annotated Hash Database, which will be a database collecting hashes and their annotations from a CSAM/CSEM ontology scheme or other indicators of CSA. The providers of these hashes will be the Greek Law Enforcement Agencies (LEAs), hosting providers in Greece (upon agreement), INHOPE’s Greek Hotline for illegal Content Online (Safeline.gr), legal services and child protection-related services. LEAs will provide technical expertise under the provisions set out in the WP3, in compliance with national legislation. Relevant hash sharing will be implemented by the competent LEAs through a hash platform-interface, interconnected with a prospective national CSAM/CSEM database developed and managed by LEAs.

Furthermore, the project will create a Hash Checking Service that will allow the interfacing with LEAs and other collaborating Agencies and offer hash check capabilities to ensure whether files that contain CSAM or CSEM are either already previously identified or potentially new material. Specifically, the Service will provide three distinct HTTP based API endpoints for checking MD5 hash codes, SHA-1 hash codes, and SHA-2 hash codes, separately or in bulk. These three different services will be put in place in order to provide interoperability between the existing EU. Moreover, more research will be conducted on the matter of compatibility and interoperability in order to ensure ease of cooperation between the database and the envisaged database maintained by the EU Centre.

Both the Hash Database and the Hash Checking Service will offer enhanced security and data protection services. Namely, the Hashing Service will make use of the Salting method (add salt to the hashes) in order to make them more secure than plain hash codes of files. Furthermore, all the servers of the Hash Database and Checking Service will be hosted in FORTH premises in Heraklion-Crete. The servers will be protected by both hardware and software firewalls. Furthermore, the database will be located οn a separate server. Access to the database server will be even more restricted and will be allowed exclusively from the server that contains the Hash Checking service.

Extra attention will be paid to the physical security of the servers hosted in FORTH premises. Namely, they will be located in FORTH’s specialized data center, which is equipped with industrial strength air conditioner, automatic fire extinguishing system and a UPS supported by an external power generator, to maximize protection from physical damage. All security aspects will be overseen by the National Cybersecurity Authority of Greece, to ensure the high security standards that will be put in place for the data protection. Law Enforcement Agencies will not be the owners or responsible for the administration, management and maintaining of either the Hash Database or the Hash Checking Service. During the life of the project FORTH will own and be responsible for the administration, management and maintaining of either the Hash Database or the Checking Service.

Lastly, research will be conducted on the matter of compatibility and interoperability, as well as identification of the infrastructure and resources needed architecture and technology to be applied in order to ensure ease of cooperation with the envisaged database maintained by the EU Centre. In that direction the project will organize and conduct studies and workshops to support the development of relevant technical infrastructure, as well as to identify practices relevant to the cooperation aspects.

The main purpose of this WP is to run a pilot implementation of the Annotated Hash Database and the Hash Checking Service in real settings for specific time period and collection of hashes and indicators for CSA with the contribution of trained relevant parties–suppliers of information, assessment of its operability and reporting (if improvement is needed, necessary modifications will take place).

Furthermore, a Guide will be developed on the basis of which a series of workshops will be conducted aiming to build the capacity of ~100 first line professionals from relevant sectors (law enforcement, legal services, child protection-related services, service providers) and researchers to effective contribute/report required data (as information suppliers), including CSAM/CSEM indicators, and identified grooming incidents, during the piloting of the database and afterwards. This Guide will include necessary information about how to operate the Hash Checking Service as well as how to add annotations from the reference schema (Ontology).

Actions to strengthen synergies and dissemination of project results. WP5 activities will focus on preparation of recommendations, based mainly on analysis of the WP2-4 results, addressing national and EU policy making authorities to suggest working modes and initiatives towards a smooth cooperation between national public authorities and private entities and EU services. Other activities under WP5 will be the exploitation of results by consortium partners during and after the end of the project and the implementation of a mixture of dissemination activities using various traditional dissemination means such as press releases, publication of informative material online, presentations at national/international events and organization of an international conference addressing representatives of the most relevant stakeholders (e.g. EU LEAs). Dissemination activities will take place during the whole duration of the project at EU level, as the aim for the project’s results is to be taken up by other EU MSs and the new European Center; the support of the relevant Policy Unit of the European Commission will be requested for planning and conduction of such activities.