Predators, police in online struggle
GRAND FORKS, N.D. -- Technology is a tool wielded by investigators to tap into online networks and ferret out child pornography users and producers, but also a device that conceals child porn sharing and covers offenders' tracks online.
On one hand, increasingly widespread technology, such as encryption and peer-to-peer networks, mask the identities of child predators, while increased storage capabilities make it easy to store large amounts of content.
On the other hand, court documents show infiltration of a file-sharing network has led to criminal charges against at least two Grand Forks men.
Law enforcement, corporations and nonprofits have banded together to drive technological innovations to find and remove child porn from Internet sites, identify child porn users and producers and rescue victims.
The National Center for Missing and Exploited Children, which acts as a clearinghouse for reports of online, child sexual abuse, reels in thousands of tips daily from online messaging services such as Facebook, Google and Twitter.
The companies might alert the center to images of child porn circulating on their websites or to an email conversation in which an adult solicits a child for sex. The center then passes the reports on to law enforcement.
Under federal law, online messaging services are required to report child pornography and other forms of child sexual exploitation to the center's CyberTipline--once they are made aware of it. They are not required, however, to actively look for objectionable images or messages.
In recent years, the number of tips has exploded.
The CyberTipline pulled in 3.6 million tips through October 2015, more than three times the number of tips submitted in all of 2014, said Lindsey Olson, director of the center's Exploited Child Division. The CyberTipline received 1.1 million tips in 2014 and around half a million in 2013, she said.
Technological innovations are part of the reason behind the increase, along with concerted efforts by services such as Google and Facebook to pinpoint child predators, she said.
It was a CyberTip that led police to Robert William Beattie, 56, former chair of the University of North Dakota’s Department of Family and Community Medicine, who prosecutors say had sexually explicit images and videos of children on a flash drive.
The website Padlet--which acts as a virtual bulletin board--sent a report to the center's CyberTipline in May about a sexually explicit photograph of a child, according to court records. The photo was uploaded to Padlet using a specific IP address--which functions as a home address for a computer--and a Grand Forks Police detective traced it to Beattie, according to court papers.
Beattie was charged in August with two counts of having child porn and one count of distributing child porn in U.S. District Court in Grand Forks, to which he has pleaded not guilty.
Many websites use a tool called PhotoDNA, which was developed by Microsoft, to screen photographs uploaded to their sites for child pornography.
Facebook and Twitter are among the companies publicly using PhotoDNA to screen photos and flag and report images possibly depicting child porn.
It works by breaking down a photo into a string of numbers and letters called its hash value--basically the photo's fingerprint--and matching the hash value to that of a photo known to be child porn.
The National Center for Missing and Exploited Children keeps a database of hash values for photos known to show child porn, which it continually updates.
While law enforcement may learn of child porn offenders through the CyberTipline, some agencies have the technological tools and know-how to--on their own--seek and identify people downloading or uploading child porn online.
Court records reveal the North Dakota Bureau of Criminal Investigation has been running an undercover operation on the peer-to-peer network Freenet since 2011, which gives users access to what is called the Dark Web, where it is difficult to track Freenet users' movements online and is popular with lawbreakers, including child pornography users.
The BCI declined to be interviewed for this story.
The undercover operation resulted in the arrest of former UND police officer Paul Bradley Meagher, 42, who prosecutors say had more than 100,000 images and videos of child porn on his computers, according to court papers.
Essentially, the BCI planted its own computers within the Freenet network, according to an affidavit written by BCI Agent Jesse Smith. Their computers kept logs of certain Freenet users' IP addresses and the codes for what they were downloading, according to the affidavit. Agents then compared the codes with a database they built of codes known to be child porn.
The difficulty lies with telling who ultimately downloaded the child porn because Freenet routes traffic through multiple computers on the Freenet network.
But BCI investigators were able to devise a way to tell which IP address--and consequently, which Freenet user--ultimately was downloading the offending files.
Police also have the technological tools to quickly scan suspects' computers while in the field or carrying out a search warrant at a suspect's home or workplace.
"It's a preview forensic tool that we've been using for a long time," said Jennifer Gowan, detective with the Grand Forks Police Department and member of the state Internet Crimes Against Children Task Force. "It reaches into the computer and looks for known images or images named a certain way. We're basically just doing a broad search for keywords, phrases, search engines."
That way, police are able to pull up offending images stored on a suspect's computer on the spot and question him about it, she said.
When investigators carried out a search warrant earlier this month of UND police officer Meagher's apartment in the 1500 block of Eighth Avenue South, they found his laptop in the process of downloading images off Freenet, according to court papers.
Officers did a preview of his computer and found 10 images or videos of girls between the ages of 4 and 9 years old being sexually assaulted by adults, according to court records.
There are still challenges in investigations for which law enforcement are seeking technological solutions.
Some offenders will download child porn onto a cellphone or other mobile device while connected to a public Wi-Fi network, Gowan said.
In those cases, it is more difficult for law enforcement to identify who downloaded the image because the IP address used to download the image only traces back to the entity that subscribes to the public Wi-Fi network, she said.
There are also newer phone and computer models, which may have extra security built in. Apple products allow their owners to encrypt their data with the click of a button, which prevents detectives like Gowan from looking into an Apple computer's files unless its owner gives up the password.