Thanks to powerful new software developed by University of Massachusetts Amherst computer scientists Brian Levine and Marc Liberatore, state law enforcement officers across the country including the Massachusetts State Police now have an extraordinarily effective tool for collecting evidence against people who possess and share illegal images and produce child pornography for the Internet.
It's currently used in 58 out of 61 Internet Crimes Against Children (ICAC) Task Forces around the nation in more than 45 states. Liberatore is presenting a paper describing the project and its results today to the 2010 Annual Digital Forensics Research Conference in Portland, Ore. Yesterday, the U.S. Department of Justice released its national strategy for preventing child exploitation. It provides the first comprehensive threat assessment of the dangers to children from child pornography, online enticement, child sex tourism and other threats.
Levine says that in the last six months, 995 search warrants have been issued as a result of his and Liberatore's work, with 2,762 cases open or completed, bringing police investigators closer to apprehension of contact offenders, that is, people who sexually exploit children to create and distribute pornographic images.
With collaborator Clay Shields, a computer scientist at Georgetown University, Levine and Liberatore received more than $460,000 in funding from the U.S. Department of Justice's National Institute of Justice to design and build software for network forensics. Levine and Liberatore have an additional $1.4 million in funding from the National Science Foundation for this digital forensics research.
The UMass Amherst computer scientists created a program they call RoundUp that allows law enforcement officers to observe and search open peer-to-peer (p2p) networks on the Internet and gather evidence of criminal possession and sharing of images. The software was designed specifically for the challenges posed by investigations of child pornography and it is exclusively used by law enforcement.
The software does not allow law officers to hack into an individual's private computer, Levine and Liberatore are quick to point out. It simply provides law enforcement with an "optimized interface for observation" which allows an investigator to watch the open activities of remote peers on the network. It's a situation they liken to a police officer observing a drug transaction on a street corner. "It's not magic and it's not hacking," says Levine. "This allows regular shoe-leather, routine police work, the steps of which can be tracked and verified just as in any other search for evidence."
The software is used by law enforcement officials who pair it with a watch list of files of interest. RoundUp alerts investigators when p2p users announce they are sharing such files. A unique aspect of the RoundUp system is its ability to aggregate information discovered by investigators using the software in one place. Using the aggregate data, the ICAC Task Forces are able to track the volume of online child pornography trafficking on an almost hourly basis.
In fact, law enforcement partners specifically asked that the software should not be highly automated except for its ability to identify the location of suspicious activity. This is to allow police investigators to retain the ability to use expert judgment, including their knowledge of the law, when following leads. "A real investigator with his or her years of experience and finely tuned sense of what is criminal activity and what is not, is always in charge of this investigative tool," Liberatore points out. "That is a very important aspect of this new trend of using the enormous capabilities of computerized data analysis to fight crime."
Nevertheless, RoundUp is an extremely powerful tool that is generating literally millions of leads worldwide every day. Law enforcement agencies from Interpol and the FBI to big-city police departments across the globe receive tips daily from leads screened by ICAC Task Force members.
Explore further: Novel graph method detects cyber-attack patterns in complex computing networks