1.3.1. Procedural Challenges to Investigating CSAM

Law enforcement professionals face numerous challenges in investigating and prosecuting cases of CSAM. The sheer number of CSAM reports to NCMEC's CyberTipline, currently surpassing one million a month, far exceeds the capabilities of NCMEC and law enforcement to adequately respond (Bursztein et al. 2019; NCMEC 2019). While the number of reports is astounding, this likely accounts for only a fraction of the CSAM in existence. Although federal law mandates that ISPs report known or suspected cases of child victimization to NCMEC's CyberTipline "as soon as reasonably possible," ISPs are not required to actively look for CSAM on their internet platforms, and savvy perpetrators can easily evade detection (18 USCA Section 2258(A); Henzey 2011). As ISPs are for-profit entities, committing personnel and resources to monitoring servers for CSAM may not be a top priority (McCabe 2008). However, the drastic increase in ISP reports may indicate these companies are beginning to take the issue of CSAM on their networks more seriously (Keller and Dance 2019). Google, Microsoft, Facebook, and Twitter are utilizing technologies to block trafficking of CSAM and user accounts through technology that generates a digital fingerprint for known abuse imagery and then scans user-generated content for these digital fingerprints (Bursztein et al. 2019).

However, once a report is made, police records show that ISPs often take weeks or months to respond to inquiries from state and local law enforcement agencies regarding CSAM—if they respond at all (Keller and Dance 2019). When they do fully cooperate, encryption technology meant to safeguard user privacy facilitates perpetrator concealment of CSAM (Keller and Dance 2019). Frustrating law enforcement investigations further, users may be notified by ISPs that their accounts are being blocked or taken down, giving perpetrators a head start in hiding or destroying evidence. Additionally, federal law only requires ISPs to preserve user material pertaining to CSAM for 90 days (18 USCA Section 2257(A)).

Furthermore, offenders who traffic CSAM are often on the cutting edge of technology, utilizing virtual private networks (VPNs), encryption techniques in messaging apps, peer-to-peer sharing networks (P2P), and Tor (Dark Web) to conceal their online activity (Bursztein et al. 2019; Keller and Dance 2019). One research study into Tor hidden services found that 80% of total requests were for abuse sites, predominantly CSA (Owen and Savage 2016). The authors indicated that these abuse sites were "easily identifiable in the meta data, suggesting webmasters had confidence that Tor would provide robust anonymity" (Owen and Savage 2016, pp. 4–5).
