3.1.1. Technology and Internet Service Providers (ISPs)

Participants frequently described difficulties maintaining their knowledge of technology because of its continuously changing nature. Participants from both law enforcement and the judicial system identified that they are often several technological steps behind perpetrators both producing and trafficking CSAM. The participants in this study identified challenges keeping up with and identifying new apps, software, and programs commonly used by perpetrators of CSAM. When talking about specific devices, such as cell phones, some participants further noted that the increases in storage capacity was another challenge, as was the inability to crack passwords on encrypted devices. The following quotes speak to the challenges with rapidly changing technology:

*The technology is clearly the biggest thing. I mean there's a new app, new program, new security, just about every day, let alone every month, or year. So as an organization* . . . *we're always kind of playing catch up and trying to figure out what the next thing is. (FG4, 1)*

*I think law enforcement is really constantly trying to catch up. I feel like no matter what, we're always going to be behind unless, as the companies develop it, they keep us in mind* . . . *And this is how we help law enforcement, but we're always the afterthought. (II9)*

In addition to technology changing rapidly, one participant also noted that the physical size of devices and hard drives that store CSAM are becoming smaller; as such, the ability to hide material is becoming easier and law enforcement has a harder time searching for and finding these devices. Further, participants noted that the almost universal access to technology such as cellphones, computers, and the internet has meant that it is easier than ever for perpetrators to produce and traffic CSAM. Participants identified that advances in technology have allowed perpetrators to more easily connect with one another around the globe and remain anonymous while easily trafficking materials, as well as exchanging strategies to evade law enforcement investigation and prosecution.

Some participants perceived perpetrators as continuously updating their efforts to access and traffic CSAM. For example, participants explained that perpetrators are using everything from easily accessible chat rooms and peer-to-peer networks to the Dark Web. One participant noted that some perpetrators continue to use peer-to-peer file sharing because it is easy to access and trade files, though at the same time, it is easier for law enforcement to monitor their activities on these types of networks. On the other hand, participants noted that many perpetrators have moved to using the Dark Web because it is more secure and encrypted, which aids in users' anonymity, making it more challenging for law enforcement. In the following quotes, participants discuss the different ways CSAM perpetrators use technology:

*There are di*ff*erent avenues for people to trade this imagery, through Bit Torrent and the Dark Web, you know we're just beginning to get access to that stu*ff*. The file sharing stu*ff *has been active for 10 plus years and I'm still kind of astounded how many people use it because it's open information that law enforcement monitors, but yet people continue because it's the easiest way for them to access this data. (FG16, 3)*

*You see horrible things on both sides [Dark Web and traditional platforms]. It's not necessarily a matter of what they're trading, it's just their knowledge in where and how to trade it* . . . *I think just the ones [perpetrators] who understand how to use communication on the dark side of the web, that's where they're going to go to just because they know it's more secure and they've got a better chance of staying anonymous on that side. (FG4, 1)*

Many participants noted the challenges in working with technology companies, particularly when companies must respond to warrants or provide investigators with information on user profiles. Generally, participants noted struggles with some technology companies that they perceived prioritized client privacy over prosecuting perpetrators and protecting children. In particular, one participant called it the "Snowden effect," indicating that since Edward Snowden, it has become significantly more difficult to work with ISPs, who have become much more concerned with client privacy. Participants identified that some companies were more responsive to law enforcement warrants than others. This was particularly evident when warrants came from federal as opposed to local or county authorities. For participants who worked within federal jurisdictions, they generally indicated that technology companies were forthcoming and responsive if they, as investigators, had the appropriate warrants. However, one participant spoke to both state and federal interactions with technology companies and stated:

*I don't imagine that the state system would get much response. And so, on occasion I have weighed in from my federal phone or email and that has been more helpful. (FG13, 1)*

With respect to technology company responsivity, other participants felt strongly that certain companies were not willing to work with law enforcement, were not responsive, or tried to actively work against law enforcement, even with signed warrants. Other participants noted that the protocols in place at technology companies make investigating and retrieving information difficult. For example, certain websites will notify the account holder when served with a warrant, or the companies will shut down user accounts, tipping the user to the fact that they may be under investigation. The following quotes portray participant frustration with technology companies:

*I don't have data from [Company X] because I don't have cyber tips from [Company X]. I know we are either getting images straight o*ff *the phone or we're not doing anything with [Company X] because [Company X] doesn't play ball. (FG13, 2)*

*[Company Y] showed this video* . . . *about how they review every search warrant and they look for whatever they can to reject it so they don't have to provide this information to law enforcement. (FG10, 1)*

*They [technology companies] shut the account down. They don't tell them why, but if a person has half a brain, they're thinking, 'okay, I just uploaded three child porn images and lo and behold, within a day my computer got shut down.' (FG10, 2)*
