Atlanta, Georgia – (January 2, 2024) The Georgia Internet Crimes Against Children (ICAC) Task Force, housed within the Georgia Bureau of Investigation (GBI), has announced the deployment of Case Closed Software™ to enhance its efforts in combating online child predators. The software will play a pivotal role in streamlining the handling of CyberTips from the National Center for Missing & Exploited Children (NCMEC), enabling law enforcement professionals to prioritize and investigate cases with greater precision and effectiveness.
The software’s powerful features provide invaluable support in the fight against child exploitation, ultimately making the community safer for everyone. Key features of the Case Closed Software include:
1. CyberTip Triage: The software allows for the efficient categorization of CyberTips received from NCMEC, ensuring that each tip is promptly reviewed and acted upon.
2. Case Management: It facilitates the seamless organization and tracking of investigations, digital evidence, physical evidence, supplemental reports, and entity management, making it easier for law enforcement agencies to manage their ICAC caseloads.
3. Data Analysis: The software offers advanced analytical tools, which can help identify patterns and connections among cases, aiding in the identification and capture of perpetrators.
4. User-Friendly Interface: Designed with the end user in mind, the software offers an intuitive and user-friendly interface, ensuring that law enforcement personnel can maximize its capabilities without extensive training.
The Georgia ICAC Task Force, under the leadership of GBI Director Chris Hosey, is committed to protecting children from online predators. The adoption of Case Closed Software’s innovative solution will enable the task force to better triage CyberTips from NCMEC, determine any connections across disparate CyberTips, and assign the cases to appropriate investigators and affiliates for investigative management purposes.
For more information about Case Closed Software, please visit https://www.caseclosedsoftware.com/icac
March 23, 2023 (Austin, TX) We are proud to announce that Case Closed Software™ has achieved TX-RAMP Certification, a prestigious recognition that demonstrates our commitment to providing secure and reliable software solutions for our clients.
The Texas Risk Assessment and Mitigation Program (TX-RAMP) certification is awarded to companies that have met strict security standards and have implemented robust risk assessment and mitigation processes. This certification recognizes our dedication to providing our clients with the highest level of security and reliability in our software solutions.
At Case Closed Software, we understand the importance of protecting sensitive data and confidential information. That’s why we have invested heavily in developing a secure software platform that meets the rigorous security standards required by TX-RAMP certification.
We believe that this certification is a testament to our commitment to providing our clients with the best possible software solutions while maintaining the highest level of security and reliability. We are proud to have achieved this certification and look forward to continuing to provide our clients with the best possible service.
Waco, Texas – The City of Waco Police Department has selected specialized criminal investigation software from Case Closed Software™ to manage investigations into gangs and narcotics crimes. The new software will provide officers with the tools they need to effectively investigate and track criminal activity in these areas, allowing them to more efficiently gather and analyze data to build strong cases.
“Gang and narcotics crimes are two of the most serious challenges facing law enforcement agencies in Waco and across the country”, said Case Closed Software’s CEO Douglas Wood. “These crimes often involve complex networks of individuals and can be difficult to investigate and prosecute. The new software will help better identify and track criminal activity, and build stronger cases against those who would do harm.”
According to recent data from the Waco Police Department, narcotics-related offenses have been on the rise in recent years, with a particular increase in the abuse of opioids and other prescription drugs. The department has also reported a rise in gang activity, with several local gangs being linked to drug trafficking and other serious crimes.
Case Closed Software is a leading provider of CJIS-compliant, cloud-based criminal investigation software and has been deployed by law enforcement agencies across the country. The software is designed specifically to help investigators manage complex cases involving gangs and narcotics, providing tools for gang analysis, investigation management, and organizational reporting.
The new software is expected to be implemented in the coming weeks, and officers will receive training on how to use it effectively. The City of Waco Police Department remains committed to providing the highest level of service to the community and will continue to explore new technologies and tools to support its mission.
Case Closed Software has also recently announced that its software was being deployed for Baldwin County (GA) Sheriff’s Office.
The project arose out of a need for a sophisticated tool to help the multi-jurisdictional ICAC unit effectively triage and investigate criminal activity involving child sexual abuse materials (CSAM). In particular, we needed to come up with an investigation tool that would work around evolving laws and The Wilson Ruling of 2021.
NCMEC then creates and distributes CyberTips to appropriate law enforcement agencies and specially-trained agents.
The Anatomy of a NCMEC CyberTip for ICAC Units
Without getting too granular, a CyberTip is made up of several sections. There’s a front page, and Sections A through D. The front page will contain the date it was received, its assigned report number, and an executive summary. The executive summary will say what type of incident the report refers to, such as “Apparent Child Pornography”, and the number of files that were uploaded.
The first section of a CyberTip, Section A, has information about the reporting agency – Google, Facebook, TikTok and so on. It will also include a brief incident description, the time of the incident, the webpage involved, and the email, username, and IP address of the person reported.
Spoiler Alert… Here’s a key to The Wilson Ruling: For each file, this section says whether the reporting ESP actually viewed the file and whether the file was publicly available. We’re going to come back to this shortly.
Section B is geolocation information for the offending IP address given in the report. This helps NCMEC know which ICAC Task Force should get the tip. The ISP who owns or controls the IP address will also be listed.
Section C is for any additional information and may reference other CyberTips that are associated with the same username or IP address.
Here’s another key point related to The Wilson Ruling. The images or videos associated with the CyberTip are provided to the appropriate agency along with a PDF report, but they are NOT shown in the body of the report.
Why the CyberTip Matters
The point of describing the CyberTip here is to reinforce just how much unstructured data exists on them and foreshadow some of the pain points that ICAC teams experience in getting these CyberTips triaged.
That’s a significant component of the partnership that Case Closed Software has developed with San Diego Police Department… how to manage, de-conflict, and triage the overwhelming volume of CyberTips that each ICAC task force or investigator receives.
The other significant component of what we’ve worked on together from a technology perspective is related to how courts have applied Fourth Amendment doctrines to CSAM investigations. The Fourth Amendment, of course, is an important piece of our Bill of Rights and is supposed to protect all of us from unreasonable searches and seizures by the government.
The ICAC Investigation into Luke Noel Wilson
Let’s look at The Wilson Ruling of 2021. This came out of the court’s application of the Fourth Amendment in the case of defendant Luke Noel Wilson who, in June 2015, attached several images containing CSAM to an email on his Gmail account. Google’s screening system – which scans uploaded images and checks for identical matches in a database of confirmed CSAM – immediately flagged Wilson’s attachments as “apparent child pornography”.
Without having an employee review the attachments first, Google’s system then sent an automated report to NCMEC that included the images. As is standard policy for ESPs, the report contained information about the date and time Wilson uploaded the images, along with his email address, login information, and the IP address of the device he used to upload the images.
NCMEC subsequently forwarded the report to local law enforcement – in this case, the fine team at San Diego ICAC – where an agent reviewed the NCMEC CyberTip and inspected each of the images, confirming that they were indeed CSAM.
Relying on Google’s report and his personal observations, the agent then applied for – and obtained – a search warrant for Wilson’s email account. The agent’s affidavit accompanying the search warrant request included descriptions of the images but didn’t specifically contain any mention of matching hash values, nor any description of Google’s screening process for CSAM.
When, with search warrant in hand, the agent searched Wilson’s email account, he discovered several email exchanges in which Wilson received and sent CSAM and additionally offered to pay a woman to molest and exploit children.
Law Enforcement then obtained a search warrant for Wilson’s residence and vehicle where they discovered devices containing thousands of images of CSAM including the original four attachments. Wilson’s alleged attempt at throwing a backpack over his balcony was noticed by assisting agents and was found to contain a thumb drive full of additional Child Sexual Abuse Materials.
It was later estimated that Wilson possessed 500 videos and 11,000 images of child sexual abuse, and – a few months later – he was arrested and charged with Distribution and Possession of Child Sexual Abuse Materials.
Wilson was convicted and sentenced to 45 years in prison.
So, this seems at this point like a fairly standard ICAC case. What then happened that fundamentally changed the way ICAC units operated to triage and investigate CyberTips?
The Motion to Suppress
After his trial, Wilson filed a motion to suppress the four original attachments (the ones included in the original CyberTip) AND all evidence subsequently seized from his email account and residence, arguing that San Diego ICAC’s initial review of his attachments was a warrantless search in violation of the Fourth Amendment.
The District Court denied his motion, however, reasoning that the government does not perform a ‘search’ within the context of the Fourth Amendment when it inspects something that is ‘virtually certain’ to contain contraband.
Wilson subsequently appealed that decision to The Ninth Circuit which reversed the lower court’s decision, concluding that the agent’s viewing of the attachments violated Wilson’s 4th Amendment rights and rejecting the position that there was ‘virtual certainty’.
Basically, the Ninth Circuit said that Google’s initial report specified only the ‘general’ age of the child and the ‘general’ nature of the acts shown, and had not been viewed by any Google employee.
By viewing the four attachments without a search warrant, therefore, the higher court concluded that law enforcement unlawfully obtained new, critical information, and then used that new information to obtain warrants to search Wilson’s home and email account.
Of key importance in the ruling was the assessment that, even though Google employees viewed images identical to Wilson’s to create Google’s database of suspected CSAM, they had not viewed the actual image itself.
By contrast, after viewing the images, law enforcement could describe “the number of minors depicted, their identity, the number of adults depicted alongside the minors, the setting, and the actual sexual acts depicted.” So, even though Google’s algorithm had flagged Wilson’s attachments to a mathematical certainty that his images were “bit-for-bit” duplicates of images identified by its employees as CSAM within their database, Wilson’s motion to suppress was granted.
The fallout for ICAC Task Forces has been tremendous because of this ruling. How are ICAC units and their respective affiliates, supposed to expeditiously review, triage, and investigate a massive and growing number of CyberTips while tip-toeing around an individual’s 4th Amendment rights?
Last year, San Diego ICAC approached Case Closed Software™ with this exact set of problems and we began work on a tool designed to systematically process CyberTips – one that automates what is currently a time-consuming chain of events.
The Trouble with Triage
For most ICAC Units, individual CyberTips must be downloaded as zip files via NCMEC or IDS. Those zip files contain PDF files with unstructured text that lists:
• Reporting Agencies
• Email Addresses
• Telephone Numbers
• IP Addresses
• Hash Values
• Physical Addresses
• Sender IDs
• Recipient IDs
• Suspect Names
• Victim Names
• … and much more.
Triage administrators must:
Download each CyberTip locally
Unzip the file
Begin a long process of putting those data elements together to create a connected view of those data elements to determine solvability
And then assign to an investigator – internal or affiliate.
Oh, and then do the same for the next CyberTip… and the next one… and the next one after that.
Problem Solving for ICAC
Working with San Diego ICAC, we created a tool that allows administrators to save CyberTips directly a CJIS-Compliant ‘black box’ server instead of downloading them locally. That black box contains proprietary logic that systematically opens those zip files, pulls all of those data elements from the PDFs, grabs all of the attachments and underlying hash values, and links them into a single interface for the administrator. Important to note is that this process happens quickly and virtually eliminates the manual efforts in existence now.
We have essentially created a unique, user-friendly system where investigators cannot view attachments until they purposely elect to.
They can see usernames, IP Addresses, filenames, and an array of other information… but not the images. Images cannot be revealed until investigators have proper authority in compliance of the Wilson Ruling. It’s a simple but brilliant addition to the process that protects all parties.
Just to tie a bow around Mr. Wilson, he was eventually convicted of child molestation on the Stateside and sentenced to 25 years. He was subsequently charged and convicted of possession and distribution of CSAM on the federal side and received an additional ten years. He is where he should be, but his entire case was thrown into jeopardy when one agent viewed four files that one court felt violated his rights.
Today’s complex criminal and serious investigations cannot be effectively managed with thumb drives, SharePoint, cloud folders, paper forms, and sticky notes. Times have changed and the introduction of investigation management and case investigation software is now an integral part of any specialized investigative agency.
What is Investigation Software?
Investigation case management software such as that from Case Closed Software™ is a purpose-built system that assists investigators triage investigative cases, track the involved entities, record supplemental reports and case actions, and generally help users close cases faster and more efficiently.
Investigation software (aka case management software) is specifically designed to help users collaborate and work efficiently with team members – whether they are across the aisle, or across the globe.
Investigation management software is more than fancy graphs and big data analytics. It’s also more than simple incident tracking. Many vendors will try to convince you otherwise because they lack true case management functionality.
True investigation case management software allows agencies of any type to triage new tips and leads, assign them to appropriate agents, track all related case entities such as people, places, and things (vehicles, evidence, organizations, IP Addresses, etc) in an easy-to-use and intuitive fashion.
Importantly, investigation software and incident management software allows agencies including law enforcement, anti-human trafficking groups, drug task forces, national police agencies, federal agencies, internet crimes against children (ICAC) task forces and more can quickly log and analyze all investigative case materials with built-in flexible workflow for approvals.
Top 20 Things to Look For When Procuring a Case Management System
When considering investigation case management software, agencies should look for the following must-haves:
A proven and delighted install base.
Tips and Leads management with the ability to promote them to a full investigation.
Master databases (fully searchable) of all case entities
Organizations and gang databases for organized crime
Real time multi-language functionality
28 CFR Part 23 compliant Criminal Intelligence
Evidence management including full chain of custody
Case Visualization and Link Analysis
Confidential Informants and whistleblower management
Criminal charges and statutes functionality
Task and Assignments management
Criminal Justice Information Systems (CJIS) Compliance
Photo lineup functionality
Remote Case Review (For sharing with prosecutors or LE)
Customizable case reports
World-class support and system maintenance
In short, investigation management software helps you conduct more efficient and, effective investigations. Case Closed Software is the leader in the investigation case management industry.
U.S. based Case Closed Software™ is a recognized leader in the development of investigation case management software and is a true investigation software company.