Crimes against children are among the most heinous and heartbreaking offenses in society. The need for swift and effective investigations to protect and seek justice for the youngest and most vulnerable members of our community is of utmost importance. In recent years, advances in technology have significantly impacted the realm of law enforcement and investigation. One such technological breakthrough is investigation case management software, a powerful tool that has revolutionized how law enforcement agencies tackle crimes against children.
In this article, we will explore the significance of investigation case management software in combatting these heinous crimes, drawing on insights from the upcoming Crimes Against Children Conference in Dallas.
The Prevalence of Crimes Against Children
Before delving into the impact of investigation case management software, it is essential to understand the gravity of crimes against children. Sadly, these offenses encompass a wide range of abuse, including physical abuse, sexual exploitation, child trafficking, and online predation. According to the National Center for Missing and Exploited Children, there were more than 1.6 million reports of child exploitation in 2021 alone, highlighting the need for robust investigative tools.
The Role of Investigation Case Management Software
Investigation case management software, such as the one offered by Case Closed Software™, has emerged as a game-changer in the fight against crimes targeting children. This advanced software solution provides law enforcement agencies with a comprehensive platform to manage and streamline investigations, making it easier for investigators to track, analyze, and act on critical information.
Streamlined Data Management and Collaboration
One of the primary challenges faced by law enforcement agencies when dealing with crimes against children is the vast amount of data involved in these investigations. From witness statements to digital evidence, the sheer volume can overwhelm investigators. Investigation case management software allows for centralized data storage, facilitating seamless collaboration among multiple departments and agencies. This streamlined data management ensures that investigators have quick access to all relevant information, leading to faster case resolutions.
Integration of Advanced Analytical Tools
Case Closed Software integrates cutting-edge analytical tools, such as link analysis and data visualization, that aid investigators in connecting the dots between seemingly unrelated pieces of information. These tools are particularly invaluable in complex cases involving child exploitation networks and online predators. By analyzing and mapping relationships between suspects, victims, and key pieces of evidence, investigators can build stronger cases and identify criminal patterns more efficiently.
Improved Case Visibility and Accountability
With investigation case management software, supervisors and administrators gain real-time visibility into ongoing cases. This enhanced oversight enables them to monitor progress, allocate resources effectively, and ensure accountability throughout the investigative process. As a result, law enforcement agencies can better prioritize cases involving children, giving these cases the attention they deserve.
Crimes Against Children Conference (CACC)
The Crimes Against Children Conference in Dallas (August 6 – 10, 2023) provides a platform for law enforcement professionals to share knowledge, best practices, and experiences related to investigating crimes against children. Incorporating investigation case management software into these discussions allows attendees to understand the software’s practical application and the advantages it offers. Moreover, it facilitates the exchange of valuable insights, enabling agencies to optimize their use of the software for more effective investigations.
Investigation case management software has emerged as a powerful ally in the fight against crimes against children. Its ability to streamline data management, facilitate collaboration, integrate advanced analytical tools, and support digital forensics has significantly improved the efficacy of law enforcement investigations. As we continue to battle the heartbreaking crimes committed against our children, the integration of technology, like the software offered by Case Closed Software, ensures that law enforcement agencies have the necessary tools to bring perpetrators to justice and protect the innocent.
By leveraging technology and fostering knowledge-sharing platforms like the Crimes Against Children Conference in Dallas, we can collectively work towards a safer and more secure future for our children.
The project arose out of a need for a sophisticated tool to help the multi-jurisdictional ICAC unit effectively triage and investigate criminal activity involving child sexual abuse materials (CSAM). In particular, we needed to come up with an investigation tool that would work around evolving laws and The Wilson Ruling of 2021.
NCMEC then creates and distributes CyberTips to appropriate law enforcement agencies and specially-trained agents.
The Anatomy of a NCMEC CyberTip for ICAC Units
Without getting too granular, a CyberTip is made up of several sections. There’s a front page, and Sections A through D. The front page will contain the date it was received, its assigned report number, and an executive summary. The executive summary will say what type of incident the report refers to, such as “Apparent Child Pornography”, and the number of files that were uploaded.
The first section of a CyberTip, Section A, has information about the reporting agency – Google, Facebook, TikTok and so on. It will also include a brief incident description, the time of the incident, the webpage involved, and the email, username, and IP address of the person reported.
Spoiler Alert… Here’s a key to The Wilson Ruling: For each file, this section says whether the reporting ESP actually viewed the file and whether the file was publicly available. We’re going to come back to this shortly.
Section B is geolocation information for the offending IP address given in the report. This helps NCMEC know which ICAC Task Force should get the tip. The ISP who owns or controls the IP address will also be listed.
Section C is for any additional information and may reference other CyberTips that are associated with the same username or IP address.
Here’s another key point related to The Wilson Ruling. The images or videos associated with the CyberTip are provided to the appropriate agency along with a PDF report, but they are NOT shown in the body of the report.
Why the CyberTip Matters
The point of describing the CyberTip here is to reinforce just how much unstructured data exists on them and foreshadow some of the pain points that ICAC teams experience in getting these CyberTips triaged.
That’s a significant component of the partnership that Case Closed Software has developed with San Diego Police Department… how to manage, de-conflict, and triage the overwhelming volume of CyberTips that each ICAC task force or investigator receives.
The other significant component of what we’ve worked on together from a technology perspective is related to how courts have applied Fourth Amendment doctrines to CSAM investigations. The Fourth Amendment, of course, is an important piece of our Bill of Rights and is supposed to protect all of us from unreasonable searches and seizures by the government.
The ICAC Investigation into Luke Noel Wilson
Let’s look at The Wilson Ruling of 2021. This came out of the court’s application of the Fourth Amendment in the case of defendant Luke Noel Wilson who, in June 2015, attached several images containing CSAM to an email on his Gmail account. Google’s screening system – which scans uploaded images and checks for identical matches in a database of confirmed CSAM – immediately flagged Wilson’s attachments as “apparent child pornography”.
Without having an employee review the attachments first, Google’s system then sent an automated report to NCMEC that included the images. As is standard policy for ESPs, the report contained information about the date and time Wilson uploaded the images, along with his email address, login information, and the IP address of the device he used to upload the images.
NCMEC subsequently forwarded the report to local law enforcement – in this case, the fine team at San Diego ICAC – where an agent reviewed the NCMEC CyberTip and inspected each of the images, confirming that they were indeed CSAM.
Relying on Google’s report and his personal observations, the agent then applied for – and obtained – a search warrant for Wilson’s email account. The agent’s affidavit accompanying the search warrant request included descriptions of the images but didn’t specifically contain any mention of matching hash values, nor any description of Google’s screening process for CSAM.
When, with search warrant in hand, the agent searched Wilson’s email account, he discovered several email exchanges in which Wilson received and sent CSAM and additionally offered to pay a woman to molest and exploit children.
Law Enforcement then obtained a search warrant for Wilson’s residence and vehicle where they discovered devices containing thousands of images of CSAM including the original four attachments. Wilson’s alleged attempt at throwing a backpack over his balcony was noticed by assisting agents and was found to contain a thumb drive full of additional Child Sexual Abuse Materials.
It was later estimated that Wilson possessed 500 videos and 11,000 images of child sexual abuse, and – a few months later – he was arrested and charged with Distribution and Possession of Child Sexual Abuse Materials.
Wilson was convicted and sentenced to 45 years in prison.
So, this seems at this point like a fairly standard ICAC case. What then happened that fundamentally changed the way ICAC units operated to triage and investigate CyberTips?
The Motion to Suppress
After his trial, Wilson filed a motion to suppress the four original attachments (the ones included in the original CyberTip) AND all evidence subsequently seized from his email account and residence, arguing that San Diego ICAC’s initial review of his attachments was a warrantless search in violation of the Fourth Amendment.
The District Court denied his motion, however, reasoning that the government does not perform a ‘search’ within the context of the Fourth Amendment when it inspects something that is ‘virtually certain’ to contain contraband.
Wilson subsequently appealed that decision to The Ninth Circuit which reversed the lower court’s decision, concluding that the agent’s viewing of the attachments violated Wilson’s 4th Amendment rights and rejecting the position that there was ‘virtual certainty’.
Basically, the Ninth Circuit said that Google’s initial report specified only the ‘general’ age of the child and the ‘general’ nature of the acts shown, and had not been viewed by any Google employee.
By viewing the four attachments without a search warrant, therefore, the higher court concluded that law enforcement unlawfully obtained new, critical information, and then used that new information to obtain warrants to search Wilson’s home and email account.
Of key importance in the ruling was the assessment that, even though Google employees viewed images identical to Wilson’s to create Google’s database of suspected CSAM, they had not viewed the actual image itself.
By contrast, after viewing the images, law enforcement could describe “the number of minors depicted, their identity, the number of adults depicted alongside the minors, the setting, and the actual sexual acts depicted.” So, even though Google’s algorithm had flagged Wilson’s attachments to a mathematical certainty that his images were “bit-for-bit” duplicates of images identified by its employees as CSAM within their database, Wilson’s motion to suppress was granted.
The fallout for ICAC Task Forces has been tremendous because of this ruling. How are ICAC units and their respective affiliates, supposed to expeditiously review, triage, and investigate a massive and growing number of CyberTips while tip-toeing around an individual’s 4th Amendment rights?
Last year, San Diego ICAC approached Case Closed Software™ with this exact set of problems and we began work on a tool designed to systematically process CyberTips – one that automates what is currently a time-consuming chain of events.
The Trouble with Triage
For most ICAC Units, individual CyberTips must be downloaded as zip files via NCMEC or IDS. Those zip files contain PDF files with unstructured text that lists:
• Reporting Agencies
• Email Addresses
• Telephone Numbers
• IP Addresses
• Hash Values
• Physical Addresses
• Sender IDs
• Recipient IDs
• Suspect Names
• Victim Names
• … and much more.
Triage administrators must:
Download each CyberTip locally
Unzip the file
Begin a long process of putting those data elements together to create a connected view of those data elements to determine solvability
And then assign to an investigator – internal or affiliate.
Oh, and then do the same for the next CyberTip… and the next one… and the next one after that.
Problem Solving for ICAC
Working with San Diego ICAC, we created a tool that allows administrators to save CyberTips directly a CJIS-Compliant ‘black box’ server instead of downloading them locally. That black box contains proprietary logic that systematically opens those zip files, pulls all of those data elements from the PDFs, grabs all of the attachments and underlying hash values, and links them into a single interface for the administrator. Important to note is that this process happens quickly and virtually eliminates the manual efforts in existence now.
We have essentially created a unique, user-friendly system where investigators cannot view attachments until they purposely elect to.
They can see usernames, IP Addresses, filenames, and an array of other information… but not the images. Images cannot be revealed until investigators have proper authority in compliance of the Wilson Ruling. It’s a simple but brilliant addition to the process that protects all parties.
Just to tie a bow around Mr. Wilson, he was eventually convicted of child molestation on the Stateside and sentenced to 25 years. He was subsequently charged and convicted of possession and distribution of CSAM on the federal side and received an additional ten years. He is where he should be, but his entire case was thrown into jeopardy when one agent viewed four files that one court felt violated his rights.
August 1, 2022 (San Diego, CA) The National Center for Missing and Exploited Children (NCMEC) is on the front lines of the fight against online crimes against children. Their ‘CyberTipline’ is the country’s centralized system for reporting the online exploitation of children.
According to NCMEC’s website, “Concerned individuals and organizations make reports of suspected online enticement of children for sexual acts, child sexual molestation, child sexual abuse material, child sex tourism, child sex trafficking, and unsolicited obscene materials sent to a child.
In the United States, there are over 60 regional ICAC Task Force agencies representing almost 5,500 individual agencies.
Sergeant Garrick Nugent is commander of the San Diego ICAC Task Force. His task force consists of roughly 33 different agencies that endeavor to work together to investigate cybercrimes against children in San Diego, Imperial, and Riverside Counties. According to Nugent, most investigations begin with NCMEC, which contacts San Diego ICAC when it believes there’s a local case. These tips, referred to as CyberTips, number in the thousands each year for San Diego ICAC alone. And that number has risen consistently over the past five years.
“I truthfully believe there are more cases,” said Nugent in a 2020 interview with a CBS affiliate in San Diego. “I wish I could say we are (keeping up with the volume). We have both children and predators that are at home. They have unprecedented access to the internet. They’ve got lots and lots of time on their hands and therefore I think we’re seeing the increase as a result.”
Dealing With Growing Volume
With each CyberTip comes a host of investigation intelligence including perpetrator usernames, unique IP addresses, suspect information, Internet Service Provider details, and much more. CyberTips also include disturbing multimedia evidence of child sexual assault materials (CSAM) that must be verified by the task force. Each CyberTip must be downloaded, opened, reviewed, verified, prioritized, and assigned to investigators who already maintain a full plate of cases to investigate. To say the problem is overwhelming is an understatement.
Since 2020, however, Nugent’s ICAC task force has worked in partnership with Texas-based Case Closed Software to develop innovative new systems designed to simplify and speed up the entire process of triaging and managing CyberTips.
The new system was implemented last year and now, according to Nugent, “greatly helps his ICAC task force to efficiently triage the NCMEC CyberTips and to control, direct, organize, review, and track our multi-agency investigations into child abuse and exploitation.”
Working Hand in Hand to Solve Problems
A quote from Nugent on Case Closed Software’s website states “This software is a must-have for ICAC units.”
Douglas Wood is the founder and CEO of Case Closed Software. According to Wood, his company has unique functionality to allow near-instant triage of CyberTips.
“As a result of our unique partnership with San Diego ICAC, users can simply save CyberTips to our CJIS-compliant cloud service, and moments later view all pertinent information for quick and effective triage”, says Wood. “They can then be assigned to any task force case agent who can use the ICAC investigation case management system to work more efficiently through investigations and prosecutions.”
The Crimes Against Children Conference
In a joint announcement, Case Closed Software and San Diego ICAC Task Force stated support for the upcoming 34th annual Crimes Against Children Conference (CACC) in Dallas, TX beginning August 8, 2022.
According to Case Closed Software, conference attendees will be able to see the ICAC task force software in action at the Exhibitor’s Hall. CCAC is presented annually by the Dallas Children’s Advocacy Center and provides training to agencies in the fields of law enforcement, social work, child protective services, child advocacy, therapy, and medicine who work directly with child victims of crime.
Case Closed Software, located in the technology hub of Austin, Texas today announced sponsorship of the 2022 Northwest Regional Internet Crimes Against Children (ICAC) Conference.
The event takes place October 6 – 8 at Microsoft Offices in Redmond, Washington.
The ICAC Task Force Program is a national network of over 60 coordinated task forces representing nearly 5,000 federal, state, and local law enforcement groups.
Case Closed Software offers ICAC units a system to quickly and efficiently triage thousands of tips each day, as well as a full investigation case management platform purpose-built for multi-jurisdictional investigations and task forces.
The company looks forward to networking with existing and future partners.