Marking Progress in the Online Child Safety Ecosystem

The online child safety ecosystem has already witnessed several key improvements in the months following the April publication of a landmark Stanford Internet Observatory (SIO) report, writes Riana Pfefferkorn, formerly a research scholar at the SIO and now a policy fellow at the Stanford Institute for Human-Centered Artificial Intelligence (HAI).

On April 22, 2024, the Stanford Internet Observatory released a major report, “The Strengths and Weaknesses of the Online Child Safety Ecosystem,” analyzing issues with the pipeline, called the CyberTipline, through which online platforms report child sex abuse material (CSAM) and incidents of child sexual exploitation that occur on their services. The report concluded with a number of recommendations to the various stakeholders within this ecosystem, including the National Center for Missing and Exploited Children (NCMEC, which operates the CyberTipline), lawmakers, law enforcement, online platforms and child safety groups.

It’s now been 100 days since SIO published the report – and already, several of its recommendations have become reality. As one of the authors of the report, I continue to closely track these issues, and progress on them. Here are key recommendations from the report that have been satisfied, in full or in part, so far:

1. “Congress can alleviate legal confusion about child exploitation investigations on the part of other stakeholders. [...For example:] Cloud providers are unwilling to provide services to NCMEC for fear of liability issues. Some of these issues are addressed by the REPORT Act.”

• ✅ On May 7, President Biden signed the REPORT Act into law. The Act (which I wrote about previously for TPP) addresses liability fears by granting vendors that provide services to NCMEC (such as, putatively, cloud providers) the same limited liability that NCMEC has under existing law.

2. “Extend the retention period for electronic service providers to safely preserve reported CSAM from 90 days to at least 180 days.”

• ✅ The REPORT Act extends the mandatory retention period to 1 year.

3. “Beyond the statutory preservation period, [Congress should] authorize platforms to voluntarily preserve reported material for an additional defined time period, solely for purposes of combating child sexual exploitation and abuse.”

• ✅ The REPORT Act permits platforms to voluntarily preserve reported material beyond the new 1-year retention period “for the purpose of reducing the proliferation of online child sexual exploitation or preventing the online sexual exploitation of children.”

4. The Technology Coalition, a membership-based alliance of tech companies that work together to combat CSAM and online child sexual exploitation, “should consider providing informational resources, including information on what makes a report actionable, to platforms that cannot afford [the $10,000 minimum] membership fee and/or submit so few reports that membership might not make sense.”

• ✅ On July 18, the Tech Coalition announced Pathways, a free resource hub “available to all tech industry employees, not just Tech Coalition members, to facilitate and promote knowledge sharing of basic trust and safety practices” for fighting CSAM and protecting child safety online. The hub’s initial set of resources at launch includes, among others, an expert guide on how to report CSAM to the CyberTipline.

5. “Congress should increase NCMEC’s budget to enable it to hire more competitively in the technical division, and to dedicate more resources to CyberTipline technical infrastructure development.”

• 🟡 On July 25, the Senate appropriations committee announced a proposed fiscal year (FY) 2025 budget that would allocate $107 million to Missing and Exploited Children (MEC) Program grants, a $4 million increase over the FY 2024 budget. However, the House version of the FY25 appropriations bill would keep MEC funding at FY24 levels. Passing the federal budget is a notoriously contentious process, and it remains to be seen whether Congress will boost NCMEC’s budget in the end.

To be sure, most of these changes had been in the works for some time; SIO’s report was hardly the first to observe the need for them, and the authors do not presume to take credit for them. Yet it is worth marking progress on these meaningful measures that should immediately start having a positive impact on child safety.

As the report demonstrates, however, there are still a number of concrete steps that various actors could take to make further improvements in this domain. These include key priorities such as:

• A sustained commitment by platforms to invest engineering and personnel resources into improving the quality of their CyberTipline reports, such as by completing crucial CyberTipline form fields accurately and consistently;
• The creation by NCMEC of a prominent, easily accessible section of its website focused on onboarding online platforms, with clear information about how platforms can reach out to NCMEC to get started reporting to the CyberTipline; and
• Law enforcement partnering with qualified outside researchers to provide more transparency about what happens once CyberTipline reports get to law enforcement, including how many reports are investigated, how many lead to prosecutions and what bottlenecks exist.

Children’s online safety is an ongoing mission that requires collaboration, adaptability, patience and vigilance – and it doesn’t have an end point where victory can be declared. Nevertheless, the fact that so much could happen in so short a time shows what’s possible when different stakeholders come together to take action on a topic of undisputed importance.

Editor's note: Renée DiResta, a former research manager at Stanford Internet Observatory and a board member of Tech Policy Press, is one of the authors of the above-mentioned report.