A new child porn filter developed by Swedish startup NetClean Technologies may be a major breakthrough. Child porn fighting organization ECPAT is very enthusiastic.
A small software company in Göteborg, Sweden, has established itself as a leading developer of tools for blocking child pornography. NetClean Technologies" latest filter is more difficult to bypass than other existing technologies. Using image signatures from previously reported images, it blocks dubious pictures in the firewall.
"This sounds like a brilliant idea. It might even be the next step in the process. At least as a complement to existing filters," says David Lagerlöf, press secretary of ECPAT, the network that fights sexual exploitation of children.
Earlier this year, NetClean launched a product that detects child pornography on the pattern of an antivirus system. It is based on the large database of child porn images that"s operated by the Swedish national police. New images are added as soon as they are detected. The NetClean system creates unique signatures for each individual image in the database.
After the system is deployed in an organization, it is kept updated with signatures from the police database, much like how antivirus programs are updated with new definition. The system continuously scans all computers in the organization. When a match is found, the administrator is alerted.
"It is feasible to change an image so it doesn"t match the signature. But that would take some advanced changes. Also, the system is updated continuously," says Christian Sjöberg, chief executive officer of NetClean.
The new version of the filter is based on the same system of signatures, but it stops images even as they enter the firewall.
Still, it is possible to determine who downloaded the picture. In most cases it is unintentional. The image is sent as spam or a pop-up Web page.
Also, a Trojan may have been installed unbeknownst to the computer"s owner.
"The crooks like to use somebody else"s computer. They"d be very vulnerable if they published the images in a file-sharing network. In Direct Connect and Kazaa, it is very easy to trace an IP number. It"s a little bit harder in BitTorrent," says Sjöberg.
He says that it is possible to determine whether a Trojan has been installed by analyzing the patterns of downloading: For example, it might be possible to show that the computer downloaded images at times when the owner had already left the building. Another solution is to reformat the hard disk, which destroys any Trojans, and watch for continued downloading.
"If you determine that somebody is knowingly downloading child porn, you notify the person involved and the trade union, and then the police takes over," says Sjöberg.
"This sounds like something that definitely will be used by companies. Many fear that their name will be tarnished if cases like this are discovered," says ECPAT"s Lagerlöf.