15. ICMEC Model Legislation Flashcards
Summary
Interrnational Centre for Exploited & Missing Children (ICMEC)
Latest editional of ICMEC Model Legislation & Global Review Report. 10th Ed. 2023.
It examines international law and sets them against criteria for best practice (sort of ‘perfect’ law).
Provides a simple guide on standards in different countries.
Also has good source documents (referenced).
So what should ‘model’ law do?
- Exist with specific regard to CSAM
- Provide a definition of a CHILD then of CSAM
- Criminalise computer facilitated offences
- Criminalise the ‘knowing’ possession of CSAM (regardless of intent to distribute)
- Require ISPS to report suspected CSAM to LE / other mandated agency.
Summary (cont). The ‘Model’ Legislation is broken into 6 parts:
- Definitions
- Offences
- Mandatory Reporting
- Industry Responsibility
- Sanctions & Sentencing
- LE Investigations & Data Retention.
- DEFINITIONS
Definine a CHILD for the purposes of CSAM
“Anyone under the age of 18”
- regardless of the age of sexual consent.
Remember that while a person
under the age of 18 may be able to freely consent to sexual relations, legally, a person is not able to consent to any form of sexual exploitation, including CSAM
- DEFINITIONS (cont).
Define “child sexual abuse material” CSAM
“any representation, by whatever means, of a child engaged in real or simulated explicit sexual activities or any representation of the sexual parts of a child for primarily sexual purposes”
As well as the use of a child to create such a representation.
- OFFENCES
A. Possession of CSAM. Criminalize the knowing possession of CSAM, regardless of the intent to
distribute.
B. Criminalize knowingly downloading or knowingly viewing CSAM through ICTs and using ICTs to distribute CSAM.
C. Penalize those who make known to others where to find CSAM (e.g. posting info on where to find CSAM)
D. Criminalize the actions of parents or legal guardians who acquiesce to their child’s participation in CSAM. There can be no transfer of consent from parent to child.
E. Grooming offenses must be criminalized. Especially online grooming.
F. Punish ‘attempt’ crimes.
- MANDATORY REPORTING
A. Require ISPs & VLOPS to report suspected CSAM to LE or another mandated agency. Not found in many countries. Requires a reporting mechanism (e.g. IWF-ICMEC in UK, Cybertips etc).
B. Encourage banks, credit card companies, and others in the payments industry to report suspected CSAM to law enforcement or another mandated agency.
C. Require healthcare and social services professionals, teachers, in addition to others who come into contact with children in their everyday, professional capacity to report suspected CSAM to LE or another mandated agency.
D. Require photo developers, IT professionals, website moderators, and others who, in their everyday professional capacity, do not come into contact with children but may potentially be exposed to CSAM as a result of their job responsibilities, to report suspected CSAM to LE or another mandated agency
- INDUSTRY RESPONSIBILITY
A. Allow companies to deploy technology tools and mechanisms to protect children from online sexual abuse.
E.G filtering / blocking technologeis, scanning tools (Arachnid API, PhotoDNA etc.) GDPR can affect this so need specific legislation - complicated. Need good LE & industry coordination.
A specific exemption should be incorporated into national legislation allowing businesses to
deploy tools like these designed to protect children.
Regional legal instruments provide some guidance in this. E.G. Article 30 (5)
of the Council of Europe Convention on the Protection of Children against Sexual Exploitation and Sexual Abuse (Lanzarote Convention) requires each Party to take necessary legislative or other measures to ensure an effective investigation and prosecution
of relevant offenses; and to enable units or investigative services to identify victims by
analyzing CSAM including photographs and audio-visual recordings transmitted or made available through the use of ICTs.
Also Article 25 of the European Union (EU) Directive on Combating the Sexual Abuse and Sexual Exploitation of Children and Child Pornography requires all Member States to take the necessary measures to promptly remove web pages containing or disseminating CSAM in their territory and “to block access to web pages containing or disseminating [CSAM] towards the Internet users within their territory.”
- INDUSTRY RESPONSIBILTY (cont).
B. Require the retention and/or preservation of (non-content) data by ISP.
Re retention - distinguish between non content data (e.g traffic data - IP addresses / times / dates) & content data (the actual conent of communications).
Re preservation - this relates to the obligation to preserve data re a person under investigation after a LE request.
C. Encourage cross-sector coordination & collaboration between industry & LE (good examples incl WeProtect Global Alliance)
- SANCTIONS & SENTENCING
A. Address the criminal liability of children involved in CSAM.
There should be NO criminal liability for children involved in CSAM. This should be clearly stated in national legislation. Regardless of whether a child is a compliant victim or a noncooperative witness
B. Enhance penalties for aggravating factors e.g. repeat offenders, organized crime participants, and other factors that may be considered upon sentencing.
C. Assets must be forfeited.
Convicted defendants should be subject to forfeiture provisions that allow for the confiscation of property (devicies etc), proceeds, or assets that resulted from CSAM activities. Funds could be used to support victim programs.
- LAW ENFORCEMENT INVESTIGATIONS & DATA RETENTION
Need for legal provisions for ISPS retain & preserve data to make data available for LE.
Data retention, or the lack thereof, is one of the biggest barriers to the successful identification of a potential offender.
Thus, the purpose of mandating data retention is to prevent loss or modification of stored computer data for a specific period of time so that it can be used as evidence during an investigation. The suggestion, however, that data retention by ISPs should be mandatory has spurred active debate as opponents raised privacy and free speech concerns.
GDPR affects previous rulings from Budepest Convention & EU Directive on Retention of Data.
Evaluating Regional and International Law.
What are the main International legal instruments that address CSAM?
INTERNATIONAL
- Optional Protocol to the UN Convention on the Rights of the Child on the Sale of Children, Child Prostitution and Child Pornography (2000)
- International Labour Organization (ILO) Worst Forms of Child Labour Convention (1999)
- The African Charter on the Rights and Welfare of the Child193 and the African Union Convention on Cyber Security and Personal Data Protection
- Arab Convention on Combating Information
Technology Offences focuses on the use of ICTs to commit offenses such as the production, publication, and sale of CSAM. - The Association of Southeast Asian Nations (ASEAN)
Declaration on the Protection of Children from all Forms of Online Exploitation and Abuse in
bears mentioning. The Declaration was adopted at the 35th ASEAN Summit in November 2019 by all 10 ASEAN Member States (not legally binnding).
REGIONAL
- The Council of Europe’s Convention on Cybercrime (Budepest Convention)
- The Council of Europe’s Convention on Protection of Children Against Sexual Exploitation & Sexual Abuse (Lanzarote convention)
NON LEGAL GLOBAL INITIATIVES
That support cross-border coordination and collaboration to end the abuse, exploitation, trafficking, and all forms of violence against children
- UN Sustainable Development Goals (SDGs) of the 2030 Agenda for Sustainable development. 17 Sustainable Development Goals are a collection of
interlinked objectives designed to serve as a “shared blueprint” for peace and prosperity for people & the planet, now & into the future. Specifically, SDG 16.2
aims to ensure the protection of children’s rights and well-being and targets ending abuse, exploitation, trafficking, torture, and all forms of violence against children.
July 2023 noted that the action towards 2030 is not advancing at required speed. Therefore set up SDG
16Now campaign bringing together civil society, governments, UN agencies, philanthropic groups, and the private sector to work together to accelerate progress & bring progress towards SDGs back on track
- WeProtect Model National Response (MNR).
Supports the implementation of the SDGs with a particular focus on ending abuse, exploitation,
trafficking, and all forms of violence against children. The MNR is intended to help “countries to establish and develop coordinated national responses to online CSE” by detailing specific capabilities needed for an effective child protection approach, highlighting existing good practices, and identifying resources for further guidance / support
