How Does This Relate to Web-hosting Providers

If we take a look at Section 2252A of Title 18, it becomes clear that a web-hosting provider who knowingly possesses child pornography on a company owned hosting server, even if it is by contractual arrangement with a customer, can be held liable. From having worked at several web-hosting companies, I can assure you that today, most web hosting companies do not realize their liabilities in this area. 2252A states that accountable persons relating to child pornography constitutes "any person who knowingly mails, or transports, or ships in interstate or foreign commerce by any means, including by computer, any child pornography;" or any person who "knowingly receives or distributes child pornography that has been mailed, shipped, or transported in interstate or foreign commerce by any means, including by computer."

Title 18, Section 2256 contains explicit definitions which apply to pedophilia, and cyberpedophilia. In that section, it clearly states that "visual depiction includes undeveloped film and videotape, and data stored on computer disk or by electronic means which is capable of conversion into a visual image." It should be noted that "sexually explicit conduct" includes both gay, and straight sexual acts. In fact, there are many responsible gay adults who are adamantly abhorrent of some of these man-boy love web sites and would welcome the opportunity to help assist in getting them removed from the web.

At this point, Ms. Taylor went on to discuss computers and children, noting "Keeping children off the web, and off computers is not an option. In fact, we need to enable online access as much as possible, in order to enable our kids' survival as law-abiding contributing members of society."

She further explained that "in the online world, Pedophiles do not have to expose themselves as adults to have access to kids, and usually don't. Cyberpedophiles hang-out in online chat rooms, and typically pose as children themselves this is one of the reasons cyberpedophiles are so successful. They pretend to be kids, and do not get picked up on anyone's radar screen as a possible threat. So let's take a look at some of the kinds of online dangers that threaten our nations greatest treasure, our children."

Possession of child pornography is a crime. In 1996, the Child Pornography Prevention Act (CPPA) was instituted specifically to combat the use of child pornography using computer technology. Often some of the servers that these illegal images are published on also contain chat rooms which can be used to entice a one-on-one online chat with a minor.

Many webhosting companies do not even realize that they are hosting child pornography servers. Busy webhosting companies sometimes barely have enough time to answer the telephone. They sell the online publishing process, but often have no knowledge of the content that is being published. Many pornographic domain names are purposely esoteric so as to avoid scrutiny of law enforcement and the general watchful eye of the public. How many people here have ever taken a look at Whitehouse.com? Whitehouse.com is often the first stop for viewers looking for the Whitehouse website before they realize that they need to use the .gov extension and type in Whitehouse.gov.

Why Should Businesses Be Concerned About Cyberpedophilia

Criminals, including those involved in distributing pornographic material can use your website to promulgate their wares. Unless a business protects itself with firewalls, content filters, and risk management processes, it is vulnerable to penetration by these individuals for illegal purposes. If your website is used for illegal purposes, your company can be sued. Businesses are responsible not only for securing their websites against penetration, but also for insuring that the sites are not used for such illegal purposes as promoting pedophilia.

Before I start discussing how to manage cyberpedophilia, we need to first look at pedophilia in general, and understand how to identify it so that we can most expeditiously enlist the proper authorities, create processes for action, and work towards national and local solutions. As a general rule of thumb, behaviors that are illegal offline are illegal online, and obtaining a search warrant in part depends on one's ability to identify what constitutes illegal evidence. The U.S. Code, Title 18, sections 2251, 52A, and 56 are are the definitive laws that describe the sexual exploitation of children. Since part of the problem is the lack of understanding of these laws, I'm going to take the time to recite these important sections of our U.S. Code.

Section 2251 of Title 18 clearly states that anyone who meets the following requirements has participated in sexual exploitation of children: "Any person who employs, uses, persuades, induces, entices, or coerces any minor to engage in, or who has a minor assist any other person to engage in, or who transports any minor in interstate or foreign commerce, or in any Territory or Possession of the United States, with the intent that such minor engage in sexually explicit conduct for the purpose of producing any visual depiction of such conduct, shall be punished as provided under subsection (d)." And subsection (d) stipulates fined or imprisoned not less than 10 years. Section 2251 goes on to say that, "If such person knows or has reason to know that such visual depiction will be transported in interstate or foreign commerce, or mailed, if that visual depiction was produced using materials that have been mailed, shipped or transported in interstate or foreign commerce by any means, including by computer, or if such visual depiction has actually been transported in interstate or foreign commerce or mailed."

Parents, legal guardians, or anyone having custody of a minor, who "who knowingly permits such minor to engage in, or assist any other person to engage in, sexually explicit conduct for the purpose of producing any visual depiction of such conduct shall be punished as provided under subsection (d)." Schools need to be educated and informed about the dangers online, because they too are accountable and responsible for mitigating these dangers.

Fighting Cybercrime on the Internet

This note is based on a presentation on cybercrime by Laura Taylor, TEC Director of Security Research for the E-Gov 2000 Conference sponsored by SAIC on July 10, 2000 at the Washington Convention Center.

Note: Portions of this note are excerpted from the presentation, other parts are explanatory text to relate this information to the Technology community serviced by the TEC web site. Information that was not taken directly from the presentation is in blue.

I am from a company called TEC, or TechnologyEvaluation.Com, a hybrid online destination site and research consulting company in Woburn, Massachusetts and Montreal, Canada. I have been working in the capacity of Director of Security Research at TEC for almost a year. Prior to TEC, I worked as Director of Information Security for CMGi's flagship webhosting company known as Navisite. Prior to that I founded a consulting company called Relevant Technologies, which still exists, and currently I maintain a position on the board. Before that, I was CIO of Schafer Corporation.

At TEC I manage the research of security technologies and vendors, identifying and qualifying key criteria necessary to assist high-level IT decision makers in making best-choice infrastructure investments. As well, I report and analyze current security news events, pointing out how these events affect you, your network, and your organization. As businesses continue putting their web-enabled e-commerce sites, and the jewels of their infrastructure online, the importance of security and privacy is becoming increasingly critical. What I plan on talking about today is "Fighting Cybercrime on the Internet."

My research is supported by 17 years of industry experience in the Information Technology field. There are three primary aspects of cybercrime that I will be talking about today: cyberpedophilia, keeping digital evidence pure, and mitigating white collar cybercrime. The other various security topics that I will touch on will have to do with how processes and procedures can support the management of these three important Information Age Law Enforcement and Public Safety concerns. The various security processes worth understanding include, "What are the basics for managing security in an organization? What security policies do you need? And who should you call to assist you in investigating and reporting cybercrime?"