Privacy Impact Assessment (PIA) Child Victim Identification Program (CVIP) Innocent Images National Initiative (IINI)
May 9, 2003
I. Background
This PIA is conducted pursuant to the E-Government Act of 2002, P.L. 107-347, and the accompanying guidelines issued by the Office of Management and Budget (OMB) on September 26, 2003. The PIA provides information regarding the collection of personally identifiable information for the purpose of identifying, investigating, and prosecuting sexual predators who use the Internet and other online services to sexually exploit children; identifying and rescuing witting and unwitting child victims; and establishing a law enforcement presence on the Internet as a deterrent to subjects who exploit children.
The Innocent Images National Initiative (IINI), a component of FBI's Cyber Crimes Program, provides centralized coordination and analysis of case information that by its very nature is national and international in scope, requiring unprecedented coordination with state, local, and international governments, and among FBI field offices and Legal Attachés.
Today computer telecommunications have become one of the most prevalent techniques used by pedophiles to share illegal photographic images of minors and to lure children into illicit sexual relationships. The Internet has dramatically increased the access of the preferential sex offenders to the population they seek to victimize and provides them greater access to a community of people who validate their sexual preferences.
The mission of the IINI is to reduce the vulnerability of children to acts of sexual exploitation and abuse which are facilitated through the use of computers; to identify and rescue witting and unwitting child victims; to investigate and prosecute sexual predators who use the Internet and other online services to sexually exploit children for personal or financial gain; and to strengthen the capabilities of federal, state, local, and international law enforcement through training programs and investigative assistance.
The Child Victim Identification Program (CVIP), a component of the IINI, is designed to help identify the victims of individuals committing sexual exploitation of children (SEOC) offenses. It serves as a repository for images depicting identified child victims. The information contained in the CVIP should only be considered a "pointer" system. As of the date of this PIA, the CVIP involves a three step identification process:
1. Hash values are of files in the CVIP are compared to any evidence obtained by the field offices. Hash values are non-pictorial, alphanumeric values that are unique to each computer file that can serve as a "fingerprint" of a file for matching purposes and also provide security, because the original image cannot be recreated from the hash value itself.
2. If the hash value comparison is unsuccessful in locating identified victims for purposes of a child pornography prosecution, FBI field offices can request a "CVIP Catalog CD" to conduct visual comparisons of their evidence. The CVIP Catalog contains samples of files held in the CVIP.
3. If either the hash value or visual comparison method yields suspected "hits" of child pornography images that match images in the CVIP, or if a visual search develops possible suspect images from the "Lolita" series of magazines, a third step is available. If field offices are unable to match their suspect image "hits" to the proper identified victim in the CVIP Catalog CD, or if verification is necessary, they are encouraged to send the matching images (and related images) to a Baltimore Innocent Images National Initiative (IINI) Intelligence Research Specialist (IRS) who will compare the suspected images to those held in the CVIP and/or at the U.S. Customs Service Cybersmuggling Center, as needed.
The proposed upgrade to automate the CVIP system (CVIPS) will:
1. Replace or supplement step 1 by automating the output of hash value data sets to continue the current hash value comparison method and also by offering an automated hash value comparison method that can be run by any CVIPS user; and
2. Automate steps 2 and 3 into a content-based image retrieval (CBIR) search method to allow a visual search of stored images based on the appearance of the images, regardless of filename, date, time, shape, size, color, or other image changes. This search capability will enable comparisons of unknown images to known images already stored in the CVIPS. It will also be used to "pattern match" items across several images allowing a user to find an object in more than one image. CBIR will also permit full text searching capabilities, including the ability to search file names and other intelligence data. The hash value comparisons will primarily be used to eliminate duplicate images in the system. CBIR searches will be the primary method to search the database to identify victims.
II. ASSESSMENT
A. What information is to be collected?
The database will have the following data associated with victims (if it is available): identification number, internet nickname, date of birth, age at time of photography, gender, citizenship, nationality, identifying officer name, and identifying officer contact details. Other desirable data may be included, such as height, weight, hair color, and eye color, along with other physical characteristics.
B. Why is the information being collected?
The Child Victim Identification Program was created to assist field offices in their efforts to identify child pornography victims and reduce duplicative investigative efforts.
C. What is the intended use of the information?
The information will be used to compare images automatically via HASH values instead of a visual comparison of images. It also serves as a repository for images depicting identified child victims.