Benefits and risks of implementing cloud-based technology for child sexual abuse investigations in Australia

Dark technology room with overhanging cloud
Abstract

Transitioning to cloud-based infrastructure (CBI) for processing child sexual abuse material (CSAM) collected during police investigations could address resource challenges agencies currently face. While CBI provides quantifiable scalability and budgetary and inter-agency collaborative advantages, potential risks associated with data security, data sovereignty, and various legal and regulatory concerns may make agencies hesitant to make this transition. However, this paper demonstrates how a ‘shared responsibility model’ approach to cloud security can minimise risks, allowing investigators to take advantage of CBI benefits. In partnership with Oracle Corporation, we demonstrate how this could be implemented and continually monitored for new vulnerabilities within a CSAM context over time.

References

URLs correct as at June 2024

Ahmed HAS, Ali MH, Kadhum LM, Zolkipli MF & Alsariera YA 2017. A review of challenges and security risks of cloud computing. Journal of Telecommunication, Electronic and Computer Engineering 9(1–2): 87–91. https://jtec.utem.edu.my/jtec/article/view/1662

Australian Centre to Counter Child Exploitation (ACCCE) 2019. Blueprint 20192021. Australian Centre to Counter Child Exploitation. https://www.accce.gov.au/what-we-do/about-us#Blueprint

Australian Federal Police 2022. Major upgrade to database a ‘game changer’ in tracking down online predators. https://www.afp.gov.au/news-centre/media-release/major-upgrade-database-game-changer-tracking-down-online-predators

Brewer R, Westlake B, Swearingen T, Patterson S, Bright D, Ross A, Logos K & Michalski D 2023. Advancing child sexual abuse investigations using biometrics and social network analysis. Trends & issues in crime and criminal justice no. 668. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti78948

Brown R 2018. Understanding law enforcement information sharing for criminal intelligence purposes. Trends & issues in crime and criminal justice no. 566. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti101440

Chan J, Logan S & Bennett Moses L 2022. Rules in information sharing for security. Criminology & Criminal Justice 22(2): 304–322. https://doi.org/10.1177/1748895820960199

Chang V, Kuo YH & Ramachandran M 2016. Cloud computing adoption framework: A security framework for business clouds. Future Generation Computer Systems 57: 24–41. https://doi.org/10.1016/j.future.2015.09.031

Choo KKR 2010. Cloud computing: Challenges and future directions. Trends & issues in crime and criminal justice no. 400. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti281703

Collins CE 2023. Cloud storage and digital forensic evidence: Understanding misconceptions and providing answers. Lake Jackson Police Department

Coyne J, Shoebridge M & Zhang A 2020. National security agencies and the cloud: An urgent capability issue for Australia. Australian Strategic Policy Institutehttps://www.aspi.org.au/report/national-security-agencies-and-cloud-urgent-capability-issue-australia

CrimTrac 2010. CrimTrac submission to the Legal and Constitutional Affairs Committee inquiry into the Crimes Legislation Amendment (Sexual Offences Against Children) Bill 2010. https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Legal_and_Constitutional_Affairs/Completed_inquiries/
2008-10/crimessexualoffences/submissions

Department of Home Affairs 2018. Protective Security Policy Framework. https://www.protectivesecurity.gov.au/

Digital Transformation Agency 2023. Hosting Certification Framework. https://www.dta.gov.au/our-projects/hosting-strategy/hosting-certification-framework

Fatima S & Ahmad S 2019. An exhaustive review on security issues in cloud computing. KSII Transactions on Internet & Information Systems 13(6): 3219–3237. http://doi.org/10.3837/tiis.2019.06.025

George B 2013. Security issues in cloud computing. International Journal of Advanced Research in Electrical, Electronic and Instrumentation Engineering 2(S1): 631–635. https://www.ijareeie.com/special-issue-december-13

Hammouchi H, Cherqi O, Mezzour G, Ghogho M & El Koutbi M 2019. Digging deeper into data breaches: An exploratory data analysis of hacking breaches over time. Procedia Computer Science 151: 1004–1009. https://doi.org/10.1016/j.procs.2019.04.141

Hashizume K, Rosado DG, Fernández-Medina E & Fernandez EB 2013. An analysis of security issues for cloud computing. Journal of Internet Services and Applications 4(5). https://doi.org/10.1186/1869-0238-4-5

Homeland Security 2013. Immigration and Customs Enforcement: Child Exploitation Tracking System. https://www.dhs.gov/publication/dhsicepia-017a-immigration-and-customs-enforcement-child-exploitation-tracking-system

Kumar R & Goyal R 2019. On cloud security requirements, threats, vulnerabilities and countermeasures: A survey. Computer Science Review 33: 1–48. https://doi.org/10.1016/j.cosrev.2019.05.002

Lane M, Shrestha A & Ali O 2017. Managing the risks of data security and privacy in the cloud: A shared responsibility between the cloud service provider and the client organisation. The Bright Internet Global Summit, Seoul

Leclerc B, Cale J, Holt T & Drew J 2022. Child sexual abuse material online: The perspective of online investigators on training and support. Policing: A Journal of Policy and Practice 16(1): 762–776. https://doi.org/10.1093/police/paac017

Maniah, Abdurachman E, Gaol FL, Soewito B 2019. Survey on threats and risks in the cloud computing environment. Procedia Computer Science 161: 1325–1332. https://doi.org/10.1016/j.procs.2019.11.248

Mell P & Grance T 2011. The NIST definition of cloud computing. Report no. SP 800-145. National Institute of Standards and Technology. https://csrc.nist.gov/pubs/sp/800/145/final

Mitchell AD & Samlidis T 2022. Cloud services and government digital sovereignty in Australia and beyond. International Journal of Law and Information Technology 29(4): 364–394. https://doi.org/10.1093/ijlit/eaac003

Mitchell KJ, Gewirtz-Meydan A, O’Brien J & Finkelhor D 2022. Practices and policies around wellness: Insights from the Internet Crimes Against Children Task Force Network. Frontiers in Psychiatry 13. https://doi.org/10.3389/fpsyt.2022.931268

Morioka E & Sharbaf MS 2016. Digital forensics research on cloud computing: An investigation of cloud forensics solutions. In 2016 IEEE Symposium on Technologies for Homeland Security (HST). Waltham, MA: 1–6. https://doi.org/10.1109/THS.2016.7568909

National Center for Missing and Exploited Children 2022. 2021 annual reporthttps://www.missingkids.org/footer/about/annual-report

Oracle 2023a. Dynamic routing gateways. https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingDRGs.htm

Oracle 2023b. Virtual cloud network. https://www.oracle.com/cloud/networking/virtual-cloud-network/

Oracle 2023c. Overview of Object Storage.
https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm 

Oracle 2023d. Container engine for kubernetes. https://www.oracle.com/cloud/cloud-native/container-engine-kubernetes/

Oracle 2023e. Cloud Guard. https://www.oracle.com/security/cloud-security/cloud-guard/

Redmond T, Conway P, Bailey S, Lee P & Lundrigan S 2023. How we can protect the protectors: Learning from police officers and staff involved in child sexual abuse and exploitation investigations. Frontiers in Psychology 14. https://doi.org/10.3389/fpsyg.2023.1152446

Reilly D, Wren C & Berry T 2011. Cloud computing: Pros and cons for computer forensic investigations. International Journal Multimedia and Image Processing 1(1/2): 26–34. http://doi.org/10.20533/ijmip.2042.4647.2011.0004

Ridgeway G 2018. Policing in the era of big data. Annual Review of Criminology 1: 401–419. https://doi.org/10.1146/annurev-criminol-062217-114209

Sanchez L, Grajeda C, Baggili I & Hall C 2019. A practitioner survey exploring the value of forensic tools, AI, filtering, & safer presentation for investigating child sexual abuse material (CSAM). Digital Investigation 29: 124–142. https://doi.org/10.1016/j.diin.2019.04.005

Shah S & Mehtre BM 2015. An overview of vulnerability assessment and penetration testing techniques. Journal of Computer Virology and Hacking Techniques 11(1): 27–49. https://doi.org/10.1007/s11416-014-0231-x

Singh S, Jeong YS & Park JH 2016. A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications 75: 200–222. https://doi.org/10.1016/j.jnca.2016.09.002

Standards Australia 2003. Guidelines for the management of IT evidence. HB 171-2003. Sydney: Standards Australia International

Strickland C, Kloess JA & Larkin M 2023. An exploration of the personal experiences of digital forensics analysts who work with child sexual abuse material on a daily basis: “You cannot unsee the darker side of life”. Frontiers in Psychology 14. https://doi.org/10.3389/fpsyg.2023.1142106

Tabrizchi H & Rafsanjani MK 2020. A survey on security challenges in cloud computing: Issues, threats, and solutions. Journal of Supercomputing 76: 9493–9532. https://doi.org/10.1007/s11227-020-03213-1

Tian Y, Tian J & Li N 2020. Cloud reliability and efficiency improvement via failure risk based proactive actions. Journal of Systems and Software 163: 110524. https://doi.org/10.1016/j.jss.2020.110524

Torkura KA, Sukmana MI, Cheng F& Meinel C 2021. Continuous auditing and threat detection in multi-cloud infrastructure. Computers & Security 102: 102124. https://doi.org/10.1016/j.cose.2020.102124

Victorian Auditor-General’s Office 2018. Police management of property and exhibits. https://www.audit.vic.gov.au/report/police-management-property-and-exhibits

Vistro DM, Rehman AU, Mehmood S, Idrees M & Munawar A 2020. A literature review on security issues in cloud computing: Opportunities and challenges. Journal of Critical Reviews 7(10): 1446–1455. https://www.jcreview.com/issue.php?volume=Volume 7 &issue=Issue-10&year=2020

Westlake BG, Brewer R, Swearingen T, Ross A, Patterson S, Michalski D, Hole M, Logos K, Frank R, Bright D & Afana E 2022. Developing automated methods to detect and match face and voice biometrics in child sexual abuse videos. Trends & issues in crime and criminal justice no. 648. Canberra: Australian Institute of Criminology. https://doi.org/10.52922/ti78566