The Octopus Conference, held on 13 to 15 December, 2023, in Bucharest, Romania, brought together over 500 experts and professionals from around the world to delve into critical issues in the realm of cyber space.
Among the various workshops, Workshop 3 focused on the “Automatic Detection of Child Sexual Exploitation and Abuse Materials,” shedding light on the challenges posed by the growing phenomenon of online sexual exploitation and amuse (OCSEA).
The workshop emphasised the Lanzarote Convention, outlining its objectives and limitations. Interpol’s staggering statistics revealed the immense volume of Child Sexual Abuse Material (CSAM) circulating on various platforms, with 25 million CSAM images being uploaded on YouTube daily and additional content found on various other platforms, and highlighted the challenges posed by encryption and privacy concerns, such as Apple’s plan to scan iCloud and Apple devices for CSAM.
The discussions also emphasised the necessity for international hash sharing and stressed the importance of working collaboratively with both the private sector as well as the general public. Notable initiatives, such as ECPAT Sweden’s Project Arachnid and Child Rescue Coalition’s provision of free software to law enforcement, were showcased. As an example, a national study concluded by ECPAT Sweden revealed that 1 in 5 girls and 1 in 8 boys have experienced the sharing of their nude images online.
Another significant workshop, Workshop 6, delved into the threats and benefits of Generative AI in criminal justice. Participants discussed the OECD’s technological neutral definition of AI and the upcoming Convention on AI, incorporating procedural rights and safeguards. EUROPOL presented a practical toolkit – Accountability Principles for AI (APAI) – set to be available early next year, aimed at ensuring accountability in AI applications. INTERPOL introduced their AI toolkit encompassing seven resources such as guidance documents and practical tools. The intention is to assist law enforcement agencies (LEA) in choosing AI systems effectively for combating cybercrime.
The workshop explored the challenges and legal implications surrounding AI, including the accountability of ChatBots and self-driving vehicles. Questions arose about “legal personhood” for AI and new defense rights against “robot testimony.” The session underscored the need for ethical considerations, limitations, and a comprehensive understanding of the scope of Generative AI within the justice sector.
The third workshop addressed here, Workshop 14, focused on the interplay between cybersecurity and cybercrime. Microsoft data revealed a 23% rise in cyber-related cases, including 4,000 password attacks blocked per second, 156,000 Business Email Compromise (BEC) attempts daily and 1,700 DDoS (distributed denial of service) attacks per day mitigated. There has also been a rise in activities involving nation-state and state-affiliated threat actors, with Microsoft tracking 160 threats attributed to nation-state actors in the past year alone.
Cooperation emerged as a central theme between cybersecurity professionals and law enforcement, spanning inter-agency, private/public, at the national as well as international levels. As per the ENISA report “Cooperation between CSIRTs and LE, CSIRTs interact much more with law enforcement than with the prosecutors and very rarely with the judiciary. CSIRTs also provide support during investigations. However, there is still space for improvement on how CSIRTs should report/inform law enforcement/prosecutors as well as increase the usage of CSIRTs information in criminal investigations and proceedings. Since cybercrime has become a matter of national security, we need to talk about activities that not only react to a crime, but also include prevention and active defence interventions.
Successful partnerships and best practices, such as the collaboration between EU CyberNet, through the LAC4 Center, and Glacy+, as well as the successful inter-regional cyber exercises between CSIRTs and LEA implemented by CyberEast, iPROCEEDS-2 projects were highlighted as exemplars in enhancing Cyber Capacity Building in both cybersecurity and cybercrime.
This workshop also stressed the need for a clear criminal justice regulatory framework for expedited international cooperation and efficient handling of electronic evidence across borders. The 2nd Additional Protocol to the Budapest Convention on Cybercrime and Electronic Evidence was given as a tool for enhanced co-operation and disclosure of electronic evidence.
As concluded by the key messages of this year’s conference “cyberattacks, cybercrime, impunity for crime online, dis-/information, hate crime and hate speech and other cyberthreats contribute to current international crises such as wars, conflicts and insecurity; violations of international law; injustice and human rights violations; or authoritarianism and democratic back-sliding. Therefore, more cooperation, human rights and justice, accountability and effective criminal justice responses are needed.”