Guidance

Child abuse image database (CAID): privacy notice

Updated 22 December 2023

Version 1.8

December 2023

Andrew Harrison, CAID Security & Data Protection

What is CAID?

CAID is the Child Abuse Image Database. The CAID system and data within it belongs to police forces in England, Wales, Scotland and Northern Ireland, and the National Crime Agency (NCA) – the CAID Controllers^{[footnote 1]}. It contains a library of indecent images of children and data about the images.

The protection of children from sexual abuse and exploitation is one of the most pressing social needs in the UK and across the world today. CAID helps UK police forces and the NCA address this need by improving the efficiency of investigations involving indecent images of children. This in turn leads to the arrest of offenders and the rescue of victims.

CAID holds still images, such as photographs or sketches, and videos. It is used by officers and analysts in:

• UK police forces and associated Law Enforcement bodies
• National Crime Agency (NCA)
• Internet Watch Foundation (IWF)

What data do we collect?

We collect images and videos from various sources:

• suspect devices and media seized by police forces during raids
• reports from police forces or agencies in other countries
• reports to the IWF from members of the public or discovered by IWF staff as part of their job

Images and videos may show faces or other features, such as tattoos, that can be used to identify the people in them. They may also show recognisable places.

The people in images and videos may be either:

• victims of child sexual abuse
• suspected or convicted offenders
• others, such as family members or other people who appear in images or videos but who are neither victims nor offenders

Along with the images and videos, we also collect:

• data about each image or video, generally referred to as metadata
• data about the police case, such as the case reference number
• data about faces or objects appearing in images or videos
• grading data, such as the image or video category
• hash values, which are used as identifiers for images and videos
• victim data, such as victim characteristics

The victim data held on CAID does not include the victim’s name or contact details.

How do we use personal data?

The purpose of CAID is to assist UK police forces and the NCA with:

• preventing and detecting crimes involving indecent images or videos of children in the UK and internationally
• identifying and prosecuting offenders, including contact abusers and those who upload, distribute or view indecent images or videos online
• disrupting the activities of offenders who have a sexual interest in children
• identifying and rescuing victims of child sexual abuse and exploitation, and
• protecting the welfare of staff by avoiding the need for them to view upsetting images and videos time after time

In addition, data from CAID is used:

• by the IWF to enable internet service providers, social networks and others to block or remove illegal images or videos from their services
• by specialist organisations such as digital forensics providers or the US Child Rescue Coalition to find, track and report illegal images or videos
• by the OCSAE^{[footnote 2]} Innovation Lab to evaluate new products and services that may provide fresh solutions in the fight against online child sexual abuse and exploitation
• by Regional Organised Crime Units and Counter Terrorism Units within law enforcement to check seized devices or media for indecent images or videos which need investigation and also help avoid officers accidentally viewing such images or videos during other kinds of investigation
• by the NCA for joint investigations with Europol and Interpol, which can involve sharing data from CAID with foreign law enforcement officers

To fulfil its purpose, CAID provides its users with tools to search and analyse the image library and database. New tools are incorporated into the system as they are developed.

CAID makes use of “hash values”, or simply “hashes”, to identify images or videos. A collection of hash values is referred to as a “hash set”.

A hash value is a number that is calculated from an image or video file using a standard one-way hashing function such as MD5 or PhotoDNA. Anyone can calculate the hash value of an image or video file, but it is not possible to re-create an image or video from its hash value. This makes hashes useful for sharing identifiers without having to share the actual images or videos.

Processing of suspect devices or media

Police forces are responsible for investigating crimes involving indecent images or videos in their area. Each force has its own way of working but, typically, the process is as follows:

1. Investigators seize suspect devices and data storage media such as laptop or desktop PCs, mobile phones, USB memory sticks, along with older forms of media such as CDs or DVDs.

2. The devices or media are examined by officers who make forensic copies and search for indecent images or videos. Devices can also be examined onsite as part of an onsite triage process which can identify if there is likely to be indecent images or videos present.

3. Where images or videos are found, hash values are calculated and compared against a list of “known” hashes (i.e., hashes of indecent images and videos seized previously). Other images and videos are examined to identify any “new” ones that have not previously been seen by the police.

4. New and ungraded images or videos are then graded by officers in accordance with UK sentencing guidelines.

5. Hashes and their grades are uploaded to CAID. New images and videos are also uploaded to CAID. Hashes and their grades are used to derive a set of trusted categories for images and videos using a voting system. The accumulated hash set is used to identify known indecent images and videos (step 3 above).

6. The images, videos and their categories are used in prosecutions of suspected offenders.

7. The images, videos and any data associated with them are used by intelligence and victim identification teams with the aim of prosecuting offenders and rescuing victims.

Processing of referrals from overseas

Referrals from police forces and other sources overseas are handled by the NCA Bureau. An outline of the process is as follows:

1. The NCA Bureau receives a referral and enters the details into its Child Exploitation Tracking System (CETS).

2. Referrals are graded, prioritised and assessed to determine their geolocation within the UK – the referring sources will have determined the geolocation to be somewhere in UK. This allows the NCA Bureau to determine which police force(s) to involve in the investigation.

3. Images and videos are uploaded to CAID, where police forces can access them.

4. For high priority cases, the NCA Bureau coordinates with police forces to take urgent action to arrest offenders and rescue victims.

5. For lower priority cases, the case is passed to the relevant police force for investigation and action.

6. The status of the offender and/or victim associated with an image is updated on CAID so that other officers are aware, should that image be encountered again in the future.

Referrals for Scotland are sent direct to Police Scotland, not via the NCA Bureau, and are handled according to Police Scotland procedures.

Processing of other hash sets

Hash sets from other sources (e.g., Interpol) can be incorporated into the CAID hash database. This lets CAID users know about images and videos held by other law enforcement agencies to foster international collaboration on investigations.

Image and metadata analysis

CAID provides tools for officers and analysts to analyse images, videos and associated metadata to produce a better understanding of the activities of offenders and the exploitation of victims.

For example, metadata extracted from images may be used to query approved 3rd party services to locate other images or videos on the Internet that were taken with the same device.

The analysis performed aims to provide further opportunities for law enforcement investigations and safeguarding of victims.

Processing by the IWF

The Internet Watch Foundation is a not-for-profit organisation that is funded by its members. IWF members include internet service providers, mobile network operators, hardware and software manufacturers, and other commercial companies.

The IWF is the recognised “notice and take down” body for England and Wales. As such, it is acting to prevent, detect and investigate offences involving online child sexual abuse and exploitation.

The IWF operates a hotline for individuals and organisations to report indecent images or videos online. It also seeks out other indecent content on the Internet. IWF analysts then assess the images and videos, and then report illegal ones to the police. Images and videos not already known to the police are uploaded to CAID directly by the IWF.

The IWF is also allowed access to CAID to create a hash set for images and videos it has confirmed as illegal. This hash set is shared with its members and other service providers, so they can block or remove these images or videos from their services.

Note that the IWF does not share images or videos with its members or other service providers, just the hashes.

How are we able to process this data?

The personal data processed by CAID includes information regarding criminal sexual activity involving children. The Data Protection Act defines such personal data as “special category” data requiring “sensitive processing” in a law enforcement context. The data is processed for law enforcement purposes only.

The sensitive processing performed by CAID is necessary for:

• exercise of functions conferred on police forces and the NCA by legislation
• reasons of substantial public interest
• protecting the vital interests of data subjects or others, and
• safeguarding children and individuals at risk

CAID is involved in protecting the vital interests of victims of child sexual abuse and exploitation by helping officers to identify and rescue them. This aims to protect victims from further sexual, physical, mental or emotional harm.

CAID is also used for detecting and investigating criminal offences, as well as preventing threats to public safety.

In the circumstances, it is not possible to obtain consent from the data subjects, either because the identity of the data subject is not known beforehand or because attempting to obtain consent would prejudice the rescue operation. It could also prejudice criminal investigations.

Where do we process personal data?

CAID is hosted in police data centres in the UK. The CAID image library and database are stored in these data centres – no personal data is stored outside the UK.

Vodafone is the main processor for CAID, processing data on behalf of the CAID Controllers and in accordance with an authorised Data Processing Agreement.

UK police forces, the NCA and the IWF all have local IT systems that are used to access CAID services. These are all based in the UK.

Sharing of data with other organisations, including some that may be overseas, is discussed later in this Privacy Notice.

How do we secure personal data?

Security and privacy have been built into the design of CAID, right from the start. CAID has features that enhance personal privacy and control security risks, such as:

• isolation of CAID from public networks and from other police systems
• strong encryption of images, videos and other data
• physical security to protect system assets
• careful vetting and ongoing welfare monitoring of staff with access to CAID
• controlled user access to images, videos and other data
• monitoring and auditing of user activity on the system
• regular backups of important data
• business continuity & disaster recovery provisions, and
• incident reporting and management

Security risk assessments and data protection impact assessments have been conducted and are regularly reviewed to ensure they remain accurate and reflect how the system is built and used.

CAID is formally accredited and subject to regular security testing by external organisations, as required by Government and police policies.

How long do we keep personal data?

The CAID image library forms an archive of the images and videos of child sexual abuse collected by UK police forces, the NCA and the IWF. Many of the images and videos held on CAID are retained for up to 99 years. Where possible, images and videos are deleted earlier (e.g., where officers have graded them as “ignorable”). This is necessary for the system to achieve its purpose and is in the public interest.

Other reasons for having such a long retention period are:

• the images, videos and related data are required for on-going police intelligence purposes, even after victims and offenders appearing in the images or videos have been identified
• removed images or videos would probably be re-imported into CAID as further devices or media are seized from suspected offenders, or as further images or videos are referred to UK police from overseas or from the public
• manual review by officers (as recommended by police policy) is not feasible due to the number of images and videos held in the CAID library
• new tools and technologies (e.g., artificial intelligence) can be applied to images and videos retained in the CAID national image library

Images and videos graded by officers as “ignorable” are generally not uploaded to CAID. Where ignorable images or videos have been uploaded, they are deleted during a periodic cull of unwanted images and videos from the CAID image library.

Manual deletion of individual images or videos is permitted in certain situations (e.g., where images or videos were uploaded in error or where they were incorrectly identified). In exceptional circumstances, images or videos may also be deleted at the request of an abuse victim, as described in later in this Privacy Notice. Image and video deletion is carefully controlled to prevent accidental or deliberate misuse.

Audit logs are retained for up to 50 years. This is to allow investigation of possible incidents, including “historical abuse” investigations held in the future.

When do we share personal data?

Information from CAID is currently shared with the following:

• the OCSAE Innovation Lab
• Interpol and Europol, via the NCA
• law enforcement agencies in other countries
• digital forensics suppliers who provide products or services to law enforcement
• internet and communications service providers, via the IWF, and
• Child Rescue Coalition and similar organisations

The OCSAE Innovation Lab is used to evaluate new technologies, products or services that could improve the investigation of crimes involving child sexual abuse or exploitation, and the safeguarding of victims. To enable evaluation using realistic data, subsets of images, videos and related data from CAID are shared with the Innovation Lab.

The NCA often uses data from CAID when conducting joint investigations with Europol or Interpol. This can involve sharing data from CAID with foreign law enforcement officers. Such sharing is covered by agreements between the NCA and Europol or Interpol, respectively.

Hashes and related data from CAID are shared with law enforcement agencies in other countries, and vice versa, to foster international collaboration on investigations. This enables officers to know, for example, where a victim has already been identified in another country or there is an international search for someone appearing in an image or video.

Digital forensics services suppliers may be contracted by police forces to search seized devices or media for illegal content. Hashes from CAID can be used to help with these searches.

One of the stated aims of CAID is to enable the sharing of hashes with service providers on the Internet so they can remove or block access to indecent images or videos of children. The IWF validates the image or video categories and then shares the hash set with its members, as previously described in this Privacy Notice.

Hashes from CAID are also shared with organisations such as the Child Rescue Coalition, who build technology for use by law enforcement to track and prosecute offenders who sexually abuse children.

The sharing of hashes or other information from CAID is covered by separate Information Sharing Agreements, which are duly authorised on behalf of the CAID Controllers.

In the future, hashes from CAID may be shared with:

• other UK government departments to locate / report IIoC which can then be referred and also avoid staff accidentally viewing indecent images or videos during other kinds of investigation (e.g., for tax fraud), and
• non-government agencies in the UK and overseas to detect and report illegal images on the Internet or elsewhere

Should information from CAID be shared with other organisations in the future, such sharing will be covered by formal agreements. These specify exactly what data is being shared and the purposes for which it is being shared. These purposes always relate to law enforcement.

Compliance requirements are included in each agreement. They include requirements to:

• protect the shared data against unlawful or unauthorised processing; and
• protect the shared data against accidental loss or deliberate tampering

The parties to the agreement are also required to:

• keep shared personal data strictly private and confidential
• allow access to shared personal data strictly on a “need to know” basis
• deter deliberate compromise or opportunistic attack, and
• ensure the reliability of personnel who may have access to the shared personal data

What rights do data subjects have?

The Data Protection Act allows limits to be applied to data subject rights where processing of their personal data is for law enforcement purposes. Information provided to data subjects may be restricted where it is necessary and proportionate to:

• avoid obstructing an official inquiry or investigation
• avoid prejudicing the prevention, detection, investigation or prosecution of criminal offences
• protect public security, or
• protect the rights and freedoms of others

The data subject rights that may be restricted for these reasons include:

• the right to be informed about processing of personal data
• the right of confirmation of processing and access to their personal data
• the right to rectification of inaccurate or incomplete data, and notification of any rectification performed
• the right to erasure or restriction of processing of data, and notification of any erasure or restriction performed
• the right to appropriate decision-making

The Data Protection Act also excludes data relating to child abuse from subject rights to confirmation of processing, access to data and limitations on third country transfers where this is not in the best interests of the data subject.

People appearing in images or videos (data subjects) are not routinely notified that their data is held in CAID. Many of the data subjects are unidentified; and where data subjects are identified, CAID only holds a flag (Y/N) to indicate this, together with a reference to the relevant case file. CAID does not hold the name or contact details for data subjects.

Requests from data subjects wishing to exercise their rights under the Data Protection Act are examined on a case-by-case basis and are the responsibility of the relevant police force. Any request made to CAID will be re-directed to the local police force of the requestor. All limits on data subject rights allowed by the Act will normally be applied.

However, there may be exceptional circumstances where, for example, data subjects may be told if CAID holds personal data about them or personal data may be rectified or deleted from CAID.

Note that restrictions on access to, or copying of, indecent images or videos in the Protection of Children Act 1978 and the Sexual Offences Act 2003 must also be considered. Specifically, it would be unlawful for police forces to provide data subjects with copies of indecent images or videos of children.

Data subjects do have the right to complain to the Information Commissioner’s Office if they believe that their rights have been improperly restricted.

What automated decision-making do we use?

CAID does not currently include any processing that fully automates decision-making, and there are no plans to implement fully automated decision-making in the future.

However, CAID has implemented two features that will assist officers in their decision- making. These are:

• facial matching for finding all the images or videos of a person
• artificial intelligence (AI) for finding and grading images and videos

Further AI-based features will be added in the future. These include:

• voice matching for finding videos with the same person speaking, and
• age estimation for children appearing in images or videos

Facial matching

As seized images are uploaded to CAID by police forces, they may be scanned to see if they contain one or more faces that are suitable for facial matching. Those that pass this test are “enrolled” by the facial matching facility. This involves generating a pattern for each of the faces found in the image, like a fingerprint pattern.

The database is then checked for similar patterns – the facial matching facility calculates a “similarity score” for faces compared to the newly enrolled image. Officers can then display matching images in order of similarity score. The auto-generated matches are manually confirmed or declined by the officers.

The purpose of this facility is to assist officers locate other images already in the CAID national image library depicting the same person. This should help officers to identify and rescue victims more quickly. It may also help to identify and arrest offenders, thereby preventing further abuse of victims.

Note that this facility is not being used to compare images on CAID with other collections of images outside of CAID. It is only being used to partly automate a process previously done manually. The final decision on whether a face in an enrolled image matches a face in another image is made by the officer. This guards against “false positives” where images are incorrectly picked out as depicting the same victim (or offender).

Artificial intelligence

The OCSAE Innovation Lab has conducted successful trials of assisted grading of images or videos using AI. The intention is to use AI to augment, but not entirely replace, human grading of images. The AI can be used to assign a category to the image according to UK Sentencing Guidelines using the grading system currently in use on CAID. This will reduce the need for people to view upsetting images or videos showing child sexual abuse.

AI may also be used to find likely indecent images or videos of children on seized devices or media. Images and videos found by the AI would be confirmed by an officer. The use of AI for this purpose would speed up the process of checking seized devices or media.

How can you contact us?

The CAID Controllers are the police forces in England, Wales, Scotland and Northern Ireland, and the National Crime Agency. The Lead Controller is Chief Constable Serena Kennedy of Merseyside Constabulary.

The Data Protection Officer for CAID is David Gray of Norfolk Constabulary. He can be contacted via email at David.Gray@norfolk.police.uk or in writing to:

National Online CSE Coordinator Norfolk Constabulary
OCC, Falconers Chase
Wymondham
Norfolk
NR18 0WW

The CAID Lead Controller can be contacted via the CAID Data Protection Officer.

Subject Access Requests should be addressed to your local police force. Contact details can be found on your local police force’s web site.

1. A complete list of the CAID Controllers is provided in the CAID Joint Controllers Agreement. Processing is performed by or on behalf of the CAID Controllers for law enforcement purposes. ↩

2. OCSAE = Online Child Sexual Abuse & Exploitation ↩