Benefits and risks of implementing cloud-based technology for child sexual abuse investigations in Australia
This paper investigates how a shared responsibility model for cloud-based infrastructure (CBI) could allow investigators to take advantage of CBI's benefits to scale, speed and inter-agency cooperation while minimising the risk to law enforcement agencies and victims.
The volume of child sexual abuse material being produced and disseminated by offenders represents a significant challenge for investigators and has necessitated the development of software to automate the processing of evidence. The challenges of processing digital evidence quickly and at scale are exacerbated by a lack of data sharing resources.
This paper proposes CBI as a scalable method to manage this material, arguing for a tailored security environment to mitigate the risks of the technology. This tailored security environment would need to satisfy three objectives:
- The CBI must meet or exceed operational and data security standards and effectively handle security threats and incidents;
- The CBI must ensure that data reside within an appropriate jurisdiction and are only shared with approved users; and
- The CBI must be protected from unauthorised access by third parties, internal bad actors and cloud provider employees, without impeding or slowing down investigatory workflows.
In the paper, the authors describe the development of an example secure environment meeting these objectives and discuss in detail the process for satisfying each.
