Case study A8/10
GCHQ
Action
Child sexual exploitation
Summarised in the Operational Case
The Review team was given details of an extensive operation targeting those involved in
child sexual exploitation (CSE) online. GCHQ managers told the Review team that its
ability to analyse secondary data gained from bulk interception has provided significant
new insight in recent months into the nature and scale of the online CSE threat to the
UK. In April 2016 alone, GCHQ identified several hundred thousand separate IP
addresses worldwide being used to access indecent images of children on the open
web. This figure is only a snapshot, and does not include access to such images through
the dark web.
This insight has challenged some of the UK’s existing thinking and plans as to how to
counter online CSE. GCHQ has also used the same capability to analyse secondary
data to assist the National Crime Agency (NCA)’s efforts to prioritise online CSE leads,
for instance of those whose online behaviour suggests they pose the greatest risk of
committing physical or sexual assaults against children. The Review team was told that,
in seeking to identify users who should be investigated as a priority, GCHQ uses criteria
that were developed by academics, law enforcement agencies and charities. The team
was given two examples of arrests made as a result of GCHQ’s CSE work.
One of those arrested was an individual who operated anonymously online to avoid
detection. After he used a VOIP provider to contact another suspect who was already
under investigation, the NCA prioritised the investigation of his activities. Despite full cooperation from the service provider, attempts to identify him were unsuccessful. Although
the NCA had discovered the anonymous online user name he had used, the details that
he had used to register them did not allow him to be tracked back to his “real world
identity” using conventional means.
GCHQ analysts applied advanced analytic techniques to secondary data that had been
obtained under bulk interception warrants and was held within GCHQ databases. The
analysts rapidly identified recent online activity by the individual and a number of current
contact details. These were passed to the NCA which was then able to obtain a genuine
name and address for the individual, leading to a swift arrest. The individual pleaded
guilty to multiple charges, including two counts of sexual abuse, and received a custodial
sentence of over 3 years as a result.
While it might be possible partially to replicate some of this work by requesting data from
CSPs (both in the UK and overseas), these means would be likely to result in a far less
165