CrimTrac shores up security for child abuse database

Police information sharing agency CrimTrac is working to improve the security controls around its national child abuse image-tracking database to be deployed by the middle of this year.

The so-called Child Exploitation Tracking System (CETS) combines data from state and federal law enforcement, following a 2010 trial by the Australian Federal Police (AFP) and Queensland Police.

It uses software developed by Microsoft in partnership with the Toronto Police Service’s Sex Crimes Unit in Canada.

Data from Australian police will be transported to CETS administrators in Canberra on encrypted physical disks, to be uploaded and stored on CrimTrac infrastructure.

A CrimTrac spokeswoman said the CETS would use equipment from its three-year Information Technology Service Continuity (ITSC) project, which concluded last year.

ITSC established primary and secondary data centre facilities. Between 2008 and 2011, CrimTrac deployed a virtualised mid-range server environment and began leasing data centre space from Canberra Data Centres in Hume.

For the CETS, CrimTrac will replace an unspecified number of routers, improve quality of service, and add “security devices” to the network, the spokeswoman said.

“An enterprise-wide project is underway to improve the maturity and expand on existing technical security controls and capabilities to provide a more robust network separation between systems,” she said.

“This will limit and contain protection attacks against the enterprise.

“This project will deliver a security-hardened CETS system including the introduction of additional firewalls which will meet both CrimTrac and [the Defence Signals Directorate’s Information Security Manual] requirements.”

Earlier this month, Minister for Home Affairs and Minister for Justice Jason Clare committed $4.58 million in federal funding for the CETS.

The system was expected to allow police to quickly process large volumes of seized child exploitation material, metadata, and intelligence information such as virtual identities and IP addresses.

Clare said the system had the ability “to analyse tens of thousands of images in one hour instead of manually examining images over the course of several weeks”.

According to CrimTrac’s spokeswoman, the CETS would facilitate collaboration and reduce the risk of duplication of work between police agencies.

All agencies’ sex crimes squads would have access to the database, she said. However, access would be limited to investigators with “a direct business need” for the information.

In the coming months, CETS administrators will install and upgrade software for processing, identifying and categorising images, and software to create reports for court proceedings.

Later versions of the system could include Microsoft’s PhotoDNA image-matching technology, used to identify child exploitation images on Facebook and Bing.