This is the accessible text file for GAO report number GAO-03-537T 
entitled 'File-Sharing Programs: Child Pornography Is Readily 
Accessible over Peer-to-Peer Networks' which was released on March 13, 

This text file was formatted by the U.S. General Accounting Office 

(GAO) to be accessible to users with visual impairments, as part of a 

longer term project to improve GAO products’ accessibility. Every 

attempt has been made to maintain the structural and data integrity of 

the original printed product. Accessibility features, such as text 

descriptions of tables, consecutively numbered footnotes placed at the 

end of the file, and the text of agency comment letters, are provided 

but may not exactly duplicate the presentation or format of the printed 

version. The portable document format (PDF) file is an exact electronic 

replica of the printed version. We welcome your feedback. Please E-mail 

your comments regarding the contents or accessibility features of this 

document to


Before the Committee on Government Reform, House of Representatives:

United States General Accounting Office:


For Release on Delivery Expected at 10 a.m. EST on Thursday

March 13, 2003:

File-Sharing Programs:

Child Pornography Is Readily Accessible over Peer-to-Peer Networks:

Statement of Linda D. Koontz 

Director, Information Management Issues:


GAO Highlights:

Highlights of GAO-03-537T, a testimony before the Committee on 

Government Reform, House of Representatives

Why GAO Did This Report:

The availability of child pornography has dramatically

increased in recent years as it has migrated from printed material to

the World Wide Web, becoming accessible through Web sites, chat

rooms, newsgroups, and now the increasingly popular peer-to-peer

file-sharing programs. These programs enable direct

communication between users, allowing users to access each

other’s files and share digital music, images, and video.

GAO was requested to determine the ease of access to child

pornography on peer-to-peer networks; the risk of inadvertent

exposure of juvenile users of peer-to-peer networks to pornography,

including child pornography; and the extent of federal law

enforcement resources available for combating child pornography

on peer-to-peer networks. GAO’s report on the results of this work

(GAO-03-351) is being released today along with this testimony.

Because child pornography cannot be accessed legally other than by

law enforcement agencies, GAO worked with the Customs Cyber-

Smuggling Center in performing searches: Customs downloaded

and analyzed image files, and GAO performed analyses based on

keywords and file names only.

What GAO Found:

Child pornography is easily found and downloaded from peer-to-peer

networks. In one search, using 12 keywords known to be associated with

child pornography on the Internet, GAO identified 1,286 titles and 

file names, determining that 543 (about 42 percent) were associated 

with child pornography images. Of the remaining, 34 percent were 

classified as adult pornography and 24 percent as nonpornographic. In 

another search using three keywords, a Customs analyst downloaded 341 

images, of which 149 (about 44 percent) contained child pornography 

(see the figure below).These results are consistent with increased 

reports of child pornography on peer-to-peer networks; since it began 

tracking these in 2001, the National Center for Missing and Exploited 

Children has seen a fourfold increase—from 156 reports in 2001 to 757 

in 2002. Although the numbers are as yet small by comparison to those 

for other sources (26,759 reports of child pornography on Web sites 

in 2002), the increase is significant.

Juvenile users of peer-to-peer networks are at significant risk of 

inadvertent exposure to pornography, including child pornography. 

Searches on innocuous keywords likely to be used by juveniles (such 

as names of cartoon characters or celebrities) produced a high 

proportion of pornographic images: in our searches, the retrieved 

images included adult pornography (34 percent), cartoon pornography 

(14 percent), child erotica (7 percent), and child pornography 

(1 percent).

While federal law enforcement agencies—including the FBI, Justice’s 

Child Exploitation and Obscenity Section, and Customs—are devoting 

resources to combating child exploitation and child pornography in 

general, these agencies do not track the resources dedicated to 

specific technologies used to access and download child pornography 

on the Internet. Therefore, GAO was unable to quantify the resources 

devoted to investigating cases on peerto-peer networks. According to 

law enforcement officials, however, as tips concerning child 

pornography on peer-to-peer networks escalate, law enforcement 

resources are increasingly being focused on this area.

Mr. Chairman and Members of the Committee:

Thank you for inviting us to discuss the results of our work on the 

availability of child pornography on peer-to-peer networks, which we 

provided to you in a report being released today.[Footnote 1]

In recent years, child pornography has become increasingly available as 

it has migrated from magazines, photographs, and videos to the World 

Wide Web. As you know, a great strength of the Internet is that it 

includes a wide range of search and retrieval technologies that make 

finding information fast and easy. However, this capability also makes 

it easy to access, disseminate, and trade pornographic images and 

videos, including child pornography. As a result, child pornography has 

become accessible through Web sites, chat rooms, newsgroups, and the 

increasingly popular peer-to-peer technology, a form of networking that 

allows direct communication between computer users so that they can 

access and share each other’s files (including images, video, and 


As requested, in my remarks today, I summarize the results of our 

review, whose objectives were to determine:

* the ease of access to child pornography on peer-to-peer networks;

* the risk of inadvertent exposure of juvenile users of peer-to-peer 

networks to pornography, including child pornography; and:

* the extent of federal law enforcement resources available for 

combating child pornography on peer-to-peer networks.

We also include an attachment that briefly discusses how peer-to-peer 

file sharing works.

Results in Brief:

It is easy to access and download child pornography over peer-to-peer 

networks. We used KaZaA, a popular peer-to-peer file-sharing 

program,[Footnote 2] to search for image files, using 12 keywords known 

to be associated with child pornography on the Internet.[Footnote 3] Of 

1,286 items identified in our search, about 42 percent were associated 

with child pornography images. The remaining items included 34 percent 

classified as adult pornography and 24 percent as nonpornographic. In 

another KaZaA search, the Customs CyberSmuggling Center used three 

keywords to search for and download child pornography image files. This 

search identified 341 image files, of which about 44 percent were 

classified as child pornography and 29 percent as adult pornography. 

The remaining images were classified as child erotica[Footnote 4] (13 

percent) or other (nonpornographic) images (14 percent). These results 

are consistent with observations of the National Center for Missing and 

Exploited Children, which has stated that peer-to-peer technology is 

increasingly popular for disseminating child pornography. Since 2001, 

when the center began to track reports of child pornography on peer-to-

peer networks, such reports have increased more than fourfold--from 156 

in 2001 to 757 in 2002.

When searching and downloading images on peer-to-peer networks, 

juvenile users can be inadvertently exposed to pornography, including 

child pornography. In searches on innocuous keywords likely to be used 

by juveniles, we obtained images that included a high proportion of 

pornography: in our searches, the retrieved images included adult 

pornography (34 percent), cartoon pornography[Footnote 5] (14 percent), 

and child pornography (1 percent); another 7 percent of the images were 

classified as child erotica.

We could not quantify the extent of federal law enforcement resources 

available for combating child pornography on peer-to-peer networks. Law 

enforcement agencies that work to combat child exploitation and child 

pornography do not track their resource use according to specific 

Internet technologies. However, law enforcement officials told us that 

as they receive more tips concerning child pornography on peer-to-peer 

networks, they are focusing more resources in this area.


Child pornography is prohibited by federal statutes, which provide for 

civil and criminal penalties for its production, advertising, 

possession, receipt, distribution, and sale[Footnote 6]. Defined by 

statute as the visual depiction of a minor--a person under 18 years of 

age--engaged in sexually explicit conduc[Footnote 7]t, child 

pornography is unprotected by the First Amendme[Footnote 8]nt, as it is 

intrinsically related to the sexual abuse of children.

In the Child Pornography Prevention Act of 1996,[Footnote 9] Congress 

sought to prohibit images that are or appear to be “of a minor engaging 

in sexually explicit conduct” or are “advertised, promoted, presented, 

described, or distributed in such a manner that conveys the impression 

that the material is or contains a visual depiction of a minor engaging 

in sexually explicit conduct.” In 2002, the Supreme Court struck down 

this legislative attempt to ban “virtual” child pornography[Footnote 

10] in Ashcroft v. The Free Speech Coalition, ruling that the expansion 

of the act to material that did not involve and thus harm actual 

children in its creation is an unconstitutional violation of free 

speech rights. According to government officials, this ruling may 

increase the difficulty of prosecuting those who produce and possess 

child pornography. Defendants may claim that pornographic images are of 

“virtual” children, thus requiring the government to establish that the 

children shown in these digital images are real.

The Internet Has Emerged as the Principal Tool for Exchanging Child 


Historically, pornography, including child pornography, tended to be 

found mainly in photographs, magazines, and videos.[Footnote 11] With 

the advent of the Internet, however, both the volume and the nature of 

available child pornography have changed significantly. The rapid 

expansion of the Internet and its technologies, the increased 

availability of broadband Internet services, advances in digital 

imaging technologies, and the availability of powerful digital graphic 

programs have led to a proliferation of child pornography on the 


According to experts, pornographers have traditionally exploited--and 

sometimes pioneered--emerging communication technologies--from the 

dial-in bulletin board systems of the 1970s to the World Wide Web--to 

access, trade, and distribute pornography, including child 

pornography.[Footnote 12] Today, child pornography is available through 

virtually every Internet technology (see table 1).

Table 1: Internet Technologies Providing Access to Child Pornography:

Technology: World Wide Web; Characteristics: Web sites provide on-line 

access to text and multimedia materials identified and accessed through 

the uniform resource locator (URL)..

Technology: Usenet; Characteristics: A distributed electronic bulletin 

system, Usenet offers over 80,000 newsgroups, with many newsgroups 

dedicated to sharing of digital images..

Technology: Peer-to-peer file-sharing programs; Characteristics: 

Internet applications operating over peer-to-peer networks enable 

direct communication between users. Used largely for sharing of digital 

music, images, and video, peer-to-peer applications include BearShare, 

Gnutella, LimeWire, and KaZaA. KaZaA is the most popular, with over 3 

million KaZaA users sharing files at any time..

Technology: E-mail; Characteristics: E-mail allows the transmission of 

messages over a network or the Internet. Users can send E-mail to a 

single recipient or broadcast it to multiple users. E-mail supports the 

delivery of attached files, including image files..

Technology: Instant messaging; Characteristics: Instant messaging is 

not a dial-up system like the telephone; it requires that both parties 

be on line at the same time. AOL’s Instant Messenger and Microsoft’s 

MSN Messenger and Internet Relay Chat are the major instant messaging 

services. Users may exchange files, including image files..

Technology: Chat and Internet Relay Chat; Characteristics: Chat 

technologies allow computer conferencing using the keyboard over the 

Internet between two or more people..

[End of table]

Source: GAO.

Among the principal channels for the distribution of child pornography 

are commercial Web sites, Usenet newsgroups, and peer-to-peer 

networks.[Footnote 13]

Web sites. According to recent estimates, there are about 400,000 

commercial pornography Web sites worldwide,[Footnote 14] with some of 

the sites selling pornographic images of children. The child 

pornography trade on the Internet is not only profitable, it has a 

worldwide reach: recently a child pornography ring was uncovered that 

included a Texas-based firm providing credit card billing and password 

access services for one Russian and two Indonesian child pornography 

Web sites. According to the U.S. Postal Inspection Service, the ring 

grossed as much as $1.4 million in just 1 month selling child 

pornography to paying customers.

Usenet. Usenet newsgroups also provide access to pornography, with 

several of the image-oriented newsgroups being focused on child erotica 

and child pornography. These newsgroups are frequently used by 

commercial pornographers who post “free” images to advertise adult and 

child pornography available for a fee from their Web sites.

Peer-to-peer networks. Although peer-to-peer file-sharing programs are 

largely known for the extensive sharing of copyrighted digital 

music,[Footnote 15] they are emerging as a conduit for the sharing of 

pornographic images and videos, including child pornography. In a 

recent study by congressional staff,[Footnote 16] a single search for 

the term “porn” using a file-sharing program yielded over 25,000 files. 

In another study, focused on the availability of pornographic video 

files on peer-to-peer sharing networks, a sample of 507 pornographic 

video files retrieved with a file-sharing program included about 3.7 

percent child pornography videos. [Footnote 17]

Several Agencies Have Law Enforcement Responsibilities Regarding Child 

Pornography on Peer-to-Peer Networks:

Table 2 shows the key national organizations and agencies that are 

currently involved in efforts to combat child pornography on peer-to-

peer networks.

Table 2: Organizations and Agencies Involved with Peer-to-Peer Child 

Pornography Efforts:

Agency: Nonprofit; Unit: [Empty]; Focus: [Empty].

Agency: National Center for Missing and Exploited Children; Unit: 

Exploited Child Unit; Focus: Works with the Customs Service, Postal 

Service, and the FBI to analyze and investigate child pornography 


Agency: Federal entities; Unit: [Empty]; Focus: [Empty].

Agency: Department of Justice; Unit: Federal Bureau of 

Investigation[A]; Focus: Proactively investigates crimes against 

children. Operates a national “Innocent Images Initiative” to combat 

Internet-related sexual exploitation of children..

Unit: AgencyDepartment of Homeland Security: Criminal Division, Child 

Exploitation and Obscenity Section; Focus: AgencyDepartment of Homeland 

Security: Is a specialized group of attorneys who, among other things, 

prosecute those who possess, manufacture, or distribute child 

pornography. Its High Tech Investigative Unit actively conducts on-line 

investigations to identify distributors of obscenity and child 


Agency: Department of Homeland Security; Unit: U.S. Customs Service 

CyberSmuggling Center[A, B]; Focus: Conducts international child 

pornography investigations as part of its mission to investigate 

international criminal activity conducted on or facilitated by the 


Agency: Department of the Treasury; Unit: U.S. Secret Service[A]; 

Focus: Provides forensic and technical assistance in matters involving 

missing and sexually exploited children..

[End of table]

Source: GAO.

[A] Agency has staff assigned to NCMEC.

[B] At the time of our review, the Customs Service was under the 

Department of the Treasury. Under the Homeland Security Act of 2002, it 

became part of the new Department of Homeland Security on March 1, 


The National Center for Missing and Exploited Children (NCMEC), a 

federally funded nonprofit organization, serves as a national resource 

center for information related to crimes against children. Its mission 

is to find missing children and prevent child victimization. The 

center’s Exploited Child Unit operates the CyberTipline, which receives 

child pornography tips provided by the public; its CyberTipline II also 

receives tips from Internet service providers. The Exploited Child Unit 

investigates and processes tips to determine if the images in question 

constitute a violation of child pornography laws. The CyberTipline 

provides investigative leads to the Federal Bureau of Investigation 

(FBI), U.S. Customs, the Postal Inspection Service, and state and local 

law enforcement agencies. The FBI and the U.S. Customs also investigate 

leads from Internet service providers via the Exploited Child Unit’s 

CyberTipline II. The FBI, Customs Service, Postal Inspection Service, 

and Secret Service have staff assigned directly to NCMEC as 

analysts.[Footnote 18]

Two organizations in the Department of Justice have responsibilities 

regarding child pornography: the FBI and the Justice Criminal 

Division’s Child Exploitation and Obscenity Section (CEOS).[Footnote 


* The FBI investigates various crimes against children, including 

federal child pornography crimes involving interstate or foreign 

commerce. It deals with violations of child pornography laws related to 

the production of child pornography; selling or buying children for use 

in child pornography; and the transportation, shipment, or distribution 

of child pornography by any means, including by computer.

* CEOS prosecutes child sex offenses and trafficking in women and 

children for sexual exploitation. Its mission includes prosecution of 

individuals who possess, manufacture, produce, or distribute child 

pornography; use the Internet to lure children to engage in prohibited 

sexual conduct; or traffic in women and children interstate or 

internationally to engage in sexually explicit conduct.

Two other organizations have responsibilities regarding child 

pornography: the Customs Service (now part of the Department of 

Homeland Security) and the Secret Service in the Department of the 


* The Customs Service targets illegal importation and trafficking in 

child pornography and is the country’s front line of defense in 

combating child pornography distributed through various channels, 

including the Internet. Customs is involved in cases with international 

links, focusing on pornography that enters the United States from 

foreign countries. The Customs CyberSmuggling Center has the lead in 

the investigation of international and domestic criminal activities 

conducted on or facilitated by the Internet, including the sharing and 

distribution of child pornography on peer-to-peer networks. Customs 

maintains a reporting link with NCMEC, and it acts on tips received via 

the CyberTipline from callers reporting instances of child pornography 

on Web sites, Usenet newsgroups, chat rooms, or the computers of users 

of peer-to-peer networks. The center also investigates leads from 

Internet service providers via the Exploited Child Unit’s CyberTipline 


* The U.S. Secret Service does not investigate child pornography cases 

on peer-to-peer networks; however, it does provide forensic and 

technical support to NCMEC, as well as to state and local agencies 

involved in cases of missing and exploited children.

Peer-to-Peer Applications Provide Easy Access to Child Pornography:

Child pornography is easily shared and accessed through peer-to-peer 

file-sharing programs. Our analysis of 1,286 titles and file names 

identified through KaZaA searches on 12 keywords[Footnote 20] showed 

that 543 (about 42 percent) of the images had titles and file names 

associated with child pornography images.[Footnote 21] Of the remaining 

files, 34 percent were classified as adult pornography, and 24 percent 

as nonpornographic (see fig. 1). No files were downloaded for this 


Figure 1: Classification of 1,286 Titles and File Names of Images 

Identified in KaZaA Search:

[See PDF for image]

[End of figure]

The ease of access to child pornography files was further documented by 

retrieval and analysis of image files, performed on our behalf by the 

Customs CyberSmuggling Center. Using 3 of the 12 keywords that we used 

to document the availability of child pornography files, a 

CyberSmuggling Center analyst used KaZaA to search, identify, and 

download 305 files, including files containing multiple images and 

duplicates. The analyst was able to download 341 images from the 305 

files identified through the KaZaA search.

The CyberSmuggling Center analysis of the 341 downloaded images showed 

that 149 (about 44 percent) of the downloaded images contained child 

pornography (see fig. 2). The center classified the remaining images as 

child erotica (13 percent), adult pornography (29 percent), or 

nonpornographic (14 percent).

Figure 2: Classification of 341 Images Downloaded through KaZaA:

[See PDF for image]

[End of figure]

Note: GAO analysis of data provided by the Customs CyberSmuggling 


These results are consistent with the observations of NCMEC, which has 

stated that peer-to-peer technology is increasingly popular for the 

dissemination of child pornography. However, it is not the most 

prominent source for child pornography. As shown in table 3, since 

1998, most of the child pornography referred by the public to the 

CyberTipline was found on Internet Web sites. Since 1998, the center 

has received over 76,000 reports of child pornography, of which 77 

percent concerned Web sites, and only 1 percent concerned peer-to-peer 

networks. Web site referrals have grown from about 1,400 in 1998 to 

over 26,000 in 2002--or about a nineteenfold increase. NCMEC did not 

track peer-to-peer referrals until 2001. In 2002, peer-to-peer 

referrals increased more than fourfold, from 156 to 757, reflecting the 

increased popularity of file-sharing programs.

Table 3: NCMEC CyberTipline Referrals to Law Enforcement Agencies, 

Fiscal Years 1998-2002:

Technology: Web sites; Number of tips: 1998: 1,393; Number of tips: 

1999: 3,830; Number of tips: 2000: 10,629; Number of tips: 2001: 

18,052; Number of tips: 2002: 26,759.

Technology: E-mail; Number of tips: 1998: 117; Number of tips: 1999: 

165; Number of tips: 2000: 120; Number of tips: 2001: 1,128; Number of 

tips: 2002: 6,245.

Technology: Peer-to-peer; Number of tips: 1998: ó; Number of tips: 

1999: ó; Number of tips: 2000: ó; Number of tips: 2001: 156; Number of 

tips: 2002: 757.

Technology: Usenet newsgroups & bulletin boards; Number of tips: 1998: 

531; Number of tips: 1999: 987; Number of tips: 2000: 731; Number of 

tips: 2001: 990; Number of tips: 2002: 993.

Technology: Unknown; Number of tips: 1998: 90; Number of tips: 1999: 

258; Number of tips: 2000: 260; Number of tips: 2001: 430; Number of 

tips: 2002: 612.

Technology: Chat rooms; Number of tips: 1998: 155; Number of tips: 

1999: 256; Number of tips: 2000: 176; Number of tips: 2001: 125; Number 

of tips: 2002: 234.

Technology: Instant Messaging; Number of tips: 1998: 27; Number of 

tips: 1999: 47; Number of tips: 2000: 50; Number of tips: 2001: 80; 

Number of tips: 2002: 53.

Technology: File Transfer Protocol; Number of tips: 1998: 25; Number of 

tips: 1999: 26; Number of tips: 2000: 58; Number of tips: 2001: 64; 

Number of tips: 2002: 23.

Technology: Total; Number of tips: 1998: 2,338; Number of tips: 1999: 

5,569; Number of tips: 2000: 12,024; Number of tips: 2001: 21,025; 

Number of tips: 2002: 35,676.

[End of table]

Source: Exploited Child Unit, National Center for Missing and Exploited 


Juvenile Users of Peer-to-Peer Applications May Be Inadvertently 

Exposed to Pornography:

Juvenile users of peer-to-peer networks face a significant risk of 

inadvertent exposure to pornography when searching and downloading 

images. In a search using innocuous keywords likely to be used by 

juveniles searching peer-to-peer networks (such as names of popular 

singers, actors, and cartoon characters), almost half the images 

downloaded were classified as adult or cartoon pornography. Juvenile 

users may also be inadvertently exposed to child pornography through 

such searches, but the risk of such exposure is smaller than that of 

exposure to pornography in general.

To document the risk of inadvertent exposure of juvenile users to 

pornography, the Customs CyberSmuggling Center performed KaZaA searches 

using innocuous keywords likely to be used by juveniles. The center 

image searches used three keywords representing the names of a popular 

female singer, child actors, and a cartoon character. A center analyst 

performed the search, retrieval, and analysis of the images. These 

searches produced 157 files, some of which were duplicates. From these 

157 files, the analyst was able to download 177 images.

Figure 3 shows our analysis of the CyberSmuggling Center’s 

classification of the 177 downloaded images. We determined that 61 

images contained adult pornography (34 percent), 24 images consisted of 

cartoon pornography (14 percent), 13 images contained child erotica (7 

percent), and 2 images (1 percent) contained child pornography. The 

remaining 77 images (44 percent) were classified as nonpornographic.

Figure 3: Classification of 177 Images of a Popular Singer, Child 

Actors, and a Cartoon Character Downloaded through KaZaA:

[See PDF for image]

[End of figure]

Federal Law Enforcement Agencies Are Beginning to Focus Resources on 

Child Pornography on Peer-to-Peer Networks:

Because law enforcement agencies do not track the resources dedicated 

to specific technologies used to access and download child pornography 

on the Internet, we were unable to quantify the resources devoted to 

investigations concerning peer-to-peer networks. These agencies 

(including the FBI, CEOS, and Customs) do devote significant resources 

to combating child exploitation and child pornography in general. Law 

enforcement officials told us, however, that as tips concerning child 

pornography on the peer-to-peer networks increase, they are beginning 

to focus more law enforcement resources on this issue. Table 4 shows 

the levels of funding related to child pornography issues that the 

primary organizations reported for fiscal year 2002, as well as a 

description of their efforts regarding peer-to-peer networks in 


Table 4: Resources Related to Combating Child Pornography on Peer-to-

Peer Networks in Fiscal Year 2002:

Organization: National Center for Missing and Exploited Children; 

Resources[A]: $12 million to act as national resource center and 

clearinghouse for missing and exploited children; $10 million for law 

enforcement training; $3.3 million for the Exploited Child Unit and the 

CyberTipline; $916,000 allocated to combat child pornography; Efforts 

regarding peer-to-peer networks: NCMEC referred 913 tips concerning 

peer-to-peer networks to law enforcement agencies..

Organization: Federal Bureau of Investigation; Resources[A]: $38.2 

million and 228 agents and support personnel for Innocent Images Unit; 

Efforts regarding peer-to-peer networks: According to FBI officials, 

they have efforts under way to work with some of the peer-to-peer 

companies to solicit their cooperation in dealing with the issue of 

child pornography..

Organization: Justice Criminal Division, Child Exploitation and 

Obscenity Section; Resources[A]: $4.38 million and 28 personnel 

allocated to combating child exploitation and obscenity offenses; 

Efforts regarding peer-to-peer networks: The High Tech Investigative 

Unit deals with investigating any Internet medium that distributes 

child pornography, including peer-to-peer networks..

Organization: U.S. Customs Service CyberSmuggling Center; 

Resources[A]: $15.6 million (over 144,000 hours) allocated to combating 

child exploitation and obscenity offenses[B]; Efforts regarding peer-

to-peer networks: The center is beginning to actively monitor peer-to-

peer networks for child pornography, devoting one half-time 

investigator to this effort. As of December 16, 2002, the center had 

sent 21 peer-to-peer investigative leads to field offices for follow-


[End of table]

Source: GAO and agencies mentioned.

[A] Dollar amounts are approximate:

[B] Customs was unable to separate the staff hours devoted or funds 

obligated to combating child pornography from those dedicated to 

combating child exploitation in general.

An important new resource to facilitate the identification of the 

victims of child pornographers is the National Child Victim 

Identification Program, run by the CyberSmuggling Center. This resource 

is a consolidated information system containing seized images that is 

designed to allow law enforcement officials to quickly identify and 

combat the current abuse of children associated with the production of 

child pornography. The system’s database is being populated with all 

known and unique child pornographic images obtained from national and 

international law enforcement sources and from CyberTipline reports 

filed with NCMEC. It will initially hold over 100,000 images collected 

by federal law enforcement agencies from various sources, including old 

child pornography magazines.[Footnote 22] According to Customs 

officials, this information will help, among other things, to determine 

whether actual children were used to produce child pornography images 

by matching them with images of children from magazines published 

before modern imaging technology was invented. Such evidence can be 

used to counter the assertion that only virtual children appear in 

certain images.

The system, which became operational in January 2003,[Footnote 23] is 

housed at the Customs CyberSmuggling Center and can be accessed 

remotely in “read only” format by the FBI, CEOS, the U.S. Postal 

Inspection Service, and NCMEC.

In summary, Mr. Chairman, our work shows that child pornography as well 

as adult pornography is widely available and accessible on peer-to-peer 

networks. Even more disturbing, we found that peer-to-peer searches 

using seemingly innocent terms that clearly would be of interest to 

children produced a high proportion of pornographic material, including 

some child pornography. The increase in reports of child pornography on 

peer-to-peer networks suggests that this problem is increasing. As a 

result, it will be important for law enforcement agencies to follow 

through on their plans to devote more resources to this technology and 

continue their efforts to develop effective strategies for addressing 

this problem.

Mr. Chairman, this concludes my statement. I would be pleased to answer 

any questions that you or other Members of the Committee may have at 

this time.

Contact and Acknowledgments:

If you should have any questions about this testimony, please contact 

me at (202) 512-6240 or by E-mail at Key contributors 

to this testimony were Barbara S. Collier, Mirko Dolak, James M. Lager, 

Neelaxi V. Lakhmani, James R. Sweetman, Jr., and Jessie Thomas.

[End of section]

Attachment: How File Sharing Works on Peer-to-Peer Networks:

Peer-to-peer file-sharing programs represent a major change in the way 

Internet users find and exchange information. Under the traditional 

Internet client/server model, access to information and services is 

accomplished by interaction between clients--users who request 

services--and servers--providers of services, usually Web sites or 

portals. Unlike this traditional model, the peer-to-peer model enables 

consenting users--or peers--to directly interact and share information 

with each other, without the intervention of a server. A common 

characteristic of peer-to-peer programs is that they build virtual 

networks with their own mechanisms for routing message 

traffic.[Footnote 24]

The ability of peer-to-peer networks to provide services and connect 

users directly has resulted in a large number[Footnote 25] of powerful 

applications built around this model.[Footnote 26] These range from the 

SETI@home network (where users share the computing power of their 

computers to search for extraterrestrial life) to the popular KaZaA 

file-sharing program (used to share music and other files).

As shown in figure 4,[Footnote 27] there are two main models of peer-

to-peer networks: (1) the centralized model, in which a central server 

or broker directs traffic between individual registered users, and 

(2) the decentralized model, based on the Gnutella[Footnote 28] 

network, in which individuals find each other and interact directly.

Figure 4: Peer-to-Peer Models:

[See PDF for image]

[End of figure]

As shown in figure 4, in the centralized model, a central server/broker 

maintains directories of shared files stored on the computers of 

registered users. When Bob submits a request for a particular file, the 

server/broker creates a list of files matching the search request by 

checking it against its database of files belonging to users currently 

connected to the network. The broker then displays that list to Bob, 

who can then select the desired file from the list and open a direct 

link with Alice’s computer, which currently has the file. The download 

of the actual file takes place directly from Alice to Bob.

This broker model was used by Napster, the original peer-to-peer 

network, facilitating mass sharing of material by combining the file 

names held by thousands of users into a searchable directory that 

enabled users to connect with each other and download MP3 encoded music 

files. Because much of this material was copyrighted, Napster as the 

broker of these exchanges was vulnerable to legal challenges,[Footnote 

29] which eventually led to its demise in September 2002.

In contrast to Napster, most current-generation peer-to-peer networks 

are decentralized. Because they do not depend on the server/broker that 

was the central feature of the Napster service, these networks are less 

vulnerable to litigation from copyright owners, as pointed out by 

Gartner.[Footnote 30]

In the decentralized model, no brokers keep track of users and their 

files. To share files using the decentralized model, Ted starts with a 

networked computer equipped with a Gnutella file-sharing program such 

KaZaA or BearShare. Ted connects to Carol, Carol to Bob, Bob to Alice, 

and so on. Once Ted’s computer has announced that it is “alive” to the 

various members of the peer network, it can search the contents of the 

shared directories of the peer network members. The search request is 

sent to all members of the network, starting with Carol; members will 

in turn send the request to the computers to which they are connected, 

and so forth. If one of the computers in the peer network (say, for 

example, Alice’s) has a file that matches the request, it transmits the 

file information (name, size, type, etc.) back through all the 

computers in the pathway towards Ted, where a list of files matching 

the search request appears on Ted’s computer through the file-sharing 

program. Ted can then open a connection with Alice and download the 

file directly from Alice’s computer.[Footnote 31]

The file-sharing networks that result from the use of peer-to-peer 

technology are both extensive and complex. Figure 5 shows a map or 

topology of a Gnutella network whose connections were mapped by a 

network visualization tool.[Footnote 32] The map, created in December 

2000, shows 1,026 nodes (computers connected to more than one computer) 

and 3,752 edges (computers on the edge of the network connected to a 

single computer). This map is a snapshot showing a network in existence 

at a given moment; these networks change constantly as users join and 

depart them.

Figure 5: Topology of a Gnutella Network:

[See PDF for image]

[End of figure]

One of the key features of many peer-to-peer technologies is their use 

of a virtual name space (VNS). A VNS dynamically associates user-

created names with the Internet address of whatever Internet-connected 

computer users happen to be using when they log on.[Footnote 33] The 

VNS facilitates point-to-point interaction between individuals, 

because it removes the need for users and their computers to know the 

addresses and locations of other users; the VNS can, to a certain 

extent, preserve users’ anonymity and provide information on whether a 

user is or is not connected to the Internet at a given moment. Peer-to-

peer users thus may appear to be anonymous; they are not, however. Law 

enforcement agents may identify users’ Internet addresses during the 

file-sharing process and obtain, under a court order, their identities 

from their Internet service providers.


[1] U.S. General Accounting Office, File-Sharing Programs: Peer-to-Peer 

Networks Provide Ready Access to Child Pornography, GAO-03-351 

(Washington, D.C.: Feb. 20, 2003). 

[2] Other popular peer-to-peer applications include Gnutella, 

BearShare, LimeWire, and Morpheus.

[3] The U.S. Customs CyberSmuggling Center assisted us in this work. 

Because child pornography cannot be accessed legally other than by law 

enforcement agencies, we relied on Customs to download and analyze 

image files. We performed analyses based on titles and file names only.

[4] Erotic images of children that do not depict sexually explicit 


[5] Images of cartoon characters depicting sexually explicit conduct. 

[6] See chapter 110 of Title 18, United States Code.

[7] See 18 U.S.C. § 2256(8). 

[8] See New York v. Ferber, 458 U.S. 747 (1982).

[9] Section 121, P.L. 104-208, 110 Stat. 3009-26.

[10] According to the Justice Department, rapidly advancing technology 

has raised the possibility of creating images of child pornography 

without the use of a real child (“virtual” child pornography). Totally 

virtual creations would be both time-intensive and, for now, 

prohibitively costly to produce. However, the technology has led to a 

ready defense (the “virtual” porn defense) against prosecution under 

laws that are limited to sexually explicit depictions of actual minors. 

Because the technology exists today to alter images to disguise the 

identity of the real child or make the image seem computer-generated, 

producers and distributors of child pornography may try to alter 

depictions of actual children in slight ways to make them appear to be 

“virtual” (as well as unidentifiable), thereby attempting to defeat 

prosecution. Making such alterations is much easier and cheaper than 

building an entirely computer-generated image. 

[11] John Carr, Theme Paper on Child Pornography for the 2nd World 

Congress on Commercial Sexual Exploitation of Children, NCH Children’s 

Charities, Children & Technology Unit (Yokohama, 2001). (http://


[12] Frederick E. Allen, “When Sex Drives Technological Innovation and 

Why It Has to,” American Heritage Magazine, vol. 51, no. 5 (September 

2000), p. 19. (


Allen notes that pornographers have driven the development of some of 

the Internet technologies, including the development of systems used to 

verify on-line financial transactions and that of digital watermarking 

technology to prevent the unauthorized use of on-line images.

[13] According to Department of Justice officials, other forums and 

technologies are used to disseminate pornography on the Internet. These 

include Web portal communities such as Yahoo! Groups and MSN Groups, as 

well as file servers operating on Internet Relay Chat channels.

[14] Dick Thornburgh and Herbert S. Lin, editors, Youth, Pornography, 

and The Internet (Washington, D.C.: National Academy Press, 2002). 


[15] According to the Yankee Group, a technology research and 

consulting firm, Internet users aged 14 and older downloaded 5.16 

billion audio files in the United States via unlicensed file-sharing 

services in 2001.

[16] Minority Staff, Children’s Access to Pornography through Internet 

File-Sharing Programs, Special Investigations Division, Committee on 

Government Reform, U.S. House of Representatives (July 27, 2001). 


[17] Michael D. Mehta, Don Best, and Nancy Poon, “Peer-to-Peer Sharing 

on the Internet: An Analysis of How Gnutella Networks Are Used to 

Distribute Pornographic Material,” Canadian Journal of Law and 

Technology, vol. 1, no. 1 (January 2002). (


[18] According to the Secret Service, its staff assigned to NCMEC also 

includes an agent.

[19] Two additional Justice agencies are involved in combating child 

pornography: the U.S. Attorneys Offices and the Office of Juvenile 

Justice and Delinquency Prevention. The 94 U.S. Attorneys Offices can 

prosecute federal child exploitation-related cases; the Office of 

Juvenile Justice and Delinquency Prevention funds the Internet Crimes 

Against Children Task Force Program, which encourages 

multijurisdictional and multiagency responses to crimes against 

children involving the Internet.

[20] The 12 keywords were provided by the Cybersmuggling Center as 

examples known to be associated with child pornography on the Internet.

[21] We categorized a file as child pornography if one keyword 

indicating a minor and one word with a sexual connotation occurred in 

either the title or file name. Files with sexual connotation in title 

or name but without age indicators were classified as adult 


[22] According to federal law enforcement agencies, most of the child 

pornography published before 1970 has been digitized and made widely 

available on the Internet.

[23] One million dollars has already been spent on the system, with an 

additional $5 million needed for additional hardware, the expansion of 

the image database, and access for all involved agencies. The 10-year 

lifecycle cost of the system is estimated to be $23 million.

[24] Matei Ripenau, Ian Foster, and Adriana Iamnitchi, “Mapping the 

Gnutella Network: Properties of Large Scale Peer-to-Peer Systems and 

Implication for System Design,” IEEE Internet Computing, vol. 6, no. 1 

(January-February 2002). (

[25], a file-sharing portal, lists 88 different peer-to-

peer file-sharing programs available for download. (http://

[26] Geoffrey Fox and Shrideep Pallickara, “Peer-to-Peer Interactions 

in Web Brokering Systems,” Ubiquity, vol. 3, no. 15 (May 28-June 3, 

2002) (published by Association of Computer Machinery). (http://

[27] Illustration adapted by Lt. Col. Mark Bontrager from original by 

Bob Knighten, “Peer-to-Peer Computing,” briefing to Peer-to-Peer 

Working Groups (August 24, 2000), in Mark D. Bontrager, Peering into 

the Future: Peer-to-Peer Technology as a Model for Distributed Joint 

Battlespace Intelligence Dissemination and Operational Tasking, 

Thesis, School of Advanced Airpower Studies, Air University, Maxwell 

Air Force Base, Alabama (June 2001). 

[28] According to LimeWire LLC, the developer of a popular file-sharing 

program, Gnutella was originally designed by Nullsoft, a subsidiary of 

America Online. The development of the Gnutella protocol was halted by 

AOL management shortly after the protocol was made available to the 

public. Using downloads, programmers reverse-engineered the software 

and created their own Gnutella software packages. (http://

[29] A&M Records v. Napster, 114 F.Supp.2d 896 (N.D. Cal. 2000).

[30] Lydia Leong, “RIAA vs.Verizon, Implications for ISPs,” Gartner 

(Oct. 24, 2002).

[31] LimeWire, Modern Peer-to-Peer File Sharing over the Internet. 


[32] Mihajlo A. Jovanovic, Fred S. Annexstein, and Kenneth A. Berman, 

Scalability Issues in Large Peer-to-Peer Networks: A Case Study of 

Gnutella, University of Cincinnati Technical Report (2001). (http://

[33] S. Hayward and R. Batchelder, “Peer-to-Peer: Something Old, 

Something New,” Gartner (Apr. 10, 2001).