A person in a mask sitting at a desk with a computer

GoDaddy’s Response to Online CSAM

EngineeringCategory
5 min read
Akshay GroverSarah Neiswonger

Entrepreneurs around the globe trust GoDaddy to bring their ideas to life online. As one of the world’s largest online service providers, GoDaddy takes seriously our role in protecting our customer’s websites from malicious cyberattacks and preventing illegal activities on our platforms. In particular, GoDaddy takes an unsparing stance when it comes to hosting Child Sexual Abuse Material (CSAM). We do not allow content that sexually exploits or endangers minors. We use robust procedures and tools such as PhotoDNA (and similar tools) to detect, remove, and report hosted CSAM on our platform.

Below we discuss how we’ve helped to protect children – within our systems and beyond – and how we fight this abhorrent crime.

A Strong History of Protecting Children

For the past two decades, GoDaddy has worked diligently to help keep the Internet a safe and enjoyable place, especially for children. GoDaddy employees, including former Director of Global Policy Ben Butler, have served as witnesses at congressional hearings and helped drive federal Internet-related legislation such as the PROTECT Our Children Act. This act was later signed into law by President Bush in 2008 and has since been used by law enforcement to aggressively fight and prosecute online child predators.

We’ve been a proud member of Technology Coalition, a collaborative effort among industry leaders to prevent and eradicate online Child Sexual Exploitation and Abuse (CSEA), since its inception. We are proud to be a part of Thorn’s Safer community. Using their APIs we are able to expand the shared knowledge of CSEA content by contributing hashes, scanning against industry hash database, and sending feedback on false positives. GoDaddy is also a member of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and has collaborated with this group to put a spotlight on CSAM in the form of panels with industry experts and best common practices related to the disposition of CSAM investigations and maintaining employee wellness.

GoDaddy in Action

Through our deep involvement with the development of industry standards for protecting children online, we created and implemented our own strategy for removing CSAM from our platforms.

At GoDaddy, we constantly design and develop state of the art software systems to combat CSAM. We use tools like AWS, Kubernetes, Docker, Go, Python among others to reliably detect and report hosted CSAM. These tools help us to stop further re-victimization of children and mitigate continued exposure to traumatic content for our content reviewers.

Using our Abuse Reporting Form, GoDaddy’s trusted reporters and the general public can report material found online that promotes, encourages, or engages in child exploitation or abuse of children. This triggers an investigation, which is depicted in the following diagram.

Process

GoDaddy’s Child Safety Team, part of the larger Digital Crimes Unit, is responsible for investigating these reports. This team is comprised of a combination of Analysts who investigate, remediate, and report instances of abuse, and Software Engineers who are responsible for developing and maintaining advanced technologies to combat this type of abuse. This includes technologies that proactively monitor and alert investigators to websites that may contain this content.

After an investigation is complete, verified reports are filed with the National Center of Missing and Exploited Children (NCMEC) using their Web Service API, and the websites are archived and preserved as evidence for government agencies.

Human First

GoDaddy takes a human-first approach to both our customers and our employees, with safety as our top priority. Due to the innate sensitivity and the nature of work involved, GoDaddy provides an extensive wellness program for anti-abuse staff to support their overall well-being and mental health. Anti-abuse staff members have unlimited time-off plans and are encouraged to use it as needed. All GoDaddy employees also have access to our global Employee Assistance Program that offers employees access to virtual, confidential counseling for a wide range of work or personal issues including anxiety and depression, grief, relationship support, and more. Through this program, anti-abuse staff also have access to join in monthly individual and group therapy sessions, specialized to their role in fighting against CSAM.

All tools and software used by our anti-abuse staff are centered around employee safety. Reported content is viewed and verified by professional GoDaddy Content Reviewers in a controlled de-harming environment, using a cloud-based browser for safe and secure online investigation. Legal policies and procedures sustain this controlled environment that is important for the effective implementation of security controls. These policies and procedures are consistent with applicable laws, directives, regulations, standards, and guidance.

Conclusion

Through our efforts to identify and combat instances of CSAM, GoDaddy has filed thousands of verified reports with NCMEC.

The fight against CSAM is far from over, but we’ll continue to collaborate with security companies, independent experts, law enforcement and other government agencies to remove content and advance preventative technologies. We proudly support cross-industry efforts to combat CSAM. For every takedown of CSAM, we hope to prevent the victimization and exploitation of children, and bring perpetrators of CSAM to justice.

Careers

Interested in helping GoDaddy combat this abhorrent crime using cutting edge technologies? Explore the open roles and apply today!