Europol Sought Unlimited Data Access in Online Child Sexual Abuse Regulation

The European police agency, Europol, has requested unfiltered access to data that would be harvested under a controversial EU proposal to scan online content for child sexual abuse images and for the AI technology behind it to be applied to other crimes too, according to minutes of a high-level meeting in mid-2022.

The meeting, involving Europol Executive Director Catherine de Bolle and the European Commission’s Director-General for Migration and Home Affairs, Monique Pariat, took place in July last year, weeks after the Commission unveiled a proposed regulation that would require digital chat providers to scan client content for child sexual abuse material, or CSAM.

The regulation, put forward by European Commissioner for Home Affairs Ylva Johansson, would also create a new EU agency – the EU centre to prevent and counter child sexual abuse. It has stirred heated debate, with critics warning it risks opening the door to mass surveillance of EU citizens.

In the meeting, the minutes of which were obtained under a Freedom of Information request, Europol requested unlimited access to the data produced from the detection and scanning of communications, and that no boundaries be set on how this data is used.

“All data is useful and should be passed on to law enforcement, there should be no filtering by the [EU] Centre because even an innocent image might contain information that could at some point be useful to law enforcement,” the minutes state. The name of the speaker is redacted, but it is clear from the exchange that it is a Europol official.

The Centre would play a key role in helping member states and companies implement the legislation; it would also vet and approve scanning technologies, as well as receive and filter suspicious reports before passing them to Europol and national authorities.


Minutes from the Europol commission obtained by BIRN.

In the same meeting, Europol proposed that detection be expanded to other crime areas beyond CSAM, and suggested including them in the proposed regulation. It also requested the inclusion of other elements that would ensure another EU law in the making, the Artificial Intelligence Act, would not limit the “use of AI tools for investigations”.

The Europol input is apparent in Johansson’s proposal. According to the Commission text, all reports from the EU Centre that are not “manifestly unfounded” will have to be sent simultaneously to Europol and to national law enforcement agencies. Europol will also have access to the Centre’s databases.

Several data protection experts who examined the minutes said Europol had effectively asked for no limits or boundaries in accessing the data, including flawed data such as false positives, or in how it could be used in training algorithms.

Niovi Vavoula, a data protection expert at the Queen Mary University of London, said a reference in the document to the need for quality data “points to the direction that Europol will use the data to train algorithms, which according to the recent Europol reform is permitted”.

Europol’s in-house research and development centre, the Innovation Hub, has already started working towards an AI-powered tool to classify child sexual abuse images and videos.

According to an internal Europol document, the agency’s own Fundamental Rights Officer raised concerns in June 2023 about possible “fundamental rights issues” stemming from “biased results, false positives or false negatives”, but gave the project the green light anyway.

In response, Europol declined to comment on internal meetings, but said: “It is imperative to highlight our organisation’s mission and key role to combat the heinous crime of child sexual abuse in the EU. Regarding the future EU Centre on child sexual abuse, Europol was rightfully consulted on the interaction between the future EU Centre’s remit and Europol. Our position as the European Agency for Law Enforcement Cooperation is that we must receive relevant information to protect the EU and its citizens from serious and organised crime, including child sexual abuse.”


Illustrative photo by Alexas_Fotos Pixabay

Staff links

On September 25, BIRN in cooperation with other European outlets reported on the complex network of AI and advocacy groups that has helped drum up support for Johansson’s proposal, often in close coordination with the Commission. There are links to Europol too.

According to information available online, Cathal Delaney, a former Europol official who led the agency’s Child Sexual Abuse team at its Cybercrime Centre, and who worked on a CSAM AI pilot project, has begun work the US-based organisation Thorn, which develops AI software to target CSAM.

Delaney moved to Thorn immediately after leaving Europol in January 2022 and is listed in the lobby register of the German federal parliament as an “employee who represents interests directly”. 

Transfers of EU officials to the private sector to work on issues related to work carried out in their last three years of EU engagement require formal permission, which can be denied if it is deemed that such work “could lead to a conflict with the legitimate interests of the institution”.

In response, Europol said: “Taking into account the information provided by the staff member and in accordance with Europol’s Staff Regulation, Europol has authorised the referred staff member to conclude a contract with a new employer after his end of service for Europol at the end of 2021”.

In June, Delaney paid a visit to his former colleagues, writing on Linkedin: “I’ve spent time this week at the #APTwins Europol Annual Expert Meeting and presented on behalf of Thorn about our innovations to support victim identification.”


Illustrative photo by EPA-EFE/RONALD WITTEK

A senior former Europol official, Fernando Ruiz Perez, is also listed as a board member of Thorn. According to Europol, Ruiz Perez stopped working as Head of Operations of the agency’s Cybercrime Centre in April 2022 and, according to information on the Linkedin profile of Julie Cordua, Thorn’s CEO, joined the board of the organisation at the beginning of 2023.

Asked for comment, Thorn replied: “To fight child sexual abuse at scale, close collaboration with law enforcement agencies like Europol are indispensable. Of course we respect any barring clauses in transitions of employees from law enforcement agencies to Thorn. Anything else would go against our code of conduct and would also hamper Thorn’s relationships to these agencies who play a vital role in fighting child sexual abuse. And fighting this crime is our sole purpose, as Thorn is not generating any profit from the organization’s activities.”

Alongside Ruiz Peréz, on the board of Thorn is Ernie Allen, chair of the WeProtect Global Alliance, WPGA, and former head of the National Centre for Missing & Exploited Children, NCMEC, a US organisation whose set-up fed into the blueprint for the EU’s own Centre.

Europol has also co-operated with WeProtect, a putatively independent NGO that emerged from a fusion of past European Commission and national government initiatives and has been a key platform for strategies to support Johansson’s proposal.

“Europol can confirm that cooperation with the WPGA has taken place since January 2021, including in the context of the WPGA Summit 2022 and an expert meeting organised by Europol’s Analysis Project (AP) Twins (Europol’s unit focusing on CSMA)” the agency said.

This article is part of an investigation supported by the IJ4EU programme, versions of the article are also published by Netzpolitik and Solomon.

‘Who Benefits?’ Inside the EU’s Fight over Scanning for Child Sex Content

In early May 2022, days before she launched one of the most contentious legislative proposals Brussels had seen in years, the European Union’s home affairs commissioner, Ylva Johansson, sent a letter to a US organisation co-founded in 2012 by the movie stars Ashton Kutcher and Demi Moore.

The organisation, Thorn, develops artificial intelligence tools to scan for child sexual abuse images online, and Johansson’s proposed regulation is designed to fight the spread of such content on messaging apps.

“We have shared many moments on the journey to this proposal,” the Swedish politician wrote, according to a copy of the letter addressed to Thorn executive director Julie Cordua and which BIRN has seen.

Johansson urged Cordua to continue the campaign to get it passed: “Now I am looking to you to help make sure that this launch is a successful one.”

That campaign faces a major test in October when Johansson’s proposal is put to a vote in the Civil Liberties Committee of the European Parliament. It has already been the subject of heated debate.

The regulation would obligate digital platforms – from Facebook to Telegram, Signal to Snapchat, TikTok to clouds and online gaming websites – to detect and report any trace of child sexual abuse material, CSAM, on their systems and in their users’ private chats.

It would introduce a complex legal architecture reliant on AI tools for detecting images, videos and speech – so-called ‘client-side scanning’ – containing sexual abuse against minors and attempts to groom children.

Welcomed by some child welfare organisations, the regulation has nevertheless been met with alarm from privacy advocates and tech specialists who say it will unleash a massive new surveillance system and threaten the use of end-to-end encryption, currently the ultimate way to secure digital communications from prying eyes.

The EU’s top data protection watchdog, Wojciech Wiewiorowski, warned Johansson about the risks in 2020, when she informed him of her plans.

They amount to “crossing the Rubicon” in terms of the mass surveillance of EU citizens, he said in an interview for this story. It “would fundamentally change the internet and digital communication as we know it.”

Johansson, however, has not blinked. “The privacy advocates sound very loud,” the commissioner said in a speech in November 2021. “But someone must also speak for the children.”

Based on dozens of interviews, leaked documents and insight into the Commission’s internal deliberations, this investigation connects the dots between the key actors bankrolling and organising the advocacy campaign in favour of Johansson’s proposal and their direct links with the commissioner and her cabinet.

It’s a synthesis that granted certain stakeholders, AI firms and advocacy groups – which enjoy significant financial backing – a questionable level of influence over the crafting of EU policy.

The proposed regulation is excessively “influenced by companies pretending to be NGOs but acting more like tech companies”, said Arda Gerkens, former director of Europe’s oldest hotline for reporting online CSAM.

“Groups like Thorn use everything they can to put this legislation forward, not just because they feel that this is the way forward to combat child sexual abuse, but also because they have a commercial interest in doing so.”

If the regulation undermines encryption, it risks introducing new vulnerabilities, critics argue. “Who will benefit from the legislation?” Gerkens asked. “Not the children.”

Privacy assurances ‘deeply misleading’


The Action Day promoted by Brave Movement in front of the EP. Photo: Justice Initiative

Star of That ‘70s Show and a host of Hollywood hits, 45-year-old Kutcher resigned as chairman of the Thorn board in mid-September amid uproar over a letter he wrote to a judge in support of convicted rapist and fellow That ‘70s Show actor Danny Masterson, prior to his sentencing.

Up until that moment, however, Kutcher had for years been the very recognisable face of a campaign to rid the Internet of CSAM, a role that involved considerable access to the top brass in Brussels.

Thorn’s declarations to the EU transparency register lists meetings with senior members of the cabinets of top Commission officials with a say in the bloc’s security or digital policy, including Johansson, antitrust czar Margrethe Vestager, Commission Vice-President Margaritis Schinas, and internal market commissioner Thierry Breton.

In November 2020, it was the turn of Commission President Ursula von der Leyen, who was part of a video conference with Kutcher and an organisation registered in the small Dutch town of Lisse – the WeProtect Global Alliance.

Though registered in the EU lobby database as a charity, Thorn sells its AI tools on the market for a profit; since 2018, the US Department of Homeland Security, for example, has purchased software licences from Thorn for a total of $4.3 million.

These tools are used by companies such as Vimeo, Flickr and OpenAI – the creator of chatbot ChatGPT and one of many beneficiaries of Kutcher’s IT investments – and by law enforcement agencies across the globe.

In November 2022, Kutcher and Johansson lined up as key speakers at a summit organised and moderated by then European Parliament Vice President Eva Kaili, who three weeks later was arrested and deposed over an investigation into the ‘Qatargate’ cash-for-lobbying scandal.

In March this year, six months before his resignation amid uproar over his letter of support for Masterson, Kutcher addressed lawmakers in Brussels, seeking to appease concerns about the possible misuse and shortcomings of the existing technology. Technology can scan for suspicious material without violating privacy, he said, a claim that the European Digital Rights association said was “deeply misleading”.

The Commission has been reluctant to detail the relationship between Thorn and Johansson’s cabinet under the EU’s freedom of information mechanism. It refused to disclose Cordua’s emailed response to Johansson’s May 2022 letter or a ‘policy one pager’ Thorn had shared with her cabinet, citing Thorn’s position that “the disclosure of the information contained therein would undermine the organisation’s commercial interest”.

After seven months of communication concerning access to documents and the intervention of the European Ombudsman, in early September the Commission finally released a series of email exchanges between Johansson’s Directorate-General for Migration and Home Affairs and Thorn.

The emails reveal a continuous and close working relationship between the two sides in the months following the roll out of the CSAM proposal, with the Commission repeatedly facilitating Thorn’s access to crucial decision-making venues attended by ministers and representatives of EU member states.

The European Ombudsman is looking into the Commission’s refusal to grant access to a host of other internal documents pertaining to Johansson’s proposal.

FGS Global, a major lobbying firm hired by Thorn and paid at least 600,000 euros in 2022 alone, said Thorn would not comment for this story. Johansson also did not respond to an interview request.

Enter ‘WeProtect Global Alliance’


Photo: Courtesy of Solomon.

Among the few traces of Thorn’s activities in the EU’s lobby transparency register is a contribution of 219,000 euros in 2021 to the WeProtect Global Alliance, the organisation that had a video conference with Kutcher and Von der Leyen in late 2020.

WeProtect is the offspring of two governmental initiatives – one co-founded by the Commission and the United States, the other by Britain.

They merged in 2016 and, in April 2020, as momentum built for legislation to CSAM with client-side scanning technology, WeProtect was transformed from a British government-funded entity into a putatively independent ‘foundation’ registered at a residential address in Lisse, on the Dutch North Sea coast.

Its membership includes powerful security agencies, a host of governments, Big Tech managers, NGOs, and one of Johansson’s most senior cabinet officials, Antonio Labrador Jimenez, who heads the Commission’s team tasked with fighting CSAM.

Minutes after the proposed regulation was unveiled in May last year, Labrador Jimenez emailed his Commission colleagues: “The EU does not accept that children cannot be protected and become casualties of policies that put any other values or rights above their protection, whatever these may be.”

He said he was looking forward to “seeing many of you in Brussels during the WeProtect Global Alliance summit” the following month.

Labrador Jimenez officially joined the WeProtect Policy Board in July 2020, after the Commission decided to join and fund it as “the central organisation for coordinating and streamlining global efforts and regulatory improvements” in the fight against CSAM. WeProtect public documents, however, show Labrador Jimenez participating in WeProtect board meetings in December 2019.

Commenting on this story, the Commission said Labrador Jimenez “does not receive any kind of compensation for his participation in the WeProtect Global Alliance Management Board, and performs this function as part of his duties at the Commission”.

Labrador Jimenez’s position on the WeProtect Board, however, raises questions about how the Commission uses its participation in the organisation to promote Johannson’s proposal.

When Labrador Jimenez briefed fellow WeProtect Board members about the proposed regulation in July 2022, notes from the meeting show that “the Board discussed the media strategy of the legislation”.

Labrador Jimenez has also played a central role in drafting and promoting Johansson’s regulation, the same proposal that WeProtect is actively campaigning for with EU funding. And next to him on the board sits Thorn’s Julie Cordua, as well as government officials from the US and Britain [the latter currently pursuing its own Online Safety Bill], Interpol, and United Arab Emirates colonel, Dana Humaid Al Marzouqi, who chairs or participates in numerous international police task forces.

Between 2020 and 2023, Johansson’s Directorate-General awarded almost 1 million euros to WeProtect to organise the June 2022 summit in Brussels, which was dedicated to the fight against CSAM and activities to enhance law enforcement collaboration.

WeProtect did not reply directly to questions concerning its funding arrangements with the Commission or to what extent its advocacy strategies are shaped by the governments and stakeholders sitting on its policy board.

In a statement, it said it is led “by a multi-stakeholder Global Policy Board; members include representatives from countries, international and civil society organisations, and the technology industry.”

The financing


Photo: Courtesy of Solomon.

Another member of the WeProtect board alongside Labrador Jimenez is Douglas Griffiths, a former official of the US State Department and currently president of the Geneva-based Oak Foundation, a group of philanthropic organisations around the world providing grants “to make the world a safer, fairer, and more sustainable place to live”.

Oak Foundation has provided WeProtect with “generous support for strategic communications”, according to WeProtect financial statements from 2021.

From Oak Foundation’s annual financial reports, it is clear it has a long-term commitment to aiding NGOs tackling child abuse. It is also funding the closely linked network of civil society organisations and lobby groups promoting Johansson’s proposed regulation, many of which have helped build an umbrella entity called the European Child Sexual Abuse Legislation Advocacy Group, ECLAG.

ECLAG, which launched its website a few weeks after Johansson’s proposal was announced in May 2022, acts as a coordination platform for some of the most active organisations lobbying in favour of the CSAM legislation. Its steering committee includes Thorn and a host of well-known children’s rights organisations such as ECPAT, Eurochild, Missing Children Europe, Internet Watch Foundation, and Terre des Hommes.

Another member is Brave Movement, which came into being in April 2022, a month before’s Johansson’s regulation was rolled out, thanks to a $10.3 million contribution by the Oak Foundation to Together for Girls, a US-based non-profit that fights sexual violence against children.

Oak Foundation has also given to Thorn – $5 million in 2019. In 2020, it gave $250,000 to ECPAT to engage “policy makers to include children’s interests in revisions to the Digital Services Act and on the impact of end-to-end encryption” and a further $100,000 in support of efforts to end “the online child sexual abuse and exploitation of children in the digital space”. The same year it authorised a $990,000 grant to Eurochild, another NGO coalition that campaigns for children’s rights in Brussels.

In 2021, Oak Foundation gave Thorn a further $250,000 to enhance its coordinating role in Brussels with the aim of ensuring “that any legislative solutions and instruments coming from the EU build on and enhance the existing ecosystem of global actors working to protect children online”.

In 2022, the foundation granted ECPAT a three-year funding package of $2.79 million “to ensure that children’s rights are placed at the centre of digital policy processes in the European Union”. The WeProtect Global Alliance received $2.33 million, also for three years, “to bring together governments, the private sector, civil society, and international organisations to develop policies and solutions that protect children from sexual exploitation and abuse online”.

In a response for this story, Oak Foundation said it does not “advocate for proposed legislation nor work on the details of those policy recommendations”.

It did not respond directly to questions concerning the implications of Johansson’s regulation on privacy rights. A spokesperson said the foundation supports organisations that “advocate for new policies, with a specific focus in the EU, US, and UK, where opportunities exist to establish precedent for other governments”.

Divide and conquer’

Brave Movement’s internal advocacy documents lay out a comprehensive strategy for utilising the voices of abuse survivors to leverage support for Johansson’s proposal in European capitals and, most importantly, within the European Parliament, while targeting prominent critics.

The organisation has enjoyed considerable access to Johansson. In late April 2022, it hosted the Commissioner in an online ‘Global Survivors Action Summit’ – a rare feat in the Brussels bubble for an organisation that was launched just weeks earlier.

An internal strategy document from November 2022 the same year leaves no doubts about the organisation’s role in rallying support for Johansson’s proposal.

“The main objective of the Brave Movement mobilisation around this proposed legislation is to see it passed and implemented throughout the EU,” it states.

“If this legislation is adopted, it will create a positive precedent for other countries… which we will invite to follow through with similar legislation.”

In April this year, the Brave Movement held an ‘Action Day’ outside the European Parliament, where a group of survivors of online child sexual abuse were gathered “to demand EU leaders be brave and act to protect millions of children at risk from the violence and trauma they faced”.

Johansson joined the photo-op.

Survivors of such abuse are key to the Brave Movement’s strategy of winning over influential MEPs.

“Once the EU Survivors taskforce is established and we are clear on the mobilised survivors, we will establish a list pairing responsible survivors with MEPs – we will ‘divide and conquer’ the MEPs by deploying in priority survivors from MEPs’ countries of origin,” its advocacy strategy reads.

Conservative Spanish MEP Javier Zarzalejos, the lead negotiator on the issue in the parliament, according to the Brave Movement strategy has called for “strong survivors’ mobilisation in key countries like Germany”.

Brave Movement’s links with the Directorate-General for Migration and Home Affairs goes deeper still: its Europe campaign manager, Jessica Airey, worked on communications for the Directorate-General between October 2022 and February 2023, promoting Johansson’s regulation.

According to her LinkedIn profile, Airey worked “closely with the policy team who developed the [child sexual abuse imagery] legislation in D.4 [where Labrador Jimenez works] and partners like Thorn”.

She also “worked horizontally with MEPs, WeProtect Global Alliance, EPCAT”.

Asked about a possible conflict of interest in Airey’s work for Brave Movement on the same legislative file, the European Commission responded that Airey was appointed as a trainee and so no formal permission was required. It did say, however, that “trainees must maintain strict confidentiality regarding all knowledge acquired during training. Unauthorised disclosure of non-public documents or information is strictly prohibited, with this obligation extending beyond the training period.”

Brave Movement said it is “proud of the diverse alliances we have built and the expert team we have recruited, openly, to achieve our strategic goals”, pointing out that last year alone one online safety hotline received 32 million reports of child sexual abuse content.

Brave Movement has enlisted expert support: its advocacy strategy was drafted by UK consultancy firm Future Advocacy, while its ‘toolkit’, which aims to “build a beating drum of support for comprehensive legislation that protects children” in the EU, was drafted with the involvement of Purpose, a consultancy whose European branch is controlled by French Capgemini SE.

Purpose specialises in designing campaigns for UN agencies and global companies, using “public mobilisation and storytelling” to “shift policies and change public narratives.

Beginning in 2022, the Oak Foundation gave Purpose grants worth $1.9 million to “help make the internet safer for children”.

Since April 2022, Purpose representatives have met regularly with ECLAG – the network of civil society groups and lobbyists – to refine a pan-European communications strategy.

Documents seen by this investigation also show they met with members of Johansson’s team.

A ‘BeBrave Europe Task Force’ meeting in January this year involved the ECLAG steering group, Purpose EU, Justice Initiative and Labrador Jimenez’s unit within the Directorate-General. In 2023 the foundation that launched the Justice Initiative, the Guido Fluri Foundation, received $416,667 from Oak Foundation.

The Commission, according to its own notes of the meeting, “recommended that when speaking with stakeholders of the negotiation, the organisations should not forget to convey a sense of urgency on the need to find an agreement on the legislation this year”.

This coordinated messaging resulted this year in a social media video featuring Johansson, Zarzalejos, and representatives of the organisations behind ECLAG promoting a petition in favour of her regulation.

Disproportionate infringement of rights

Some 200 kilometres north from Brussels, in the Dutch city of Amsterdam, a bright office on the edge of the city’s famous red light district marks the frontline of the fight to identify and remove CSAM in Europe.

‘Offlimits’, previously known as the Online Child Abuse Expertise Agency, or EOKM, is Europe’s oldest hotline for children and adults wanting to report abuse, whether happening behind closed doors or seen on video circulating online.

In 2022, its seven analysts processed 144,000 reports, and 60 per cent concerned illegal content. The hotline sends requests to remove the content to web hosting providers and, if the material is considered particularly serious, to the police and Interpol.

Offlimits director between 2015 and September this year, Arda Gerkens is deeply knowledgeable of EU policy on the matter. Yet unlike the likes of Thorn, she had little luck accessing Johansson.

“I invited her here but she never came,” said Gerkens, a former Socialist Party MP in the Dutch parliament.

“Commissioner Johansson and her staff visited Silicon Valley and big North American companies,” she said. Companies presenting themselves as NGOs but acting more like tech companies have influenced Johansson’s regulation, Gerkens said, arguing that Thorn and groups like it “have a commercial interest”.

Gerkens said that the fight against child abuse must be deeply improved and involve an all-encompassing approach that addresses welfare, education, and the need to protect the privacy of children, along with a “multi-stakeholder approach with the internet sector”.

“Encryption,” she said, “is key to protecting kids as well: predators hack accounts searching for images”.

It’s a position reflected in some of the concerns raised by the Dutch in ongoing negotiations on a compromise text at the EU Council, arguing in favour of a less intrusive approach that protects encrypted communication and addresses only material already identified and designated as CSAM by monitoring groups and authorities.

A Dutch government official, speaking on condition of anonymity, said: “The Netherlands has serious concerns with regard to the current proposals to detect unknown CSAM and address grooming, as current technologies lead to a high number of false positives.”

“The resulting infringement of fundamental rights is not proportionate.”

Self-interest

In June 2022, shortly after the roll out of Johansson’s proposal, Thorn representatives sat down with one of the commissioner’s cabinet staff, Monika Maglione. An internal report of the meeting, obtained for this investigation, notes that Thorn was interested to understand how “bottlenecks in the process that goes from risk assessment to detection order” would be dealt with.

Detection orders are a crucial component of the procedure set out within Johansson’s proposed regulation, determining the number of people to be surveilled and how often.

European Parliament sources say that in technical meetings, Zarzalejos, the rapporteur on the proposal, has argued in favour of detection orders that do not necessarily focus on individuals or groups of suspects, but are calibrated to allow scanning for suspicious content.

This, experts say, would unlock the door to the general monitoring of EU citizens, otherwise known as mass surveillance.

Asked to clarify his position, Zarzalejos’ office responded: “The file is currently being discussed closed-doors among the shadow rapporteurs and we are not making any comments so far”.

In the same meeting with Maglione, Thorn representatives expressed a “willingness to collaborate closely with COM [European Commission] and provide expertise whenever useful, in particular with respect to the creation of the database of indicators to be hosted by the EU Centre” as well as to prepare “communication material on online child sexual abuse”.

The EU Centre to Prevent and Combat Child Sexual Abuse, which would be created under Johansson’s proposal, would play a key role in helping member states and companies implement the legislation; it would also vet and approve scanning technologies, as well as purchase and offer them to small and medium companies.

As a producer of such scanning technologies, a role for Thorn in supporting the capacity building of the EU Centre database would be of significant commercial interest to the company.

Meredith Whittaker, president of Signal Foundation, the US non-for-profit foundation behind the Signal encrypted chat application, says that AI companies that produce scanning systems are effectively promoting themselves as clearing houses and a liability buffer for big tech companies, sensing the market potential.

“The more they frame this as a huge problem in the public discourse and to regulators, the more they incentivise large tech companies to outsource their dealing of the problems to them,” Whittaker said in an interview for this story.

Effectively, such AI firms are offering tech companies a “get out of responsibility free card”, Whittaker said, by telling them, “’You pay us (…) and we will host the hashes, we will maintain the AI system, we will do whatever it is to magically clean up this problem”.

“So it’s very clear that whatever their incorporation status is, that they are self-interested in promoting child exploitation as a problem that happens “online,” and then proposing quick (and profitable) technical solutions as a remedy to what is in reality a deep social and cultural problem. (…) I don’t think governments understand just how expensive and fallible these systems are, that we’re not looking at a one-time cost. We’re looking at hundreds of millions of dollars indefinitely due to the scale that this is being proposed at.”

Lack of scientific input


Photo by Alexas_Fotos/Pixabay

Johansson has dismissed the idea that the approach she advocates will unleash something new or extreme, telling MEPs last year that it was “totally false to say that with a new regulation there will be new possibilities for detection that don’t exist today”.

But experts question the science behind it.

Matthew Daniel Green, a cryptographer and security technologist at John Hopkins University, said there was an evident lack of scientific input into the crafting of her regulation.

“In the first impact assessment of the EU Commission there was almost no outside scientific input and that’s really amazing since Europe has a terrific scientific infrastructure, with the top researchers in cryptography and computer security all over the world,” Green said.

AI-driven scanning technology, he warned, risks exposing digital platforms to malicious attacks and would undermine encryption.

“If you touch upon built-in encryption models, then you introduce vulnerabilities,” he said. “The idea that we are going to be able to have encrypted conversations like ours is totally incompatible with these scanning automated systems, and that’s by design.”

In a blow to the advocates of AI-driven CSAM scanning, US tech giant Apple said in late August that it is impossible to implement CSAM-scanning while preserving the privacy and security of digital communications. The same month, UK officials privately admitted to tech companies that there is no existing technology able to scan end-to-end encrypted messages without undermining users’ privacy.

According to research by Imperial College academics Ana-Maria Cretu and Shubham Jain, published last May, AI driven Client Side Scanning systems could be quietly tweaked to perform facial recognition on user devices without the user’s knowledge. They warned of more vulnerabilities that have yet to be identified.

“Once this technology is rolled out to billions of devices across the world, you can’t take it back”, they said.

Law enforcement agencies are already considering the possibilities it offers.

In July 2022, the head of Johansson’s Directorate-General, Monique Pariat, visited Europol to discuss the contribution the EU police agency could make to the fight against CSAM, in a meeting attended by Europol executive director Catherine de Bolle.

Europol officials floated the idea of using the proposed EU Centre to scan for more than just CSAM, telling the Commission, “There are other crime areas that would benefit from detection”. According to the minutes, a Commission official “signalled understanding for the additional wishes” but “flagged the need to be realistic in terms of what could be expected, given the many sensitivities around the proposal.”

Ross Anderson, professor of Security Engineering at Cambridge University, said the debate around AI-driven scanning for CSAM has overlooked the potential for manipulation by law enforcement agencies.

“The security and intelligence community have always used issues that scare lawmakers, like children and terrorism, to undermine online privacy,” he said.

“We all know how this works, and come the next terrorist attack, no lawmaker will oppose the extension of scanning from child abuse to serious violent and political crimes.”

This investigation was supported by a grant from the IJ4EU fund. It is also published by Die Zeit, Le Monde, De Groene Amsterdammer, Solomon, IRPI Media and El Diario.

Albanian TV Station Guard Shot Dead in Mystery Killing

Unidentified gunmen early on Monday shot dead a 60-year-old security guard at the premises of national television station Top Channel, Albanian police announced. The event happened under unclear circumstances, they said.

Media reported that a car was later found burnt at another location, allegedly belonging to the gunmangunmen. “As a result of the shooting, a security guard, citizen P. K., 60 years old… lost his life,” police said in a press statement.

“Police Services have set up checkpoints and the work to identify and catch the perpetrators continues,” they added.

The European Centre for Press and Media Freedom, ECPMF, issued a statement on Monday expressing shock.

“We are shocked to learn that there has been a firearm attack on the premises of Top Channel in Albania, which killed a security guard at the facility. We express our condolences to the family and call on Albanian authorities to conduct independent & professional investigations,” it said.

President Bajram Begaj called the shooting a “serious event” and urged institutions to clarify it.

“A really serious event in the early hours of the morning, where the building of the national television Top Channel was shot at with a gun, and as a result the security guard Pal Kola lost his life. As I express my condolences to the family of Mr Kola, I encourage law enforcement agencies to clarify this criminal event as soon as possible,” Begaj declared.

Prime Minister Edi Rama also condemned the killing and said “it requires a clear answer from law enforcement agencies”.

Ilir Meta, former president and head of the opposition Freedom Party, also reacted. “Crime victims are neither far away or unknown, they are our people, our citizens, our Albanians”, he said.

The TV station itself did not declare anything more than the police statement.

Suspect for Arson Attack on Kosovo Journalist’s House Detained

Pristina Basic Court on Monday ordered 30 days of detention for A.L., suspected for setting fire to the house of Alban Selimi, a staffer on Kosovo’s public broadcaster, Radio Television of Kosovo, RTK, on Thursday.

The garage which is part of the house located in Fushe Kosove/Kosovo Polje, near Pristina, was heavily damaged by the fire. No casualties were reported.

Approving the prosecutor’s request for detention, the judge assessed that if released, the suspect could avoid justice and even repeat the offence.

“Taking into consideration (his [suspect’s] criminal background, the court has assessed that if released, the suspect will repeat the criminal offence which he has threatened to commit,” the court said in a press release on Monday.

A.L. was arrested on Saturday by Police and immediately put in custody. When he learned about his identity, Selimi posted on Facebook that he was a neighbour, and the attack appeared linked to an investigation he did in November 2021 on a property worth a million euros.

Selimi said the suspect was his neighbour and a relative of those who had usurped the land he investigated. “Justice should have its word for the criminal, whoever he is,” Selimi said.

The incident was condemned by the Association of the Journalists of Kosovo, AJK, which said that “any attack on journalists is an attack on the public interest, democracy and citizens’ rights”.

“Such threats are totally unacceptable and seriously violate freedom of expression and impact the work of journalists to report in a safe environment,” the AJK said.

“We urgently demand relevant institutions investigate the motives for this attack and bring the perpetrator before justice,” it added.

‘I Was Powerless’: Serbian Women Detail Devastating Impact of Revenge Porn

Confiding in her sister and a friend, the three of them composed an email to the porn site asking for the video to be taken down. Pornhub, which has over 130 million visits per day, obliged. But days later the video was back under a different heading.

She wrote again, and the video has since disappeared, but Marina lives with the threat that it may resurface at any time. Pornhub did not respond to a request for comment.

“I don’t talk about it with a lot of people,” Marina said. “I feel like everyone would judge me if they knew and blame me for not reporting him or doing more about it.”

“I want to cry when I think about it even today. Somehow, it reminds me how powerless I am, or was.”

Marina was one of 28 women in Serbia interviewed by BIRN about their experiences of revenge porn; some said intimate videos of them had circulated on Telegram groups with tens of thousands of members, others on porn sites.

Coupled with months of monitoring of Telegram groups and data from police and prosecutors, the picture that emerges is one of systematic failure on the part of the Serbian legal system to protect the victims of revenge porn, a form of gender-based violence.

Victims are exposed to blackmail, public shaming and emotional trauma. Few have the resources to fight back.

Today, explicit photos and videos of Serbian women are being shared on at least 16 Telegram groups, BIRN has found, the biggest of them boasting almost 50,000 members.

“You feel like the whole world will collapse if anyone sees it, finds it, passes it on further,” said another victim, a 28 year-old woman from the Serbian capital, Belgrade. “I was horrified for a month; I was shaking at every message and call.”

None of the victims quoted in this story are identified by their real names in order to protect their privacy.


Infographic: BIRN.

A safe place for abusers

The term ‘revenge porn’ refers to the sharing of private, sexually explicit photos or videos of another person without their consent, often with the purpose of causing embarrassment or distress. Some activists specialised in this area say a more accurate term would be ‘image-based sexual abuse’.

Using advanced search bots, BIRN spent several months monitoring Telegram and was able to identify 13 active groups sharing private, explicit material, with several thousand users posting daily.


Infographic: BIRN.

At one point, a video of Jelena was in there too.

Jelena told BIRN she had been in a committed relationship when she began suspecting that her boyfriend had hidden cameras in the flat they shared.

“We were spending time in that flat, having sex in the bedroom, and he was filming it all and watching it later,” she said. Her boyfriend confessed and showed her all the footage.

“There was footage on those files from every day for the last year, and it wasn’t just with me but various other girls,” she said. Her boyfriend threatened to publish the videos if she reported him to the police; undeterred, Jelena did go to the police, twice. But on both occasions officers doubted her account and refused to search the apartment, citing a lack of evidence.

Then a friend called her to say there was a video of her being shared in a Telegram group.

“He published videos in a closed group where you can only enter if you have an invite,” Jelena told BIRN.

Users enjoy complete anonymity; messages are sent almost every minute, some with photos or videos apparently taken from porn websites, but others with material that appears to be private.

There is no information on how the content was created or whether the people they feature have given permission for the files to be shared. Often there is some information, however – links to the Instagram profiles of the women, or their Viber or WhatsApp numbers.

The result is often a barrage of messages to women from anonymous men asking for sex.


Infographic: BIRN.

Telegram’s Terms of Service prohibits the sharing of “illegal pornographic content on publicly viewable Telegram channels”. The platform has an email through which users can report such content.

This investigation, however, shows that some Telegram groups in Serbia are violating those rules with impunity.

In a written response to BIRN, a Telegram press officer wrote that “since its launch, Telegram has actively moderated harmful content on its platform – including the publication of revenge porn.”

“Our moderators proactively monitor public parts of the app as well as accepting user reports in order to remove content that breaches our terms.”

Legal issues

Revenge porn, on its own, is not defined as a criminal offence in Serbia.

In order for police or prosecutors to get involved, the case needs to involve elements of blackmail, harassment, or stalking. Otherwise, victims have to initiate a private lawsuit, within three months of discovery of the content.

That’s what a police officer told Ivana to do, after she went to the police aged 19 to report an ex-boyfriend.

Their breakup had unleashed months of stalking that became so intense that Ivana had to move apartment and block her ex-boyfriend on all her social media profiles. But he continued sending emails and contacting her family, before finally threatening to release intimate video of them together.

The threat was real; one night, Ivana recalled, she suddenly received 100 friend requests on Facebook from strangers, many featuring offensive messages. What followed, she said, were “a few days of torture and crying, worrying about who would see it.”

With the help of friends, Ivana set about removing the video from various websites. Then she went to the police.

“The inspector listened to me. He did not blame me for anything, especially because I told him about the violence in the relationship and said that he would call him [the ex-boyfriend] but that there was not much he could do,” Ivana said. “I had to file a private lawsuit, if I wanted, because he was posting the video without permission.”

After the officer spoke to the ex-boyfriend, the harassment stopped.

“If there’s any message a woman can take from my experience, it’s that no one has the right to do this to anyone and that no one ‘deserves’ something like this,” Ivana told BIRN.

Explicit photos and videos of Serbian women are being shared on at least 16 Telegram groups, BIRN has found, the biggest of them boasting almost 50,000 members.

Mirjana Stajkovac, a high-tech crime prosecutor, said that revenge porn should be defined as a criminal offence under Serbian law.

“Everyone has the right to send their intimate material to others. But it has opened new doors for misuse. And then the person suffers consequences that can be devastating for their mental health and the members of that family,” Stajkovac told BIRN.

In May 2022, the Autonomous Women’s Centre, an NGO, submitted an initiative to the Serbian Justice Ministry asking that revenge porn be included in the criminal code, but nothing came of it.

The Centre says that it receives at least one call per week from women of all ages who have been affected by the problem.

Many of the women who shared their experiences with BIRN said they had been in committed relationships and trusted their partners when they agreed to be photographed or filmed; they said they believed it to be a “one-off” and that the material would be deleted.

Olivera had lived with her partner for years and has a child with him.

When he asked to take photos of her naked, she did not hesitate; they were building a life together, and she trusted him, she said.

“I didn’t think anything negative for a single moment,” Olivera told BIRN. “He bought me all kinds of halters, bras, panties, SM gear, socks, you name it.”

They would look at the photos together and she believed he deleted them. But he hadn’t.

After nine years, Olivera ended the relationship. Six months later she received a message from her ex containing screenshots of photos of her, published on a porn site. He sent the same pictures to her mother, brothers, friends and male relatives.

Olivera went to the police; eventually she was given full custody of their child and her ex-partner was banned from approaching or contacting her in any way. “A very ugly, sad and unpleasant situation, but I got over it; life goes on,” she said.

Minors


Mirjana Stajkovac, a high-tech crime prosecutor, said that revenge porn should be defined as a criminal offense under Serbian law. Photo: Stefan Milovojevic.

Some of the women interviewed by BIRN were minors when they became victims of revenge porn.

Katarina was 15 years-old when she began dating an 18 year-old from a small town in Serbia. They talked about sex, but Katarina told him she wasn’t ready and believed he understood.

After a few months, they went to Serbia’s Tara Mountain, where Katarina came down with a fever. She drank a cup of tea and fell asleep. Today, she believes her then boyfriend drugged her.

She remembers nothing from the night, but after they broke up a few months later, video of her appeared on countless porn sites and in Telegram groups. Katarina had no idea the video had ever been made.

“You can see me on the video, but not him, nothing but his genitals,” she told BIRN. “He wrote to my sister saying he did it to re-educate me, because how dare I break up with him.”

Alongside the clip was Katarina’s full name, her home city, Instagram profile and phone number. Katarina went to the police, several times, but her complaints fell on deaf ears.

“They said I was exaggerating because we were still in a relationship, so maybe he couldn’t wait any longer because he is a man, and he has needs,” Katarina said, recalling the police response.

“More than three years have passed and I started to fight with the problems in my head only now when I moved to another city. The consequences are permanent, and nobody reacted.”

With a staff of four, the Prosecutor’s Office for High-Tech Crime is the only one dealing with such cases; they review reports of revenge porn on a daily basis.

One of the cases it is handling, concerning Telegram, has been dragging on for roughly two years but is being investigated as child pornography, not specifically as revenge porn, BIRN has learned.

The Telegram group ‘Nislijke’ [Nis Women] was initially exposed by one of its victims, Stasa Ivkovic, who took to Twitter to say her picture and social media profile had been circulating in the group, focussed on the city of Nis. Police arrested the group’s administrator, Nemanja Stojiljkovic, in March 2021, but the case is still ongoing.

“Many of the victims I talked to are very upset,” said Stajkovac. “Most of these people cry while giving their testimony, which is very upsetting for me as well. I really trust them.”

Victims, she said, should save the evidence as soon as they detect that something has happened – screenshots of messages, pictures, posts, and profiles from which content was sent.

“In every possible way, please, they should screenshot everything and not sweep it under the rug, believing it will pass. It will not pass, and the consequences can be dire.”

Victims should go to their nearest police station and hand over their phone for expert examination, she said. And take any witness they might have who could corroborate their account.

“These actions taken by these people are criminal acts for us, and we will not look at it lightly as a phenomenon in a society that should not be sanctioned,” Stajkovac told BIRN.

“Those people will not relax so easily and think that they can do whatever they want. If the predator feels that someone is on his tail and chasing him, he will make a mistake, and we will catch him in that mistake.”

Montenegro Still Assessing Damage From Mystery Cyber Attacks

Montenegrin Minister of Public Administration Marash Dukaj said on Monday that organized cyber attacks on government servers have continued, adding that the damage to public data still has to be assessed.

Since August 22, the government has reported two series of cyber-attacks on government servers, claiming they managed to prevent any damage.

“The damage is being repaired and we are assessing its extent. The system will suffer no lasting effects. A huge amount of money was invested in this attack on our system,” Dukaj told a press conference.

Head of State Cyber Security Service Dusan Polovic said the authorities are not able to activate some services online, and a certain number of workstations are compromised.

“The cost of the virus used for the first attacks on the dark web is from 100 thousand to 2.5 million dollars,” said Polovic.

On August 26, the Ministry of Public Administration said some government servers were temporarily taken offline, while the Agency for National Security, ANB, accused Russian services of organizing coordinated cyber-attacks on government servers. The ANB said Montenegro was caught up in a “hybrid war”, claiming that an attack had been prepared for a long time.

The ANB did not respond to BIRN requests about the cyber-attacks’ investigation’s results. The head of the Electric Company, Milutin Djukanovic, on Monday meanwhile said ANB chief Savo Kentera had warned him about potential cyber-attacks on the electricity system, so they switched to a manual operating system.

On August 26, the US embassy in Montenegro warned its citizens that cyber-attacks may include disruptions to public utility, transportation and telecommunication sectors.

After a National Security session on August 26, outgoing Prime Minister Dritan Abazovic described the cyber-attacks as dangerous, but added that citizens’ personal data were safe. He said the authorities don’t have firm evidence yet about the organizers of the attack.

“We do not have clear information about the organizers. Security sector authorities couldn’t confirm that there is an individual, a group, a state behind this, nor could we deny it,” Abazovic said.

The government published a safe protocol for safety in cyberspace, calling on citizens to use licensed operative systems and create backup copies of all important data. The government noted that NATO members have helped Montenegrin authorities to prevent cyber-attack damage.

Reportedly, government servers were hit by ransomware, a type of malware attack in which the attacker locks and encrypts the victim’s data and important files, and then demands a payment to unlock and decrypt the data.

On Monday, Veselin Konatar, a professor from the University of Podgorica, said the government had not provided firm evidence about the cyber-attacks’ organizers.

“There is a real possibility that a cyber-attack on the government’s IT infrastructure could have been organized by both individuals and organized criminal groups… Also, the government surprisingly quickly assessed that there was no permanent damage to the IT infrastructure, nor any compromise of citizens’ data, which requires much more time to confirm,” Konatar told the daily Dan.

On Monday, IT specialist Branko Popovic urged authorities to present the results of the cyber-attacks investigation, warning also that the government doesn’t have the administrative capacities to deal with such attacks. “It’s possible that someone deliberately released a virus into the government servers in order to steal confidential information, correspondence or reports,” he posted on Facebook.

The government has not adopted a new Cyber Security Strategy after the last one became outdated in 2021. In July 2021, the then Minister of Public Administration, Digital Society and Media, Tamara Srzentic, said that the government would improve its administrative capacities in the cyber security sector, and push for international cooperation and staff education.

Albania Blames ‘Massive Cyber Attack’ as Govt Servers go Down

Albania has come under a “massive cybernetic attack”, the government announced on Monday, which pro-government media blamed on Russia.

The main servers of the National Agency for Information Society, which handles many services, were all down on Monday after being hit on Sunday by “an attack from abroad”.

“Albania is under a massive cybernetic attack that has never happened before. This criminal cyber-attack was synchronized… from outside Albania,” the Council of Ministers said in a press release.

“In order to not allow this attack to damage our information system, the National Agency of Information Society had temporarily shut down online services and other government websites,” it added.

The National Agency for Information Society, AKSHI, is a controversial institution, which some accuse of  misusing citizens’ personal data for political purposes. It has been also suspected of funneling millions of euros to progovernment media through procurements of various services.

The government of Prime Minister Edi Rama closed desk services for the population lately and ordered mandatory use of its online services for everything from enrolling in school to obtaining an ISBN number for a new book at the National Library.

However, several important services, such as online tax filing, are still working, as they use separate servers.

Sali Berisha, a former PM and opposition leader, blamed the ineptitude of the government rather than Russia for the meltdown, pointing out that the government had concentrated too many services in the AKSHI.

“How did it it happen that the government ordered almost all important services to go through this website?’ he asked. “How can such initiatives be undertaken while no professional policing against cyber crime is yet in place?” he added.

Serbia Targets Purchase of Powerful Swedish Facial Recognition Software

Serbia’s interior ministry planned to buy Swedish-made facial recognition software last year and still might despite deep concern over the legality of such technology under the country’s current legislation, BIRN can report.

According to the manufacturer, Griffeye Analyze DI Pro has the capacity to recognise faces based only on the eyes and, under certain conditions, even when the eyes are not visible. Experts say it can also download large amounts of personal data from the internet and then search, sort, cross and process it based on metadata such as GPS coordinates, the time when an image was taken or phone serial numbers.

The software, which Europol has used since 2019, was on a ministry procurement wish-list for the third quarter of 2021. The purchase has not been made and the ministry did not respond to BIRN requests for comment. But Serbia’s Personal Data Protection Commissioner, Milan Marinovic, said police were unlikely to pass up the opportunity to acquire such technology.

“The idea was to get that technology by the end of 2021. I am convinced that the Ministry of Interior has not given up on it,” Marinovic told BIRN. “No police in the world would give up on such things because it suits them.”

He questioned the legality under current Serbian law, however.

“We are talking about a global threat that I do not like. The software can also physically track you,” said Marinovic. “In Serbia, we do not have the right to such a sophisticated type of data processing of citizens.”

In September 2020, the interior ministry announced a Draft Law on Internal Affairs containing contained provisions for the legalisation of an extensive biometric video surveillance system. It was withdrawn after public outcry.

“Once the system is in place, it means it will be very difficult to remove and it is an irreversible situation,” said Bojan Perkov of the Belgrade-based SHARE Foundation, which promotes human rights and freedoms online.

Griffeye did not respond to a request for comment, but its website says the software is intended to support investigators working on cases involving the sexual abuse of children. SHARE’s Filip Milosevic said it is a threat to privacy.

“Quick, easy and complete insight into the life of each individual,” Milosevic told BIRN.

“Such tools create very detailed profiles of individuals by crossing absolutely all their existing digital information. This can be information owned by the state, and the police can get access – traffic, cameras, financial system, health, social – complemented by data that citizens leave as a digital trace using devices and the Internet, such as Internet searches, site visits, applications, profiles on social networks, history of shopping, movements, interaction with other people.”

Greek Post Restarts Services After Cyber-Attack Downs System

Hellenic Post, ELTA, announced on Wednesday that it had restarted the system that enables objects and items to be sent abroad after a cyber-attack brought the computers down.

Days before, financial services and the sending of simple correspondence were also re-activated. The suspension of these operations, among other things, has caused delays in the payment of pensions.

After the cyber-attack in March brought down the ELTA computer systems, the company isolated the entire data centre and temporarily suspended the commercial information systems of all post offices.

The cyber-attack, aimed at crippling the operations of ELTA, started from malicious zero-time software, which was installed on a workstation and, with the ‘HTTPS reverse shell technique”, connected to a computer system controlled by the cyber group, said ELTA.

Kathimerini newspaper also reported that the hackers used ransomware – nowadays the most common form of corporate cyberattacks. Most times, the victim receives a phishing email including a malicious link or is infected with a ransomware attachment.

“This specific malware, when executed, encrypts part of the victim’s hard drive and, in order for the victim to receive the decryption key and retrieve the data, a ransom must be paid to the attacker,” Dimitris Aretis, Senior Manager EY Cybersecurity Consulting, told BIRN.

“Bitcoin or other cryptocurrencies is used as the form of payment as it provides anonymity to the attacker and makes the transfer of funds untraceable,” he added.

US President Joe Biden on March 22 warned US companies of potential Russian cyber-attackers. But a source from ELTA told BIRN that Russian hackers were not involved in this case.

The Communications Privacy Protection Authority, ADAE, which is responsible for the criminal investigation of the case, declined to comment to BIRN on the issue.

On January 17, two hospitals in the Attika region, Sotiria and Asklipieio Voulas, fell victim of cyber blackmailers who used the same type of ransomware.

Panagiotis Stathis, chief of the 1st Health District of Attica, told BIRN that the hackers attacked the servers of the hospitals. The hackers did not get access to patients’ personal health data but only to the hospitals’ invoices and visitors. Sources told BIRN that the investigation into these cases is still ongoing.

Hackers Attack Croatian Daily, Post Kremlin Propaganda

Croatian police are probing Tuesday’s hacking of the daily Slobodna Dalmacija website by an unknown assailant. The paper reported that “a couple of older articles in Slobodna Dalmacija were replaced with articles promoting Russian propaganda in the war with Ukraine”.

Around ten articles were replaced, it wrote. “Our services spotted the attack on time and are working on solving the problem. The articles have been removed and the attack was reported to the police,” it added.

“Western Deception Machine”, “Which Side Are You On?”, and “The United States of America Admitted They Have Hidden Laboratories in Ukraine”, are just some of the fake articles that the hackers posted online.

Hrvoje Zovko, president of the Croatian Journalists’ Association, HND, condemned the attack. “We condemn this attack and hope the investigation will reveal where it originated from and who was behind it. Unfortunately, something like this is not unexpected in conditions of war. We call all institutions to get involved in the case and all media to report similar incidents immediately, if they happened,” Zovko said.

He added that the incident was reported to the European Federation of Journalists, EFJ. Ricardo Gutiérrez, EFJ secretary, said: “We strongly condemn this act of piracy and call on all Croatian judicial bodies to identify and process the perpetrators. This way, media become a hostage! This is very serious. This is the first time we encountered this type of manipulation of opinion. We believe this type of cyber-attacks might become more and more common.”

The police’s cybercrimes unit is investigating the matter.

Editor-in-chief Sandra Lapenda Lemo told Croatian news agency HINA that the investigation is ongoing and that the articles in question had been deleted. The daily apologized to its readers for “seeing content which at no circumstances reflects the editorial policy of Slobodna Dalmacija”.

The daily newspaper is published in Split. Its first issue was published on June 17, 1943.

BIRD Community

Are you a professional journalist or a media worker looking for an easily searchable and comprehensive database and interested in safely (re)connecting with more than thousands of colleagues from Southeastern and Central Europe?

We created BIRD Community, a place where you can have it all!

Join Now