How Cinder built a NCMEC integration that streamlines the reporting process

For four decades, the National Center for Missing & Exploited Children (NCMEC) has been at the forefront of efforts to assist law enforcement, support families, and engage the public in safeguarding children. Through collaboration with a broad spectrum of agencies and organizations, NCMEC remains dedicated to enhancing child protection around the world. 

Under U.S. federal law, electronic service providers are mandated to report any detected child sexual abuse material (CSAM) to NCMEC. This reporting is facilitated through NCMEC's CyberTipline, which serves as the national mechanism for receiving and processing reports of child sexual exploitation. These reports made to the CyberTipline are shared with the appropriate law enforcement agencies and electronic service providers, enabling them to investigate and take necessary actions. Reports can be submitted via the CyberTipline's web form or through an API. As a trust and safety platform, one of Cinder’s goals is to help our clients engage with NCMEC. That’s why we built an integration framework for them to report material to NCMEC through the CyberTipline.

It’s worth noting that Cinder is not making any decisions for our platform partners, nor are we classifying or detecting content to determine whether it should be reported to NCMEC; rather, Cinder is simply streamlining and simplifying a platform’s reporting process. 

This post walks you through Cinder’s reporting system integration with a little help from Chuck, a duck/chicken (the team is split on this, hence the portmanteau name), and hopefully provide insight on how other platforms can take similar approaches. In this example we’ll use this image to represent CSAM. 

Solutions and Innovations

The goal of Cinder’s NCMEC integration is to automate the most manual components in order to help Cinder users resolve child safety investigations quickly while being able to send high quality reports to NCMEC. Adding human review has the ability to help refine detection and reduce false positive reports being sent to NCMEC. The integration flow looks like this:

1. An image of Chuck was uploaded to a platform, a user reported that image on the platform, the image gets sent to Cinder for review by the platform’s review team.
2. Then (bottom of the graphic), once the image has been reviewed and the platform determines it should be reported to NCMEC, Cinder will automatically create a CyberTipline report.
3. At the same time, Cinder will send a webhook out to the platform to quarantine the content for future appeals and to take additional enforcement actions such as banning the user.

Mitigating XML Requirements

NCMEC’s API provides an XML schema for engineers to use for the integration. The first step is to convert NCMEC’s provided XML schema to a data format that follows the same structure as the schema but in common programming languages. Having structured data is important because this helps us ensure that we’re always sending the expected payload shape to the API.

To tackle the technical barrier of XML requirements, Cinder used the xsdata library to convert XML schema into Python class definitions. This allowed for the serialization and parsing between Python objects and XML, ensuring the correct payload shapes for API requests and responses.

Building from Scratch

Cinder built a Python SDK and manually implemented all of NCMECs API endpoints. This provides a robust framework for interacting with the NCMEC API, and improves the developer experience when working with NCMEC’s API natively within a python tech stack.

Preventing Spread of Violative Content

A core requirement of the integration was to ensure that Cinder does not download violative content onto our systems when material is uploaded, as Cinder does not want to make a copy of our customers’ content, especially CSAM. 

To avoid downloading CSAM onto our systems, Cinder streams media content directly from customer CDN URLs to NCMEC in chunks. Concurrently, we employed the hashlib library to verify file upload integrity by comparing hash values before and after transmission, all within memory.

Enhancing Efficiency

A core goal of Cinder’s integration was to improve reporting efficiency for our partners. Investigators using the web form often use the same identifying company information for every entry, such as the name, email, and address of the company.

Cinder streamlined completion of the web form by creating a metadata configuration form within our platform. This form allowed customers to pre-fill fields that remain constant across all reports, such as company contact information. During report submission, these pre-configured values are automatically populated, significantly reducing the manual effort required.

Handling Complex Cases

Platforms identify a wide range of content types that must be reported to NCMEC. To account for this complexity, Cinder identified common use cases and maps repeatable inputs to specific configurations. For instance, in chat messages containing CSAM, fields such as incident time, reported person, and media attachments were automatically mapped from the chat message properties.

The Automated Reporting Flow

The result of all of the above was a dramatically more automated reporting flow that improves efficiency and increases accuracy. Here’s how it works:

1. Content Review: An image or other content is reported on the platform, sent into Cinder for review by our customer’s personnel, and a decision has been made that the content is violative and must be reported to NCMEC.
2. Metadata Integration: Pre-configured metadata fields are automatically filled in to their respective properties in the NCMEC report that is being compiled.
3. Workflow-Specific Configs Integration: Values based on specific configurations for each workflow are dynamically fetched and filled into the report.‍
4. Automated Submission: The complete report is then automatically created and submitted to NCMEC via the API, with all necessary fields populated and content securely transmitted.

Key Learnings and Impact

Building this integration required extensive research, plenty of code, and lots of iteration. Through this journey, we identified several key learnings:

• Resource Allocation: Dedicated engineering resources is crucial for key integrations and to creating high-quality NCMEC reports.
• Technical Foundations: Building robust technical foundations, such as creating reusable libraries, is essential.
• User-Centric Product Discovery: Proactive product discovery with child safety investigators helped design solutions that directly address pain points and reduce feature misses.

Streamlining the NCMEC reporting process for our partners reduces the risk of spreading harmful content, improves efficiency, reduces the chance of errors, and thereby contributes to the larger goal of child safety online. We are proud to support the great folks working to protect children - at platforms, NCMEC, and beyond. Hopefully, this project illustrates the importance of innovation, collaboration, and dedication in tackling some of the most pressing challenges in trust and safety today.