Update: Content Incident Protocol Activated in Response to Shooting in Memphis, Tennessee, United States
Updated December 12, 2022 3:40pm EDT
Following the conclusion of the Content Incident Protocol, GIFCT is issuing the following summary of actions related to this incident. This update and summary were delayed and future postings in the event GIFCT activates the Content Incident Protocol will be shared in a more timely manner.
At 9:06 p.m. Eastern Daylight Time on Wednesday, September 7, 2022, the Global Internet Forum to Counter Terrorism (GIFCT) activated the Content Incident Protocol (CIP) within its Incident Response Framework in response to a shooting in Memphis, Tennessee, United States, and took the following steps:
- Alerted all GIFCT members that the CIP had been activated. By this time, in line with our Incident Response Framework, communications were already underway between GIFCT and its member companies to share situational awareness about the offline violence in order to prepare for the potential that the event met the criteria to activate the CIP.
- Enabled GIFCT members to share hashes of the perpetrator-produced content depicting the attack, in video and image form.
- Alerted the U.S. government, as the impacted government in this incident, and GIFCT’s Independent Advisory Committee that the CIP had been activated in response to the shooting.
Simultaneously, individual GIFCT members engaged in platform-specific enforcement operations, identifying and reviewing content in line with their respective terms of service, including instances of the content shared in a range of contexts.
At 3:04 p.m. EDT on Thursday, September 8, 2022, GIFCT concluded the activated CIP based on the time passed since the conclusion of the offline violent event and feedback from members on the level of attempts to upload new versions of the violating content on member platforms. New hashes of the perpetrator-produced content may be added to GIFCT’s hash-sharing database as members identify and share them.
We can currently provide the following information from this event:
- Between when GIFCT activated the CIP at 9:06pm EDT on Wednesday, September 7 and its conclusion at 3:04pm EDT on Thursday, September 8, members added approximately 50 visually distinct items to the GIFCT hash-sharing database. These related to:
- approximately 1 visually distinct image
- approximately 49 visually distinct videos
After concluding the CIP, GIFCT convened multi-stakeholder debriefs with our members and community to review the steps taken as part of the response and identify lessons and improvements to be made. This is an essential, final step in our operations when the Content Incident Protocol is activated.
The debrief process identified improvements in GIFCT and its members’ readiness to respond to these events. It further raised new questions that GIFCT is taking under consideration about the hashing of perpetrator-produced content from a mass-violent event where a violent extremist ideology is not identified.
In order for GIFCT and its members to further refine and strengthen our efforts, we continue to test our protocols and mature our Incident Response Framework, including the CIP. This work is currently underway amongst GIFCT’s internal team, and with the GIFCT Year 3 Incident Response Working Group.
The Global Network on Extremism and Technology (GNET), the academic research network funded by GIFCT, has contributed insights in response to this shooting and will continue to provide research from experts on issues and questions related to violent extremist behaviors and technologies.
First Published September 7, 2022 10:46pm EDT
Content Incident Protocol Activated in Response to Shooting in Memphis, Tennessee, United States
At 9:06 p.m. Eastern Daylight Time on Wednesday, September 7, 2022, the Global Internet Forum to Counter Terrorism (GIFCT) activated the Content Incident Protocol (CIP) within its Incident Response Framework in response to a shooting in Memphis, Tennessee, United States.
The CIP was activated due to:
- The existence of live streamed video of the shooting, apparently produced and distributed by the perpetrator
- The video depicting attempted violence towards people, and
- The video was shared on GIFCT member platforms.
As a result, hashes corresponding to the perpetrator-produced content depicting the attack, in video and image form, qualify to be added to the GIFCT hash-sharing database. This enables other GIFCT members to identify whether the same content has been shared on their platforms and address it in accordance with their respective platform policies.
For more information about GIFCT’s:
- Incident Response Framework that guides how GIFCT and its members respond to mass violent attacks and their online dimensions, see here: https://gifct.org/incident-response/
- Content Incident Protocol, the level of our Incident Response Framework activated in response to this shooting, see here: https://gifct.org/content-incident-protocol/
- Hash-sharing database, see here: https://gifct.org/tech-innovation/
We will provide further updates on this post.