Updated: February 5, 2024 at 14:15 EST
At 19:07 EST on February 1, 2024, the Global Internet Forum to Counter Terrorism (GIFCT) concluded its Content Incident Protocol (CIP) in response to the violent extremist event in Levittown, Pennsylvania, US on January 30, 2024.
Following the conclusion of the Content Incident Protocol, GIFCT is issuing the following summary of actions related to this event, in line with GIFCT’s Incident Response Framework:
- At 00:41 on January 31, 2024, GIFCT activated the Content Incident Protocol (CIP) within its Incident Response Framework in response to a violent extremist event in Levittown, Pennsylvania, US. (Please see original post below for more information on the criteria that activated the CIP).
- GIFCT alerted all GIFCT member companies that the CIP had been activated. By this time, in line with our Incident Response Framework, communications were already underway between GIFCT and its members to share situational awareness about the offline violence in order to prepare for the potential that the event met the criteria to activate the CIP.
- GIFCT also alerted the affected government (US), key stakeholders, and partners, including GIFCT’s Independent Advisory Committee, that the CIP had been activated.
- GIFCT enabled GIFCT members to share hashes of the perpetrator-produced content depicting the attack, in video and image form.
- GIFCT remained in touch with member companies to provide situational analysis, updates, or bespoke resources as needed.
- At 19:07 EST on February 1, 2024, GIFCT concluded the CIP based on the time passed since the conclusion of the offline violent event and feedback from members on the level of attempts to upload new versions of the violating content on member platforms.
- New hashes of the perpetrator-produced content may still be added to GIFCT’s hash-sharing database should member companies identify further versions of the content on their platforms after the CIP’s conclusion.
At this time, we can provide the following information about hashes related to this event:
- Between when GIFCT activated the CIP and its conclusion, members added approximately 600 hashes related to an estimated nine distinct videos, 13 distinct photos, and one distinct textual item to the GIFCT hash-sharing database.
- What does this mean? GIFCT and its members identified images, videos, and text produced by the perpetrator relating to the incident, creating “digital fingerprints” of this content that were shared amongst members, allowing all member companies to quickly identify the same or similar content on their platforms. The number of hashes is not necessarily related to the virality or spread of content online. For example, a single image or video can be shared an indefinite number of times, but may still result in only one hash being uploaded to the hash-sharing database.
After the conclusion of each CIP, GIFCT convenes debriefs with our members and global multi-stakeholder community to review the collective response and identify lessons and possible areas of improvement.
To continually improve our efforts, GIFCT continues to test our protocols and mature our Incident Response Framework through tabletop exercises, workshops, training sessions, and ongoing dialogue with our stakeholders in industry, government, and civil society.
The development of our Incidence Response Framework and the process of updating the hash-sharing database inclusion criteria have been informed by longstanding consultation with our critical multistakeholder community, including our Independent Advisory Committee. GIFCT is committed to transparency in this work and produces an annual Transparency Report to share the latest metrics and insights on the composition of the hash-sharing database.
First Published January 31, 2024 13:58 EST
At 00:41 EST on Wednesday, January 31, 2024, the Global Internet Forum to Counter Terrorism (GIFCT) activated the Content Incident Protocol (CIP) within its Incident Response Framework in response to a violent extremist event in Levittown, Pennsylvania, United States.
The CIP was activated based on the following information available at that time:
- The existence of a live-streamed video of the violent event, produced by the perpetrator,
- The content depicting violence from the attack, and
- The content appeared on multiple GIFCT member platforms.
GIFCT member platforms have been alerted to the incident and can take action following their terms of service and platform policies. As a result of the CIP activation, hashes corresponding to the perpetrator-produced content depicting the violent extremist event, in video and image form, qualify to be added to the GIFCT hash-sharing database. This enables other GIFCT members to identify whether the same content has been shared on their platforms and address it in accordance with their respective platform policies.
As per our protocol, our key stakeholders have been notified. We will update this post to provide further updates as needed.