Updated: August 27, 2024 at 12:24 EST
Following the conclusion of the Content Incident, GIFCT is issuing the following summary of actions related to this event.
At 12:25 Eastern Daylight Time on August 23, 2024, the Global Internet Forum to Counter Terrorism (GIFCT) activated the Content Incident (CI) within its Incident Response Framework in response to a hostage-taking and murder incident in Volgograd, Russia, and took the following steps:
- Identified reports of offline-violence and perpetrator-produced online content present on member platforms. GIFCT contacted relevant member platforms on which the perpetrator-produced content was discovered, and began to assess the situation against our Incident Response Framework criteria.
- Alerted all GIFCT member companies that the CI had been activated. By this time, in line with our Incident Response Framework, communications were already underway between GIFCT and its member companies to share situational awareness about the offline violence in order to prepare for the potential that the event met the criteria to activate the CI.
- Enabled GIFCT members to share hashes of the perpetrator-produced content depicting the incident, in video and image form.
- GIFCT requested the support of the UN in relaying the information to the affected government (Russia), notified the Independent Advisory Committee, and alerted key partners, including The Christchurch Call, about the activation of the CI.
- At 13:43 EDT on August 24, 2024, GIFCT concluded the activated CI based on the assessed conclusion of the offline violent event and feedback from members on the volume of upload attempts of CI related violating content on member platforms. New hashes of the perpetrator-produced content may be added to GIFCT’s hash-sharing database as members identify and share them.
We can currently provide the following information from this event:
Between when GIFCT activated the CI at 12:25 EDT on August 23, 2024 and its conclusion at 12:32 EDT on August 24, 2024, members added approximately 252 video signals to the GIFCT hash-sharing database.
After concluding the CI, GIFCT will convene multi-stakeholder debriefs with our members and community to review the steps taken as part of the response and identify lessons and improvements to be made.
Ongoing Work:
In order for GIFCT and its members to further refine and strengthen our efforts, we continue to test our protocols and mature our Incident Response Framework, including the CI.
Individual member companies will still continue their own operational efforts in alignment with their terms of service despite the deactivation of this CI. GIFCT is continuing collaborative efforts with member companies, and may consider seeking reactivation of this CI if member companies report a substantial rise in the spread of the corresponding perpetrator-produced content.
First Published August 23, 2024 19:21 EST
At 12:25pm ET on August 23, 2024, the Global Internet Forum to Counter Terrorism (GIFCT) activated the Content Incident (CI) within its Incident Response Framework in response to a hostage-taking and murder incident in Volgograd, Russia.
The CI was activated based on information available at the time which met the criteria for activation of our Incidence Response Framework, including the following:
- An ongoing terrorist, violent extremist or mass violence event; AND
- Other content (ex. photo, audio, or text) by perpetrator or accomplice; AND
- Depicting murder, attempted murder, or violence from the attack; AND
- On a member platform (or so broadly available online it will inevitably be shared on member platforms).
As a result, hashes corresponding to the perpetrator-produced content depicting the attack, in video and image form, qualify to be added to the GIFCT hash-sharing database. This enables other GIFCT members to identify whether the same content has been shared on their platforms and address it in accordance with their respective platform policies.
For more information about GIFCT’s:
- Incident Response Framework that guides how GIFCT and its members respond to mass violent attacks and their online dimensions, see here: https://gifct.org/incident-response/ ; Hash-sharing database, see here: https://gifct.org/hsdb/
As per our protocol, our key stakeholders have already been notified. We will update this post to provide further information as needed.