Joint Tech Innovation

Hash Sharing Consortium

In December 2016, the founding member companies of the GIFCT (Facebook, Microsoft, Twitter, and YouTube), committed to creating a shared industry database of "hashes" — unique digital "fingerprints" — for violent terrorist imagery or terrorist recruitment videos that we have removed from our services. By sharing these hashes with one another, we can identify potential terrorist images and videos on our respective hosted consumer platforms. This collaboration is resulting in increased efficiency as we continue to enforce our policies to help curb the pressing global issue of terrorist content online.

As part of the GIFCT, the founding companies committed to refine and improve the shared industry hash database, and we have made important progress over the past year:

  • The database now contains more than 200,000 hashes. It allows member companies to use those hashes to identify and remove matching content – videos and images – that violate our respective policies or, in some cases, block terrorist content before it is even posted.
  • The Hash Sharing Consortium includes, Cloudinary, Facebook, Google, Instagram,, LinkedIn, Microsoft, Verizon Media, Reddit, Snap, Twitter and Yellow. We will work to add to new members throughout the upcoming year.

GIFCT's Content Incident Protocol (CIP)

The Global Internet Forum to Counter Terrorism’s (GIFCT) Content Incident Protocol (CIP) is a process by which GIFCT member companies become aware of, quickly assess, and act on potential content circulating online resulting from a real-world terrorism or violent extremist event. Since the Christchurch tragedy, GIFCT member companies have developed, refined and tested the protocol. In fact, the CIP assessment process has been initiated more than 70 separate times between March 2019 and March 2020. It was “activated” for the first time on October 9, 2019, following the shooting in Halle, Germany.

No one individual or organization can activate a content incident. Rather, the protocol is based on the existence of content online relating to the real-world terrorism or violent extremism event—like Christchurch and Halle—and potential distribution of that content, including a live stream of murder or attempted murder produced by the attack’s perpetrator or an accomplice. The CIP is a multi-step process, including a decision to activate the CIP, communication of that decision, a review of content assets, and other steps, to inform GIFCT member companies and relevant governments about content from the real-world event that may be manifesting online. A CIP ends with an official “conclusion” determined by impacted GIFCT platforms once the volume of content has noticeably decreased.

During the CIP development process, drafts of this protocol were shared and discussed with a range of stakeholders. The CIP was tested in a “controlled” environment in September 2019 during the first multi-stakeholder tabletop exercise at Europol HQ in The Hague, where tech industry representatives, European law enforcement authorities and third-party governments walked through a six-part, real-world scenario to determine applicability of both the CIP and the EU’s Crisis Response Protocol. The CIP was tested a second time in a similarly controlled environment at a workshop in Wellington, New Zealand, in December 2019. The CIP is a dynamic, “living” process that the GIFCT will continue to refine and evolve over time.

The GIFCT CIP is a standalone industry process, but was designed to be easily integrated into external crisis response procedures, including the Christchurch Call Shared Crisis Response Protocol developed in response to the commitments of the Christchurch Call to Action to eliminate terrorist and violent extremist content online and the EU’s Crisis Response Protocol.