In a statement, a Reddit spokesperson said: “Our sitewide policies explicitly prohibit any sexual or suggestive content involving minors or someone who appears to be a minor. This includes child sexual abuse imagery and any other content that sexualizes minors. Our dedicated Safety teams use a combination of automated tooling and human review to detect and action this content across the platform. We regularly ban communities for engaging in the behavior in question, and we will continue to review and action violating subreddits, users, and content.”
Reddit isn’t the only platform where Wickr users try to find one another.
A search for “Wickr” on Tumblr domains revealed blogs where people advertise their Wickr handles alongside sexually explicit adult images and non-explicit images that appear to be of teenagers, as well as drugs that appear to be for sale. Tumblr deleted several blogs flagged to the company by NBC News after a request for comment. In a statement, a Tumblr representative said, “Child sexual abuse and exploitation, including sexually suggestive content involving a minor, is not allowed on Tumblr. We ask anyone coming across such content to please report it to us so that our Trust & Safety team can review it and take action in accordance with our Community Guidelines. Additionally, any child sexual abuse material we discover is immediately removed and reported to the National Center for Missing and Exploited Children.” The Tumblr representative said the company uses PhotoDNA, a photo detection software created by Microsoft and licensed to platforms for the sole purpose of combating child abuse.
On Twitter, a search for “Wickr” yielded posts with Wickr usernames and the hashtags “teen,” “perv” and “nolimits.” One user appeared to be selling child sexual abuse material, writing “Sixteen is a cool number” and “Sells to anyone” alongside a Wickr handle and the acronyms “map” and “aam,” which stand for minor-attracted-person and adult-attracted-minor respectively. Other posts advertise various drugs for sale.
Twitter says it suspended several accounts flagged to the company while reporting this article. In a statement, Twitter spokesperson Trenton Kennedy said, “Twitter has a zero-tolerance policy for child sexual exploitation content. We aggressively fight online child sexual abuse and have heavily invested in technology and tools to enforce our policy. We have rules against non-consensual nudity and take strong enforcement action against this content.”
The court cases
The court filings reviewed illustrate how people on Wickr openly trade child sexual abuse material once connected with groups or other individuals on the app. Even when law enforcement has gathered large amounts of evidence, Wickr’s cooperation appears to be minimal, according to the company’s responses to the court filings and its own web page that contains information about how it responds to legal requests.
A national law enforcement officer who routinely works on child sex abuse investigations, who spoke on the condition of anonymity to protect his safety, said that he’s given up trying to work with Wickr to secure evidence of child sex abuse happening on the platform.
“It’s not worth the effort of going through the process,” he said. “It’s end-to-end encrypted. So you get no content.”
To request information from Wickr, law enforcement must secure a legal order such as a search warrant, subpoena or court order, according to the company’s website. Once one is submitted, Wickr says, it’s the company’s policy to notify a user that their information has been the subject of an information request. The company warns on its website that it is not able to provide information from encrypted chats, and only has access to data such as the date an account was created, the type of device on which such an account was used, the date of its last use, the total number of sent and received messages, avatar images and the Wickr version number.
Given the lack of substantial information Wickr provides, the officer said, they were “convinced they can do more at the user end.”
In one of the only cases reviewed in which Wickr was said to have responded to a search warrant, an FBI special agent testified in 2021 that Australian authorities observed Michael Glenn Whitmore of Anchorage, Alaska, in several groups of Wickr users trading and distributing child abuse material.
In one group, users commented on images of a 12-year-old, according to the complaint, and described in detail how they would abuse the child. In another group, Whitmore uploaded a video of an infant being sexually abused. The complaint said that he was part of at least five other Wickr groups they believed to be devoted to child exploitation. According to the complaint, he admitted to sharing child sexual abuse material with “slightly less than 100 different people” using Wickr, among other apps.
Whitmore has pleaded not guilty and is awaiting trial. A representative for him did not respond to a request for comment.
The complaint noted that a search warrant was served on Wickr for information about the account, which resulted in just the date of creation, the type of device used, the number of messages sent and received, and the profile picture of the account, which was described as “an anime image of three children wearing only diapers.”
In its “Legal Process Guidelines,” Wickr is explicit about the limited amount of information it’s willing to provide law enforcement. “Non-public information about Wickr users’ accounts will not be released to law enforcement except in response to appropriate legal process such as a subpoena, court order, or other valid legal process,” the page reads. “Requests for the contents of communications require a valid search warrant from an agency with proper jurisdiction over Wickr. However, our response to such a request will reflect that the content is not stored on our servers or that, in very limited instances where a message has not yet been retrieved by the recipient, the content is encrypted data which is indecipherable.”
Wickr says it prohibits illegal activities in its terms of service but has in the past been staunchly against law enforcement intervention on tech platforms at large. In 2016, the Wickr Foundation, the company’s nonprofit arm which began in 2015, filed a friend of the court brief in support of Apple arguing against providing law enforcement tools that would provide access to encrypted content.
“Deliberately compromised digital security would undermine human rights around the globe,” the brief reads. In the case, Apple was ordered to assist law enforcement to unlock an iPhone that belonged to a mass shooter in San Bernardino, California. The order was eventually vacated.
The debate marked a growing conflict between law enforcement and tech companies about encryption and potential access to evidence in encrypted environments. Wickr’s position at the time wasn’t new, and was largely representative of many companies looking to maintain the security of encrypted environments. But Wickr’s seeming inaction in developing alternative methods to prevent crime on its platform in lieu of a “backdoor” to get around encryption stands apart from other tech companies such as Meta or Microsoft, which developed the PhotoDNA technology that has been pivotal in identifying and fighting the spread of child sexual abuse material across the internet and is used to scan files in Microsoft’s OneDrive cloud.
Wickr was founded in 2012 by a security-minded group of entrepreneurs including Nico Sell, an organizer of the hacker convention Defcon. The app applied encryption typically used by defense officials to personal messaging, stripping messages of any identifiable metadata, and giving users the option to sign up anonymously and have their messages self-delete.
By 2015, the company had raised $39 million in funding, seizing on a public just beginning to gain interest in data privacy. Sell, who did not respond to a request for comment, sold the company as staunchly pro-privacy, claiming early on that she had refused to give the FBI a backdoor into the platform. That same year, news reports started to trickle in about how the app was being used to commit crimes.
The first report from Australia’s Herald Sun said that Craiglist drug dealers were instructing interested parties to contact them on Wickr. Numerous outlets also reported in 2015 that the Islamic State terrorist group was using Wickr to recruit fighters. In 2016, one of the first successful child pornography prosecutions involving Wickr resulted in Elijah William Roberts of Utah being sentenced to 60 months in prison for the possession of child sexual abuse material, according to the Deseret Morning News. Roberts was released on probation in 2020 and rearrested in 2021 after a U.S. probation officer said Roberts was discovered to have an unauthorized flip phone that contained child sexual abuse material on it, according to court documents. Roberts is currently detained and awaiting trial, and his representative did not respond to a request for comment.
In 2017, at least three individuals were successfully prosecuted for crimes that involved child exploitation and abuse over Wickr, according to court records. In one case, according to court records, Garret Vensland responded to a Craigslist ad from an undercover FBI agent seeking “taboo chat” — a phrase frequently used online to denote a sexual interest in children. Vensland moved the communications with the undercover agent to Wickr, before claiming that he sexually abused a 13-year-old disabled boy when he was a supervisor at a youth center. He and the undercover agent eventually went on to organize a crosscountry trip over Wickr on which Vensland believed he’d be able to sexually abuse a 9-year-old boy. He was arrested at the airport. In 2020, he pleaded guilty to child pornography charges and traveling with the intent to sexually abuse a minor. A representative for Vensland did not respond to multiple requests for comment.
Court cases stemming from child exploitation on Wickr appear to have increased in number each year after that, according to the court cases reviewed.
“I think once they realize that there’s a particular platform that’s not taking any measures to identify any illegal activity that may be occurring on their platform as it relates to child abuse. It becomes the platform of choice and these individuals connect with one another,” Shehan, of the NCMEC, said.
In 2020, at least 21 child sexual abuse material and exploitation cases involving Wickr were prosecuted globally.
Wickr was purchased by Amazon Web Services in June 2021. Before and after the acquisition, Wickr brought in millions of dollars through contracts with government organizations such as U.S. Customs and Border Protection and the Department of Defense, which use enterprise versions of Wickr, as opposed to Wickr’s free app, Wickr Me, which is used by everyday smartphone users. CBPand the Defense Department would not disclose how they use Wickr’s enterprise products after a previous NBC News investigation.
Wickr’s consumer product, Wickr Me. has steadily grown its user base since the start of 2018, gaining 11.6 million users, according to the analytics firm Sensor Tower, but that growth is minuscule compared to interest in its competitor Signal, which has become a mainstream secure messaging platform and saw 26 times the number of downloads that Wickr did in 2021.
A hands-off approach
Wickr’s lack of action puts it at odds with what other companies have done to address the problem of child sexual abuse material.
Baines noted that WhatsApp, which is also end-to-end encrypted, drastically increased its reporting of child sexual abuse material by analyzing aspects of user profiles outside of encrypted chats, such as profile photos, usernames and metadata.
According to a Meta spokesperson, WhatsApp has implemented numerous features to proactively detect and prevent the spread of child exploitation material, including limiting how many people can be shared on a viral image at one time and using photo-matching technology on rules-violation reports submitted to the company by users and non-encrypted photos found in profile or group avatars. Meta says it also uses machine learning to scan usernames and group descriptions for a potential sign of child exploitation material.
Aside from the legal obligation to report such content, Baines said, “it’s morally the right thing to do to go looking for it.”
Shehan noted one report to NCMEC’s tip line from a Wickr user as an example of what goes unchecked on the platform, in which he said a user flagged a Wickr account that was named “BabyAbuse,” which used a profile photo of an infant being sexually assaulted.
An AWS spokesperson said Wickr suspended the account in March 2021 as soon as the company was made aware of it.
“I would expect a company like Wickr, especially being a company and property advertised as being so closely aligned with AWS and Amazon, that they will be taking the right measures to identify this type of activity, especially even the account names and I mentioned that that’s the lowest hanging fruit that’s possible,” he said.
Some human rights activists cautioned against blaming end-to-end encryption for Wickr’s issues with child abuse imagery.
Anjana Rajan, chief technology officer of Polaris, an organization that runs the National Human Trafficking Hotline, disagreed with the argument that Wickr and other tech platforms need to compromise privacy to prevent trafficking and child exploitation, and said that governments should focus on solving societal issues that lead to crime.
“The debate is not around whether or not encryption is good or bad. It’s about how are traffickers exploiting vulnerabilities of vulnerable communities, and where are they doing that, and how do we actually get ahead of that vulnerability and meet that need,” she said.
“I think there’s oftentimes a bit of a boogeyman made around emerging technologies,” she said. “Technology is just a tool in which [crime] happens, but the underlying mechanisms need to be understood at its very core.”
Rajan said that she believes encryption is part of a “human rights toolkit” that can protect and empower victims. She posed the question: “How do we prevent abuse of these technologies rather than passing a broad, sweeping critique of a tool?”
Shehan said he believed that Wickr could do more without sacrificing its encrypted environment: “We really feel that in an encrypted environment, there are still ways that this activity can be identified. And companies like Wickr should be exploring how to make that happen within their platforms, while also preserving security.”
But, he said, if push comes to shove, he believes children should be the priority in the discussion around tech and child sexual abuse material. “We certainly definitely are big fans and supporters of privacy, but at the end of the day, not at the cost of children.”