Stopping sextortion

If you’re like most Americans, chances are in the past month you’ve received a text from a random number striking up a conversation out of the blue. After apologizing for texting the wrong number, they might, if you’re foolish enough to engage them, start up a flirtatious chat, and eventually share a picture of themselves (invariably an attractive member of the opposite sex). Their end goal? Sextortion—a rising crime wave in which perpetrators try to coax unsuspecting users into sexually explicit chats or sharing explicit images, before revealing their true identity and threatening to broadcast the photos or screenshots far and wide unless paid handsomely.

Most sextortion, however, starts on social media platforms, not text messages, and targets naïve teens, not savvy adults. Indeed, one target demographic is 14- to 17-year-old boys, easily flattered into thinking that a cute girl wants to chat with them, and easily terrified into paying off the scammers lest their parents, teachers, and friends find out what they’ve done. In some cases, unable to come up with the cash, the victims resort to suicide. Data from the National Center for Missing and Exploited Children (NCMEC) showed an 18,000% increase in sextortion scams from 2021-23. A crime wave like that doesn’t just happen; and sure enough, it has recently emerged that a cybercrime collective based in Nigeria, known as the Yahoo Boys, is behind most cases, and is increasingly using AI bots to carry out their scams for them.

In a recent briefing, the National Center on Sexual Exploitation drew attention to the scale of this crisis and the abysmal job that most tech companies have done in combatting it. Although determined criminals will always find a way to get to their victims, it is shocking just how easy many of these platforms have made their job. Not only do the Yahoo Boys use popular social media platforms to target victims, but also to publicly share their exploits and train others in their best methods. As one analyst, Chris Raffile, has chronicled, “They are circulating their scripts and how-to guides, literally publishing how to sextort minors openly on YouTube, Facebook groups, Instagram and TikTok.” Meanwhile Snapchat has allowed over 10,000 sextortion reports per month to go unaddressed, and 40-75% of accounts on Cash App (the preferred payment vehicle for sextortionists) are reportedly fraudulent.

In many cases, these apps are dangerous by design. Most apps, even when they claim to be for adults only, fail to invest in age-verification technologies to keep teens off of them. Some, like Instagram, until recently made a user’s entire friends list public by default, so that blackmailers could tell their victims exactly whom they would be sharing their explicit photos with. Snapchat, meanwhile, boasted as its main design feature that photos disappeared within 10 seconds of being opened. But bad actors could easily save and store the photos, and Snapchat became the platform of choice for sextortion schemes.

Beyond design flaws, however, perhaps the biggest issue is simply that these companies invest so little effort into policing what happens on their platforms. While they claim to be powerless, this is preposterous in an age of sophisticated AI algorithms that can detect patterns of shady behavior and immediately flag the bad actors. The reality is simply that these companies have, to date, sought to get by with spending as little as possible on product safety. Meta, for example, boasts of spending $5 billion a year on safety and security measures. That sounds like a lot, until you realize that Meta’s 2024 revenues were $165 billion and profits were $62 billion. In other words, Meta could have afforded to increase safety spending tenfold last year and still made a handsome profit!

The reason they don’t is simply because they don’t need to. It’s not that corporations are uniquely heartless; it is human nature to try to maximize our profits and minimize our costs, preferably by passing them off onto others. This is all the easier when the victims of our laziness are out of sight and out of mind—as is generally the case in the modern economy. The reality is that whatever good intentions such companies may profess or really possess, they will rarely be motivated to take decisive action to protect their users without regulation.

Such regulation need not take the form of heavy handed government censorship. Thankfully, one of the easiest solutions is also among the most market-friendly: simply expose digital platforms to the same litigation risks that most other companies face, and their own cost-benefit calculations will spur them to invest in the technical tools to crack down on bad actors. Until now, internet companies have been allowed to post astounding profit margins thanks to liability protections from an obsolete 1996 law, Section 230. These protections may have been plausible in the fledgling days of the internet, but they have become an incentive for irresponsibility today. It’s time to take action in public policies that will hold these companies accountable and protect our children.