Digital Footprint Analysis in Safeguarding
Every digital interaction a child has leaves a trace. Understanding what that trace looks like — and how to read it lawfully — gives officers a significant intelligence advantage in exploitation and grooming cases. Digital footprint analysis does not require specialist technical skills at a basic level; it requires systematic observation and proper documentation.
What constitutes a digital footprint
- Social media profiles: public posts, follower/following lists, tagged photos, account creation dates, profile name history
- Platform presence: usernames consistent across platforms — a child's username on TikTok may be the same on Discord, linking otherwise separate accounts
- Location data: geotagged photos, Snap Map presence, location sharing on Find My Friends, Google Maps timeline (if device accessible under PACE)
- Network graph: who the child interacts with, who interacts with them, mutual connections — this can map a gang or exploitation network without accessing private messages
- Metadata: file creation times, device identifiers embedded in photos (EXIF data), IP addresses associated with account creation or login
Open Source Intelligence (OSINT) from publicly available social media is generally lawful without a warrant, provided it is for a legitimate policing purpose and conducted using approved force tools or methods. Do not use personal accounts to conduct OSINT. Document all searches, sources, and dates. Some forces require a registered RIPA authorisation even for open source activity in surveillance-adjacent investigations — check your force policy.
Practical OSINT steps for safeguarding
- Search the child's known username across TikTok, Instagram, Snapchat, Discord, YouTube, and X. Screenshot and timestamp all findings
- Review follower/following lists for known intelligence subjects — use intelligence systems to cross-reference names
- Identify any accounts that are mutual followers of both the child and known offenders or gang members
- Search the known address of concern for associated social media tags or posts
- Submit all OSINT findings as intelligence — do not retain on personal devices
Emerging Tech Risks for Young People
| Technology | Safeguarding Risk | Officer Action |
|---|---|---|
| AI-Generated Images (Deepfakes / CSAM) | Generative AI tools can create realistic indecent images of children without a real victim — legally constitutes CSAM under the Protection of Children Act 1978 as amended. Also used for sextortion — fake images used to threaten real victims | Treat AI-generated CSAM as CSAM. Refer to specialist ICAC / IIOC unit. CEOP referral. Do not view or store images on standard devices |
| Live Streaming Exploitation | Young people coerced into performing sexual acts via live stream for paying adults. Platforms: OnlyFans (under-18 bypassing age verification), Twitch, Instagram Live, YouTube Live, TikTok LIVE | Urgent evidence preservation — live content disappears. Platform emergency request. CEOP referral. MASH referral for victim |
| Virtual Reality / Gaming | VR environments used for grooming — physical boundary-setting simulations used to desensitise. Gaming platforms (Roblox, Fortnite, Minecraft) used for gifting and grooming entry points | VR headset and gaming account data may be recoverable via production order. Note platform and game title in intelligence log |
| Encrypted Messaging (Telegram / Signal) | End-to-end encrypted channels used to organise exploitation, share CSAM, and recruit young people to criminal networks. Self-destructing messages standard practice | Device seizure and DMI referral. Metadata available even without message content. Note channel names and participant counts if visible |
| Cryptocurrency / Gift Cards | Payments to young people for exploitation made via cryptocurrency or gift cards to avoid bank tracing. Gift cards (Amazon, Steam, iTunes) sent as grooming gifts | Record card numbers if found. Cryptocurrency wallet addresses are traceable by financial crime units. Submit as intelligence |
Device Examination — Lawful Basis
- PACE s.19 (seizure): If a device is found during a lawful search, it can be seized if there is reasonable cause to believe it contains evidence of an offence or has been used in an offence. Includes devices found at cuckooed addresses
- PACE s.32 (search on arrest): Allows examination of a device found on an arrested person where there is reasonable grounds to believe it is evidence or was used to commit an offence
- Production order (PACE Schedule 1): For compelling third parties (platforms, ISPs) to produce stored data
- s.49 RIPA (encryption key notice): Compels a person to provide a decryption key or decrypted version of protected data. Requires appropriate authorisation. Refusal is a criminal offence
- IPA 2016 (Investigatory Powers Act): For bulk and targeted interception, equipment interference — requires senior authorisation. Not for routine safeguarding cases but relevant to organised exploitation networks
Compelling a person to use biometric data (fingerprint or face ID) to unlock a device sits in a legally contested area. Compelling a person to provide a PIN code is covered by s.49 RIPA. Compelling biometric use may not be — consult your Digital Evidence Unit before attempting to compel biometric unlocking without the person's consent.