The Crime and Policing Bill represents the UK's most recent attempt to strengthen its omnipresent grasp over its unfortunate citizens, yet again using MAPs and children as pawns in a grotesque authoritarian game. In this article, we will take a look at what the government is planning to do and how MAPs may be able to hinder some of those efforts. We will refer to the bill itself, and the explanatory notes, as reviewed in March 2025. In order to keep the article length manageable, we will refer readers to technical guides and legal discussions on other resources where the relevant issues have already been covered to a high standard.

Extreme notification requirements

Section 61 of the bill amends the Sexual Offences Act (2003) to require registered child sex offenders, as well as other offenders subject to police discretion, to notify police when they attend places where children may be present. The bill does not clarify how broadly this will apply. Will a person convicted of possessing lolicon be required to notify police every time they go to the local swimming pool, the park, or the supermarket? The scope will be decided by the "appropriate authorities" (the Home Office and its regional equivalents) at a later date, and not voted on by parliament. This gives unelected individuals the extraordinary power to limit movement unchallenged, at a whim, with severe consequences for those who do not comply. The Home Office ignored Mu's e-mail requesting a clarification on scope.

The explanatory notes on this element of the proposal do little to illuminate the planned extent of these new requirements:

Requiring certain RSOs to notify the police before entering specified premises where children are present. This will automatically apply to RSOs with convictions for sexual offences against children. The police will also be able to apply the requirement to notify entry into a specified premises where children are present to offenders without such convictions but who pose a risk of sexual harm to children generally or particular children.

Resources and enforcement

One of the major questions is just how the British government, with its pitifully low investment in public services and infrastructure, is going to handle a rapid increase in notifications. The UK's sex offender management system is already under massive strain. This is illustrated by the proposal to allow lower level probation staff to manage registered sex offenders, as well as amendments to be made by the Crime and Policing Bill that are clearly intended to reduce pressure on offender management resources.

If the scope of the "qualifying premises" for which registered child sex offenders will be required to notify is broad, those required to notify can render the system essentially inoperable by intentionally making plans to visit such places and notifying relentlessly. There is no immediately apparent reason such co-operative/union-like action by sex offenders would be unlawful; it would be an act of disruptive civil-obedience by what now represents a considerable demographic within British society.

It is quite interesting that these new requirements have been more or less ignored by the media. Given the UK government's ability to suppress media reports of details on violent young attackers, such as the Southport killer's Jihadist beliefs and the Luton murderer's minor-attraction, it does not seem too much of a reach to suggest that a similar act of suppression of information may be taking place here. The question remains as to why.

AI PIM

Shortly after the government announced its plans to criminalize AI models, one of our editors published an article examining the impetus behind the proposal, how the technology works, and how AI PIM may help MAPs and prevent harm to young people. In that article, our editor explained that it would be possible to criminalize LORAs that are deliberately designed to represent the likeness of a real child (or adult), but not models which are not designed to do such. This would deal with the stated concern of real young people's faces being used in the production of AI PIM. However, the proposed new legislation unnecessarily criminalizes such models along with LORAs, due to the extremely broad definition of a "CSA image generator":

"CSA image-generator” means anything (including any service, any program, and any information in electronic form) which is made or adapted for use for creating, or facilitating the creation of, CSA images.

The criminalization goes even further, with potential prison sentences to be meted out for those sharing or possessing prompts for generating AI PIM. In the explanatory notes, the overarching notion of voodoo abuse is quite apparent, referring to generating AI PIM as "us[ing] AI to abuse children sexually". As the UK pushes further and further to criminalize absolutely any possible expression or form of sexual release for those attracted to children, without proper evidence of harm, the question remains as to what avenue remains for those attracted solely to young people. As discussed in the editorial article in February, attraction to minors cannot be changed and the UK has no safe form of support available for those who seek it (even Mu's Member Support forum is now blocked to UK residents due to the country's extreme 'online safety' laws). Official justifications for criminalization, like "some people might use AI images to groom young people", do not justify the conviction of those who are not using them in such a way. The fact that AI images may prevent the commission of contact offenses by offering a form of sexual release should be taken much more seriously.

In terms of application, the proposed anti-AI laws relate to the creation of "indecent images of children" and "prohibited images of children". For a photo-realistic image to be "indecent", it only needs to "offend against the recognized standards of propriety" in the eyes of a jury. In the past, images of children posed in underwear or swimwear, or simply being in a state of nudity, have sufficed. For non-realistic representations, criminalized as "prohibited images of children", the image needs to be "grossly offensive" or "disgusting". This represents a higher bar, but applies to any representation whatsoever, no matter how ridiculous or unrealistic. For more information on UK PIM laws, the Crown Prosecution Service offers a surprisingly good factsheet.

A question remains as to how the UK could possibly enforce the criminalization of AI model distribution on darknet forums. German police, with some assistance from the US and UK, have been able to correlate an extremely small number of IP addresses with access to hidden services distributing PIM, prosecuted in the US under the poorly suppressed Operation Liberty Lane. However, such correlation is imperfect and vulnerable to errors, and crucially it does not allow snoopers to see what the person has been doing on the hidden service. As far as Mu is aware, law enforcement authorities do not possess the technology to trace a specific person who has uploaded a model or prompt for AI PIM.

Border scans

Another new power reported by the media is the planned requirement for those traveling through the UK to unlock their devices for a PIM detection scan, subject to a custom officer's discretion. The bill states:

After section 164A of the Customs and Excise Management Act 1979 (powers to search for cash) insert— “164B Power to scan for child sexual abuse images (1) This section applies if there are reasonable grounds to suspect that a 30 person to whom section 164 applies is carrying an electronic device storing child sexual abuse images. (2) If this section applies, an officer may— (a) scan the information stored on the device using technology approved by the Secretary of State for the purpose of 35 ascertaining whether information stored on an electronic device includes child sexual abuse images, (b) require the person to permit the scan, and (c) require the person to take such steps as appear necessary to allow the scan to be performed.

According to the explanatory notes, the scan will work as follows:

In recent years, the Home Office has developed the Child Abuse Image Database (“CAID”) – a repository of all known CSAM detected during UK Police investigations. The CAID now holds millions of unique files. In parallel to the CAID, the capability now exists to undertake a rapid scan of a digital device to determine whether known material is held within its memory. Accordingly, it is possible to scan a digital device (such as a phone) for CAID material. As a scan is not a download, it will take approximately 15 seconds to identify whether CAID material is or is not present. This capability has now been operationalised at the UK Border, with trials generating significant intelligence around individuals representing a sexual risk to children – leading to investigation and arrests.

As for 'reasonable grounds':

The reasonable grounds threshold may be met as a result of identifying paraphernalia associated with the commission of sexual offences against children during baggage inspection (for example, lubricants, condoms, children’s toys and underwear) of an individual travelling to or returning from a known high-risk location. If the individual refuses, then the existing offence of ‘obstruction of an officer of Revenue and Customs’ under section 31 of the Commissioners for Revenue and Customs Act 2005 would be triggered – which would enable the arrest of the individual and seizure of the device, thereby creating a double-lock

Millions of files is an alarming number, raising questions as to whether all images on the database are in fact unlawful, or perhaps simply files that were lawful but part of a series that contained unlawful images. It is quite possible that a MAP may have pictures of a young person in their underwear that wrongly made their way onto the CAID, and will thus be harassed by the authorities as a result. The mere investigation, even if ultimately found to be in error, could ruin the MAP's life or even lead to suicide, as seen in some of the Azov investigations. To avoid wrongful accusations, Mu will provide advice on how to protect oneself.

Defeating the technology

Mu does not trust the British government entirely, especially in regard to their pervasive surveillance creep. However, if the scan really works as claimed, it can be quite easily foiled using container encryption, ideally with a hidden volume, using the freely available software Veracrypt.

If the bill passes as planned, UK customs officials will be allowed to force people to unlock their devices for a scan under the threat of arrest and device seizure. Targets will be asked to provide a phone or tablet PIN, disclose the Windows, Mac, or Linux password, or use biometrics to unlock their device. If a whole volume is obviously encrypted, it follows that customs officials will also demand it be decrypted. However, should the basic device password be provided and the existence of encrypted container data not be readily apparent, the customs official will almost certainly simply do a rapid scan of the unencrypted content on the device. Below are some tips to keep yourself safe from wrongly being flagged due to your lawful MAP-related content. Taking the time to follow these instructions could well prevent your life being irrevocably ruined.

Don't use a phone for MAP-related activity

First and foremost, if you are using your phone for MAP-related activity, stop! There is no way to securely do this, and you may even inadvertently have flaggable content on your phone as a result. If you have been using your phone for MAP-related activity, it would be better to clear your browser cache, delete any of your lawful images that could ultimately be from a legally questionable series, and then wipe free space with any of the tools available for your device.

Use private browsing mode on your PC for MAP-related activity

It is always possible that you may inadvertently come across criminalized images when browsing MAP-related content; even lolicon is unlawful in many jurisdictions, including the UK. Therefore, to avoid accidentally storing criminalized images in your browser cache, it is much safer to use private browsing mode even if you are not intentionally viewing anything unlawful.

Create a hidden volume

A hidden volume sounds complex, because it is, but setting one up requires nothing more than following basic instructions and a little patience.

It is important to remember that your lawful MAP-related content must go in the hidden volume. The outer (decoy) volume should contain non-MAP files for which you would have a plausible need for privacy; kinky adult pornography or embarrassing photos or videos of yourself would be a good option. Once you have created the hidden volume, you will not write data to the outer volume again. However, you will need to remember the password to the outer volume, because that is the password you will give to anyone who demands a password.

There is no way to prove beyond reasonable doubt that a VeraCrypt container or volume holds a hidden volume. This is useful not only in the case of crossing the UK border, but also in cases where you wish to create the illusion of transparency and co-operation, or when dealing with court orders (or RIPA notices in the case of the UK).

For legal reasons, Mu cannot advise improper responses to court orders, nor concealing possible evidence during active criminal investigations.

Windows security issues

It is good practice to be on top of these issues at all times, but it is absolutely essential before traveling through a border!

First of all, turn off the indexing service using a guide for Windows 10 or 11

Please install BleachBit or equivalent software on your computer to proceed with the remaining instructions.

Any time you have viewed lawful MAP material that is at risk of being wrongly flagged, you should wipe the following at an absolute minimum:

• Thumbs.db (crucial)
• Caches and session-related entries for all browsers you use (crucial)
• Recently viewed items in Windows Explorer and multimedia programs
• Recycle bin
• Temporary files

You should also regularly wipe free space using a single random pass, and absolutely before you travel.

Tutorials on using BleachBit are scattered, and precise instructions depend on the software you use. Please search via your preferred search engine, ask a chatbot (don't mention you're a MAP), or ask for advice on our technical support forum (people with a UK IP address will need to use our contact form).

Separate device for MAP-related activities

If possible according to one's financial situation, it is better to have a separate device for MAP-related activities. This separate device could be an older desktop running a basic Linux operating system, allowing one to have extreme security settings on their MAP device while maintaining convenient settings on their regular device. Obviously, this MAP-specific device would not need to be taken on trips.

Outstanding protection

For extreme protection, advanced users may consider Qubes-Whonix or TAILS. Refer to their official documentation and forums for detailed security advice. Please be aware that Qubes-Whonix in particular may lead to a false sense of security if used by a person who does not properly understand how it works.

Technical assistance

Mu also offers a technical support forum, but those who are physically located in the UK are blocked due to the Online Safety Act (discussed below). People based in the UK may contact us by e-mail using our contact form, but should note that we will not knowingly provide technical support for concealing criminalized material or engaging in other criminalized acts.

Thoughts

We are left asking just how this is going to work in practice. Are single men coming back from Thailand with condoms and lube used with adults, and a toy for their nephew or niece, likely to be accused of being pedophiles and have their devices scanned, then investigated after an image of a young-looking adult on their device happened to match an image on the UK's vast database?

It is not just MAPs who should be securing their devices, but every man in the world who travels through the UK border. A database with millions of images is almost certain to have a significant number of false positives, which could easily have found their way onto any internet-connected device. Moreover, it does not seem overly cynical to suggest that this may be the thin end of the wedge for requiring people to unlock their phones using increasingly flimsier excuses. It is doubtful that scanning criminalized images of children is truly the end game for a country whose various governments have shown an increasing and disturbing propensity to spy en masse on their unfortunate citizens.

Site administration

There was concern among some MAP site administrators as to what the laws against 'pedophile' site operators would entail. The scope is actually very clearly defined.

38 Online facilitation of child sexual exploitation and abuse (1) A person commits an offence if they carry out a relevant internet activity with the intention of facilitating child sexual exploitation and abuse. (2) Each of the following is a “relevant internet activity” for the purposes of this section— (a) providing an internet service; (b) maintaining or helping to maintain an internet service (or part of such a service) provided by another person; (c) administering, moderating or otherwise controlling access to content on an internet service; (d) facilitating the sharing of content on an internet service. (3) For the purposes of this section, a person carries out the relevant internet activity of providing an internet service if they are the provider of the service within the meaning of section 226 of the Online Safety Act 2023. (4) In this section— “child sexual exploitation and abuse” means— (a) conduct that would constitute an offence specified in Schedule 6, or (b) conduct outside the United Kingdom that would constitute such an offence if it took place in the United Kingdom; “content”, in relation to an internet service, has the meaning given by section 236(1) of the Online Safety Act 2023; “internet service” has the meaning given by section 228 of that Act (and section 204(1) of that Act applies).

If you run a forum, chat room or social media service with the intention of facilitating the commission of existing offenses or the new AI-related offenses, and you are also a UK national or resident, you may be prosecuted under Section 38. Otherwise, you do not need to worry. Of course, it remains best practice to moderate any MAP site proactively to avoid unnecessary trouble, wherever you are located.

Beyond MAPs

The UK government did its best to blow up the story of AI tool criminalization; Home Secretary Yvette Cooper even went on TV to promote it. Normally when this happens, it is wise to ask not what is being paraded through the media, but what the 'big story' may be hiding.

Amnesty UK has raised alarm over the latest attack on protest rights, largely ignored by the media who chose to focus more on the AI story. The charity expressed particular concern over the proposed criminalization of face coverings at protests, which paints a damning picture of authoritarian creep when viewed against the backdrop of preceding legislative acts. Amnesty writes:

The latest protest measures in the Crime and Policing Bill should be understood in the context of three previous sweeping anti-protest laws: the Police, Crime, Sentencing and Courts Act 2022, the Public Orders Act 2023 and the Serious Disruption Regulations 2023.

Thanks to this authoritarian legislation, police can define almost any demonstration as “seriously disruptive” and impose restrictions on it. Peaceful tactics like locking on, tunnelling and even causing “serious annoyance” have been criminalised. New powers have been created to issue orders banning people from even attending protests.

There has also been a steep rise in the use of facial recognition technology in the policing of protest. This is despite the UK Court of Appeal concluding in 2020 that the legal framework in place at the time for this technology violated human rights.

Hundreds of protesters have been arrested. Some have received long custodial sentences and many prosecutions remain pending. Following his visit to the UK in January last year, the UN Special Rapporteur on Environmental Defenders warned that environmental activists face a “severe crackdown” due to the repressive legislative framework and introduction of new criminal charges.

Another proposal of major concern is youth diversion orders, which allow courts to deprive young people of some very basic rights without proof beyond reasonable doubt that the young person has engaged in criminal activity. The Home Office cynically paints this as an attempt to avoid ruining young people's lives through unnecessary criminal prosecution, but one suspects the true intention is to bypass due process. This represents an utterly despicable abuse of power, foisted upon young people whom the government rightly or wrongly deems 'radicalized'. If anything, it will merely empower radicalization of young Muslims by providing fuel for the argument that they are oppressed by a tyrannical western state.

Finally, new powers for police to conduct raids without a warrant in certain cases are sure to be abused, and potentially expanded in the future. While they will at first 'only' be used recover stolen items, assuming honest and lawful behavior by police, it is inevitable that the UK government will expand this remit over a period of time, per their usual playbook. Civil rights groups should be fighting this now, before it escalates.

For a better and more comprehensive write-up on these issues, see this substack commentary.

A comment on the Online Safety Act

Mu also wishes to comment on the Online Safety Act. This law, enacted in 2023 but coming into force in 2025, places onerous requirements on administrators of websites accessible to people located in the UK. This law inexplicably applies to the smallest of sites, not just those owned by major corporations, despite needing a team of lawyers to ensure compliance. Small websites have the option of operating in a legal grey area, ignoring the law entirely, or simply blocking UK IP addresses. This will no doubt funnel all users further into echo chambers on social media sites, reinforcing polarization of views on social and political issues. Mu has chosen to block UK users from its forum to avoid the Online Safety Act being weaponized against us, and this block includes the Member Support section where we may help those at risk of harmful behavior or extremism. The British public is being done a disservice by this latest round of regulatory overreach.

Summary

The Crime and Policing Bill is problematic for MAPs, young people, and the wider public who will eventually be targeted by similar attacks on their most basic of rights. Mu has contacted the Home Office seeking clarification on matters that are not entirely clear, but they ignored us entirely. We highly recommend securing your device, sharing this article with other MAPs, and being ready to engage in mass notification should you be a MAP subject to extreme notification requirements once this bill is enacted.

Feel free to discuss this article in its dedicated forum thread.