In this episode of Forensic Fix, host Adam Firman speaks with Steven Ormston, a communications and community manager in the EU security domain. They discuss Stephen's career path, the importance of mental health in cybercrime investigations, and the role of EU funding in fostering international collaboration. The conversation also touches on the challenges of standardization in digital forensics, innovations from the For Mobile project, and future initiatives aimed at improving community engagement and addressing emerging threats like deepfakes. If you want to be sure you are up to date with the latest in DFIR, don’t miss an episode!
Stephen Ormston has a diverse background in management and communications within the security domain.
The Cyclops project focuses on the mental health and wellbeing of practitioners in cybercrime.
EU funding plays a crucial role in facilitating international collaboration on security initiatives.
Standardization in digital forensics can enhance efficiency but may also stifle innovation.
The For Mobile project produced significant innovations in mobile forensics and training.
Deepfakes present new challenges for law enforcement and require urgent attention.
Community engagement is essential for the success of security initiatives.
Practitioners need to be empowered to prioritize their own wellbeing.
Funding and resources are critical for sustaining long-term projects.
Building on previous foundations is key to driving future innovations.
Adam Firman (00:01.32)
So hello and welcome to episode 24 of Forensic Fix, a podcast brought to you from MSAB, where we talk with experts within the digital forensics investigations and related fields within the industry. So I'm your host, Adam Firman, and today I'm pleased to welcome Stephen Ormston to the show. Stephen has built his career from a diverse and varied background of experience to deliver value within the EU security domain.
He's an experienced communications and engagement manager, working to connect experts and facilitate improvements through pragmatic and practical solutions to complex problems. Since 2019, Stephen has been working within the European security domain, helping projects and initiatives design and implement communication strategies and actions to amplify their results and maximize impact. Currently, he is the communication and community manager at the
Polish platform for Homeland Security, PPHS, where he has successfully delivered numerous European research and innovation projects across a spectrum of security related topics. His work has included leader communication for projects such as Inletz, 4Mobile, iLead, Cyclops, 2PS, and many others. Now, Stephen, I've given our listeners a small insight into your journey and achievements.
For those who may not be familiar with your background or the work that you're currently doing, could you share some details about your career path? What inspired you to specialize in sort of the communication side within this security industry? And welcome to the show.
Steven Ormston - PPHS (01:42.802)
Thank you, Adam. Yeah, so firstly, just it's a pleasure to be here and to share some insights into our work. And I really appreciate your welcoming us. Yeah, so my background is very varied, as you've highlighted, I've taken a few twists and turns along the way, but the common theme has been in project management, contract management, dealing with people on a variety of topics. And I've also had an opportunity to work within businesses.
almost as a business analyst or improvement, delivering change across organizations. And when you are in those different ecosystems, you quite quickly see that there are very many shared processes, operational requirements that connect industries from one domain to the other. For example, you've got every business will have some form of account management, HR, and so people management.
internal communications, external communications, et cetera. So I think that's allowed me to move between a few different industries, but still share some sort of common understanding of the overall role of that business or organization is trying to serve its community. So I didn't have a background in security. However, I was previously working for a software development company, working with an enterprise service management suite with a variety of organizations.
And there were so many common links between that role and the law enforcement domain. Just one of those perhaps being the type of stakeholders I was engaging. So previously I was responsible for connecting the technical teams, the development teams who were working on delivery with the client, the end user. And a requirement there was to sort of translate the discussion and the needs between those different members, because one was sort of talking in technical language, like
what the system would actually deliver. And the other was talking about what they need and the problems that they're trying to solve. And sometimes they don't perfectly align. So I suppose without having a deep understanding of the technical topics, it was to try to understand the foundational information that would help us build solutions that would answer the challenges of the customer.
Adam Firman (04:02.602)
So that's really one of the skill sets is heavily focused for people involved in digital forensics example, for example, because when they present their evidence, that's exactly what they have to do. So you have to turn technical explanations into an understandable format, because if you've got two parties and they're looking at the same item or the same discussion point, but one calls it a and the other person calls it B, a sort of being that conduit between the two, isn't it?
Steven Ormston - PPHS (04:30.478)
Yeah, a hundred percent. And I really enjoyed that transition. So it's a funny story that my boss often sort of tells people when we meet them for the first time. I didn't actually really want the job when I first went for the interview because I didn't have that experience in the security domain. However, he's very persuasive and he convinced me just to sort of trial it. It coincided with me leaving another position. So it was a perfect opportunity. And I thought, okay, I'll go with an open mind.
And quite quickly found that there were many things that I sort of learned and experienced in years previous that would serve me well and allowed me to understand the domain quite quickly, which was really refreshing because I suppose that was potentially one of the things that was putting me off that I didn't want to go in and sort of be so far behind the pack that you're struggling to keep up. But there were obviously topics that I didn't understand and there are many, many topics that I don't understand, but
Adam Firman (05:21.513)
Yeah.
Steven Ormston - PPHS (05:29.792)
Like the foundational knowledge that I had was enough for me to, so I hit the ground running, so to speak, and, and make some impact. would like to think in the initiatives where I was working and nothing's changed because we actually, as an organization tackle a variety of topics as they emerge. So we're sort of really responding to the landscape and how the security systems and ecosystem is, is moving forward with technology.
legislative changes, the way that people are sort of dealing with their lives, et cetera. So we never know what's on the horizon and we have to adapt and respond accordingly. So I suppose even though I've been there for six years, I'm still in the same position. A new project can start. In fact, we're just about to start a topic about post quantum cryptography. As you might assume, I don't know a great deal about that topic, but
Thankfully, there are experts that are within that initiative that do. the requirements of sort of trying to digest that, make it understandable for external stakeholders, emphasize what's in it for them, how they can benefit from the projects, the way that we can connect relevant researchers and organizations, institutions to cooperate and collaborate for the common goal is the same as it would be if the topic was perhaps a little bit easier to perhaps.
first understand.
Adam Firman (06:59.612)
And it's really great that you touched on that this world changes daily and we have to adapt to those changes. It's one of the things that hooked me into this industry and no day is the same. And you may have figured a puzzle out on Monday, but by Friday, the puzzle pieces have changed. And that's what keeps people coming back in this industry and the mission of why we do it, which is to preserve, keep people safe.
So the mission is along with those challenges of what get people hooked into this industry and really people want to help make the change and sort of meet that. So it's really good to hear that that sort of drew you in as well and got you on the hook. And our paths really cross because of one of the projects that you've worked on. And that was Cyclops, which is still running project. And it was around sort of you were holding a
conference and it was about the mental health and well-being of people within this space because of what they're exposed to. Can you give some insight into Cyclops and you recently held an event in Berlin. Can you tell us sort of some of what's been discussed, what projects are going forward and just to sort of reassure the listeners that people are aware of what they're seeing going through and there's steps being done to help
sort of tackle and break that sort of pattern of people being ignored.
Steven Ormston - PPHS (08:31.886)
Yeah, definitely. Perhaps first I'll just sort of address the elephant in the room, as listeners can hear, I'm not Polish. I work for a Polish organization, but I'm British. And the organization PPHS, although it sounds very much like the law enforcement agency, we're not. We're an NGO that cooperates very closely with the Polish police and other security actors within Poland, but also right across Europe. So for the last decade, they've been working
predominantly in EU funded initiatives, which is the reason why I got involved back in 2019. And as an organization, we look to address variety of topics as we've already highlighted. And one of those is cybercrime, which is the project that you've referenced. It's coordinated by us. There's a debate even after five years, it's cyclops or cyclopes. Listeners can decide. But the initiative itself is a...
something called a community support action. So it's essentially a network of practitioners. There's a variety of different activities that we address during the initiative, but to keep it simple, we essentially work with practitioners from different areas of cyber related crime to understand their requirements, their gaps, their needs in specific topics. And then we digest those and then we share them with the European Commission and relevant organizations across Europe.
to hopefully make some progress and team up with organizations and associations that could take maybe some of the low hanging fruit to deliver value to the practitioners now, and then hopefully influence future research and actions that would help to drive sort of medium and long-term change. So back in, I think it was June, we had a workshop in Munich dedicated to the wellbeing of digital forensic investigators. So that workshop,
followed a fairly common model that we've used throughout the project where we have practitioners representing different countries who meet and we go through a variety of questions and discussion points to help elicit their requirements and those gaps. They're essentially over sort of large areas of people, so personnel, organization, technology, legal topics and processes.
Steven Ormston - PPHS (10:58.046)
And this was dedicated to the welfare and well-being of DfIs, but it became clear very quickly in the preparation for the workshop and then also in the workshop itself that many of the topics, probably unsurprisingly, are horizontal, they're cross-cutting. So what's relevant to a DFI is just as relevant to someone who's working in an investigation tackling child sexual abuse or organized crime, terrorism topics, et cetera.
Likewise, anyone who's working in the third sector, in charitable organizations that are addressing images of child sexual abuse and exploitation, extreme neglect, someone who's exposed to road traffic accidents, essentially anything where there is a level of distress within the content that you're seeing or you're exposed to in your working environment would obviously leave someone more vulnerable to some well-being challenges.
And that was sort of my understanding of it going in. But actually what we also highlighted through the discussions was that we shouldn't assume that that is like the key issue. Actually, people who become very resilient, understandably, when they're exposed to that level of content and that environment over a period of time, I suppose they develop muscles that allow them to deal with all those things that they're exposed to.
But there are other things that perhaps we're less aware of or perhaps less cognizant of, which is around the volume of work that they have or the processes that are deployed within an agency or an organization in relation to their role within a specific investigation. For example, they might not find out about the impact of their work. So they're putting in a lot of hours, they've shown dedication and hard work. Exactly.
Adam Firman (12:55.018)
may have received no closure.
Steven Ormston - PPHS (12:58.138)
What sort of impact does that have on the individual? there were many aspects like this. So from the workshop, we took the findings from the practitioners who kindly shared their experiences and their knowledge. And we helped to prepare the report, as I've mentioned. just somewhat coincidentally, at the same time, within another project that our organization was coordinating, tackling
the prevention of child sexual abuse, we had a training module which was about the wellbeing and welfare of practitioners that are investigating or involved in dealing with crimes of that nature. And that project was coming to a close. We wanted to make sure that we could inform people of the training that was developed. because of it sort of coincided with the preparation of that workshop, we thought what we could do is maybe combine efforts and prepare
a training activity for this project, 2PS, the Prevent and Protect Through Support Initiative, which is also an EU funded project, and the Cyclops projects work. And we did that just by coincidence also in Germany. It was in Berlin, as you've highlighted. And the topic was dedicated to the welfare and well-being of anyone, essentially, that was exposed to these harmful environments and situations.
it had its roots in that workshop. So that was the foundation for the event. And it was a one and a half day session where we tried to connect different actors from within the ecosystem that would provide different viewpoints, all, I suppose, essentially providing increased value within the space. So specifically looking at strategic change, the leadership that's required to drive
organisation-wide change and then also empowering the practitioners who are responsible for the daily work to make sure that they're aware of any biological manifestation of stress and so that they could better take care of themselves and put themselves in a safer environment. So hopefully bringing those two worlds together would result in positive change for the organisations and for the individuals.
Adam Firman (15:23.69)
How can, obviously we've mentioned a lot of this is EU funded, can people globally sort of take part and get involved with these sort of initiatives?
Steven Ormston - PPHS (15:36.365)
Yes. So firstly, in the UK, which where we're both currently living, UK actually, even after Brexit, is still part of something called Horizon, which is the European Union's flagship funding mechanism. So I'm glad to say that I work daily with partners based in the UK who cooperate closely with the European security practitioners and those contributing to the ecosystem on these Horizon funded projects.
There are many other sort of smaller frameworks that the UK doesn't participate in, but can still contribute to certain events and activities. There isn't an easy question, sorry, an easy answer to the question whether other organizations can contribute because it depends on the nature of the project. So I say broadly, yes, but it depends on the specific sort of situation or scenario that's being addressed and how that works just to
to really give a very quick overview is that the European Commission will release essentially requests for proposals where they outline a topic, an issue that they're facing, a challenge that they want addressing, and then they invite organizations to prepare a proposal, a concept that could potentially get funded to deliver the work. And the stipulations of those individual calls would dictate whether organizations from
further afield can contribute. Personally, I've worked with colleagues from America, Canada, Australia, New Zealand, who have participated in these actions, either as associated partners, where they don't actually get paid for the work, but they're contributing because it's of interest and a priority for their organization, their nation, and also members of advisory boards where individuals with well established
sort of good practices would contribute with their knowledge to help move an initiative forward. And then there are circumstances where those partners can even receive funding to participate. So for anyone who's working in the security domain, who has an interest in improving the response to various forms of crime, the Horizon and the funding and tenders portal that the European Union provides,
Steven Ormston - PPHS (18:00.82)
is a really good starting point to understand what's going on, the strategic direction that things are going in, and then they can drill down into the specific calls to understand if there's a possibility for them to take part.
Adam Firman (18:14.312)
And that's what this is all about. And it's about being a community and sort of stopping the silo way of working, which like you indicated, we both live and reside in the UK where we're made up of many different police forces, all who which work completely differently. And even communication between those on a fairly tiny island compared to the rest of the globe struggle to
break down those silos. So these sort of projects help that, don't they?
Steven Ormston - PPHS (18:47.718)
definitely. And in fact, going back to the first question you asked about my previous work, it's the same in businesses. can imagine like global organizations that have thousands of employees. It's not uncommon for HR never to speak to the sales team or the marketing department or the order management team, et cetera. So that was some of the common issues that we were dealing with in that environment, like breaking down these silos.
trying to take fragmented organizations to work more together as a collaborative unit towards the common goal of that organization. So if that's an issue within a business, just one organization, just imagine what it's like within a whole domain or country or internationally. It's a huge issue and I don't think there is a silver bullet. It's never going to be resolved as such. It's more of a journey of moving in the right direction.
Adam Firman (19:32.061)
Yeah.
Steven Ormston - PPHS (19:45.817)
towards more collaboration, more cooperation, better sharing of information, et cetera. But I suppose you don't want to try to get rid of all duplication of effort, et cetera, because then you would be running a system that would probably stifle innovation, stifle new ideas, et cetera. I suppose it's trying to manage how that is done in the most effective way, trying to reduce and minimize waste.
while still being efficient and moving forward in sort of the positive direction that you're trying to.
Adam Firman (20:21.49)
And some of your wording you've just used, and I'm gonna throw this to you now, Stephen, and I didn't include this as a disclosed question. So this may catch you, but when you said about stifling innovation, that automatically led my brain from a UK perspective to look at ISO 17025. And that was being brought in when I was still a police officer in a forensic lab. And we're constantly seeing within this industry the amount of
money that's been invested by different police jurisdictions that they've invested in quality managers completing their standard operating procedures and defining a strategy for dealing with a electronic device. But as we spoke at the start, this industry doesn't stand still. So what one operating procedure might have worked to deal with an iPhone 10 at the time is completely changed six months
one year, two years down the line. But what happens is organizations have invested so much money into these operating procedures, into training users, that they then can't turn to a different tool that then stifles innovation. Has any of the projects you've been working with had any involvement with ISO and sort of those standards?
Steven Ormston - PPHS (21:40.951)
Yeah, we try to approach standardization as a horizontal topic in most actions because as you've said, standardizing the way that you work can make things more efficient, but also if you do it incorrectly, it can actually make things significantly inefficient.
Just a couple of points maybe to rattle through here. Within a project called 4Mobile where MSAB and PPHS actually cooperated and it was our first interaction as sort of individuals I believe and also working as teams, that was back in 2019. Within that project, it was dedicated to mobile forensics. So a specific niche of the forensic domain and digital forensics more broadly.
And we addressed this through something called a SENSENELIC workshop agreement, which is essentially the forerunner to a new standard. And the rationale behind taking that approach was because ISO 17025 and others that are maybe similar and were utilized in certain circles, to put it politely, didn't perhaps represent the needs of practitioners in that working environment. So what could we do to make that more efficient?
And that project developed this workshop agreement, which was a brilliant exercise that brought together a variety of people from different backgrounds with different skill sets, competitors. So MSAB was contributing with Magnet Forensics, I believe Cellbright also participated in these discussions because everyone could understand that you're working towards a common goal. So within that initiative, there was a recommendation actually for the found
Steven Ormston - PPHS (23:31.599)
Let me remember this correctly. was a recommendation for an EU sort of testing body, essentially, that would help to validate digital forensic tools because of the issue you've just highlighted. Because in the UK, believe there are 43 different police forces plus a couple of other agencies that are working at a national level. So 45 plus a couple of different groups. That's just in the UK alone. Never mind across
Europe and the world. if each individual agency has a requirement to test and validate the tools that they're using for forensic evidence, that's obviously a lot of duplication. And there was a recommendation within that Send Sendalock workshop agreement to create this EU body. And just by sheer coincidence, people probably think we've set this up, but we didn't. Just last week, I was in Poland for an event.
through the Cyclops project, which was actually looking at this, like dealing with digital evidence and validating that evidence, particularly considering the different tools and technologies that are coming into operational use through with law enforcement, the rise of AI, et cetera. And that was probably the key takeaway is that capacity is always an issue. So people are under-resourced, have underskilled teams and they need
to also validate the tools that they're working on, ideally should validate the tools that they're working with to gather digital evidence, how to do that. And I still believe that that recommendation for a common body, a common association that could support all of those individual agencies to work with an agreed set of tools or a framework for agreeing on those set of tools and practices would help to...
reduce the wastage across, across Europe. But you're right, you? Because of the effort that people put in on the processes, sometimes you kind of want to defend the systems and the methodologies that they've put in place. And that's, that's a really challenging discussion to have internally within an organization is when do you sort of pull the plug, so to speak, on a, on an activity.
Adam Firman (25:53.163)
And you're 100 % correct because there's like the example you quoted 43 normal police forces in the UK or with their own set of ISO standards and operating procedures. So say if they use the mainstream tools of MSAB, cellbrights and magnets, that's 43 different validations that have been carried out at a considerable cost to the taxpayer in the UK. And then you
Think of that in a bigger region, Europe, North America, for example. Surely it would make sense for that testing to be done in one sort of larger department to then say, you're now safe to use this version of software 12. It's been validated by us. No duplication and a far simpler process and easier for the end users to adopt.
Steven Ormston - PPHS (26:45.868)
Yeah, absolutely. However, it wouldn't surprise me even if that organization existed, that there would still be a requirement on a national level to validate it as well, because I suppose it's about the sovereignty of the processes that you're dealing with. So even within an organization that cooperates within a framework like that, they might feel it necessary to still validate, but it could perhaps be done.
in a more efficient way, because I agree with you. It just doesn't make sense logically or from a time perspective. I suppose a utopian environment would also, that would help the tool providers like MSAB and the likes who are looking to develop innovations because it would give them parameters to work within as well. It would potentially drive innovation.
a quick, it would accelerate the innovation because it would allow them to deploy within a safe set of parameters that they know can be sort of absorbed, so to speak, by the different agencies. yeah, fingers crossed that we can work towards that as a goal.
Adam Firman (28:05.64)
And a lot of people listening will be praying right now that these words turn into, but I want to go back to the full mobile project. Cause like you say, there was a lot of people involved MSAP and our competition and my actual birth of being on podcasts was because of the full mobile projects. So myself and very good friend of mine, Phil Cobly, we were funded through the full mobile project to run a podcast called chill and the fat, which is where I started getting into podcasts. And so
Steven Ormston - PPHS (28:08.654)
Thank
Adam Firman (28:35.508)
For mobile project, I was aware one of my colleagues in research was looking into mobile RAM, for example, and sort of what can be discovered in that space. Can you share some details around some of the innovation that come out of the full mobile project and sort of, because I've heard rumors that that might be coming back as full mobile too. Yeah.
Steven Ormston - PPHS (28:59.158)
Yeah. So I'll have to go into the memory bank to bring up some of these outputs because it was a few years ago that it concluded, but you're right. It was a great initiative that was funded for three years. Partners from across Europe, roughly around 20 different partners cooperating on common goals, which were developing tools, training and
the standard that I just highlighted or the foreigner to that standard. And of course we were doing other activities along the way as well, that sort of fed into those three key objectives. And many of the results sort of were implemented immediately because MSAB was a partner from a technology perspective. So some of the tools were just essentially absorbed as improvements into the portfolio of technology that MSAB delivers.
Now, I know reflecting back that there were some people that questioned like whether or not that that's fair that a particular technology provider has that capacity. But as I mentioned a few minutes ago, all different organizations can participate and contribute to these research projects, European ones, and also others further afield. So it's an open call that allows different companies and organizations to take part in these initiatives.
Adam Firman (30:20.233)
Yeah.
Steven Ormston - PPHS (30:26.55)
I joined actually just as the project was getting off the ground, but the proposal, et cetera, had been done prior to that. So there were also standalone tools that were delivered as open source, which allowed practitioners to deploy those on the systems that they were using. And they were free of charge. And believe at least one of those tools, if not two of them, were also part of the Europol tool repository.
that law enforcement has access to or law enforcement within Europe has access to for free tools that can support them in their operational work. So from a technology perspective, it was really successful. And I think as a model, it works really well when you have a technology provider that can take care of that sort of last mile development activity that is so challenging within the research domain. Take something from sort of technology readiness level seven or eight, which essentially means that it's sort of...
ready for being tested in the law enforcement environment to then implement that as an operationally ready tool that is fully supported with documentation, et cetera. So that was really useful. There was also a or a curricula that was created with different training initiatives to increase the capacity and capability of practitioners within the forensic space. And that was very,
rewarding to take part in, but also it was a key output that was utilized by organizations across Europe and also further afield. So I'm happy to say that the training was fed into Interpol and also the European training, cybercrime training and education group, ECTEC in Europe and made available to C-POL as well, the training provider within the European Union. So there were
Yeah, those three, sort of that three pronged approach of training standards and tools was the direction of travel for that particular project. And I'm biased because I took part, but I really think that it was a valuable initiative and we've received lots of positive feedback from practitioners across Europe who participated, contributed, but also were it's able to benefit from those outputs.
Adam Firman (32:47.41)
And was the file format handbook was also created as well, wasn't it? As part of Formobile, if I remember correctly.
Steven Ormston - PPHS (32:56.098)
Was that the case ontology that you're?
Adam Firman (32:59.498)
Yeah, I think it was all about the different file formats that forensic examiners can come across. I remember the colleague who I did the podcast with, he was working on the round database section. what was really, even though at the time Phil worked for MSAB, he worked a lot with the Dutch Institute. And so sort of liaison and sort of showing how that communication and collaboration works. And it worked really well.
Steven Ormston - PPHS (33:25.878)
Yeah, yeah, you're right. think you're refreshing my memory that there was a paper that was released right at the end of the initiative that was a collaborative piece of work between I think the NFI, Hochschule mit Weide, a university in Germany who was the coordinator of the project and several other experts and organizations that worked on this file format handbook. So yeah, you're right. That was an output of the initiative.
Adam Firman (33:53.395)
And I will in the show notes link to all of the projects that you've been involved with as well. is there anything that you want to advertise going forward that you've got coming up? And we were a little bit late recording this podcast because we'd hoped to have gone out before the event has just passed. But have you got anything coming up that you'd like people to get involved with?
Steven Ormston - PPHS (34:16.278)
Yeah, so the Cyclops project that I've mentioned that is concluding next April, we actually have the last practitioners workshop planned for November of this year. It will take place in Malta at the Malta police force, which is one of the project partners. And this is addressing some of the sort of strategic aspects of responding to cyber related crimes. So it's a good way to end the practitioner exercises within the project.
And then next year we'll have a dissemination event that will essentially be the culmination of all of the activities within the project. But we'll also cooperate with associations and organizations within the European ecosystem to help amplify their work. And similarly, we'll be hoping that they can sort of share our good work across their network. So that will be, I think also in Malta, that's the plan as it's a central location for people to.
to get to, has good access links. And the, as I mentioned, the Maltese police force were a formal partners of the initiative. And that will be a really useful event for people to come and understand specifically what the project did, what the outputs are, but also hopefully as a nice segue into some of the actions that are continuing that people can follow and learn from in the months and years to come.
Similarly, we're also working on a, we're always on new projects. That's I suppose the lion's share of our work. So I personally just got involved in the detector project, which is looking at deep fakes and synthetic media, which I think is frightening as well. In fact, to be honest, like from a technical perspective, it's unbelievable what we can do, but yeah, the consequences of that.
Adam Firman (35:57.073)
is huge isn't it? Yeah.
Steven Ormston - PPHS (36:09.102)
for society and for law enforcement to deal with the volume of materials, the volume of noise within investigations, but also identifying what's real, what's not, is a real critical issue for sort of proving someone's...
Adam Firman (36:25.962)
because I sort of go back to my early days in digital forensics and when most of sort of offenses for CSAM and things occurred on computers. And it was always difficult with computers because you had to put the suspect or a subject in the chair. That was the hard part. It was proving who was sat and sort of using that system. With phones, it became a little bit clearer because generally they're in people's pockets and
They're very much biometric and things like that. Deepfakes brings this back of putting somebody is proving that they have awareness, is it first generation? And it also leads potentially perpetrators to think that there's no real victim because it's AI driven. So there's been no one victimized, but yeah, it's a real sort of troubling area.
Steven Ormston - PPHS (37:19.486)
definitely. just to pick up on one of those points. So that's something that we've heard previously in relation to child sexual abuse material, there isn't a victim, it's a victimless crime if there's AI generated material. But actually it couldn't be further from the truth because those sort of images, the media are created from training sets that have to have had some form of child sexual abuse material within them.
for that material to be created in the first place, which obviously is significantly harmful for the people that unfortunately were abused in those situations. And that's an issue that needs to be addressed with legislation as well to make sure that the models that are creating these materials are made illegal and that people can't create these materials so freely. But yeah, you're right that it...
There are so many different areas where it's interesting, but as I mentioned, it's also frightening to think of what we have to contend with. And will it create biases as well where so aware of plethora of fake media out there that it becomes difficult to actually believe other media. There was a good example. I took part in a webinar the other day.
Adam Firman (38:40.703)
Yeah.
Steven Ormston - PPHS (38:45.814)
And it was showing an image of some camels on the dunes of the Netherlands and asking, is this image real or fake? In fact, it was real because there was a circus in town and that's where the camels were living for that period. But because of the context, you would naturally assume that it was fake. However, there was then another image that was created that was of the same environment, but with a sort of another overlay that had been
created synthetically. So it's so easily to modify these, this environment. So there are many different sort of vectors where this could be exploited, but hopefully we'll be creating some progress, raising awareness of some of these topics and also working with the researchers to help identify the media that is sort of, has been perhaps adapted.
not necessarily, it's not just like a red or green answer, is this real or fake, you know, because things can be modified or adjusted, etc. So, yeah, that's one of the topics that we're addressing. And I'd really like to sort of underline the importance of the point that we were making before about the well-being and welfare of people working in these harmful roles. So just yesterday, I shared with some colleagues internally the
Adam Firman (39:43.102)
Yeah.
Steven Ormston - PPHS (40:12.044)
sort findings, the key points from the meeting that we had in Berlin. And we'll be looking to disseminate that shortly with the different organizations that are relevant in this space. But also, as I mentioned, we need to empower the practitioners themselves to feel more knowledgeable and aware of sort of their own welfare, their own health, so they can take steps to improve that while simultaneously looking to drive
operational and strategic change that can filter down into an organization. encourage any practitioners in this space to sort of follow the Cyclops project, PPHS as well. They can sign up to our newsletter. We'll be sharing information of that moving forward and any ideas or opportunities where we can progress that because unfortunately, like in most walks of life, everything comes back down to funding and what's possible with the resources we have.
Adam Firman (41:07.049)
Yeah.
Steven Ormston - PPHS (41:09.546)
Naturally, every project has a finite life cycle. So once those funds start to come to an end, we're looking to see how we can move things forward and keep things connected, not just going after the next shiny thing. It's about trying to link these initiatives together to sort of work towards a broader value chain that delivers lasting change rather than just doing lots of different things in a disconnected way.
Adam Firman (41:36.33)
And with the participation, then you're sort of helping to drive where it goes forward, isn't it?
Steven Ormston - PPHS (41:44.675)
Yeah, without doubt. We work with colleagues across the EU to sort of support legislation and regulation changes, also stimulate future research and ideas that need addressing through new projects, new activities, and hopefully more sort of sustainable models that can be put in place, not just project-based, because in fact, to deliver lasting change, you really need to have
Adam Firman (41:58.346)
you
Steven Ormston - PPHS (42:14.144)
a vehicle that can take things further. So in an ideal world, and this is more my personal opinion, rather than the organizations, but let's say a strategy is implemented to deliver strategic change on a given topic. And that's going to come down from the European Commission and it's going to be put in place through a variety of initiatives. Ideally, those should be linked together in a sort of a portfolio of works.
Adam Firman (42:17.396)
Yeah.
Steven Ormston - PPHS (42:43.434)
as you might be familiar with in sort of software development, where you would have those individual projects working towards a common goal or a common direction. So that when those projects are implemented, the outputs feed in to that portfolio of change. And that's something that I think we can do better and to make the initiatives themselves a bit more efficient, because the worst thing for anyone in these environments is to work on something and for it then to go onto a shelf.
Adam Firman (42:58.27)
Yeah.
Steven Ormston - PPHS (43:13.443)
to gather dust and not be used. It's important that we sort of build on the foundations of projects that have come previously and also look towards the future for what's required to advance the space.
Adam Firman (43:25.716)
Yeah, that's amazing, Stephen. And thank you so much for joining us today. I'm sure our listeners will have found what the projects and the initiatives that you've been part of inspiring and your work has connected communities, amplified research and helped bring innovation to this industry. And for anyone who would like to connect with you, I will link to your LinkedIn on the show notes so they can reach out and discuss.
Projects potential projects ideas and I'll also link out to all of the the projects that we've discussed today But I just want to say again Thank you once again for coming on Stephen and then hopefully I'll catch you at the next initiative very soon
Steven Ormston - PPHS (44:08.504)
Yeah, thank you very much, Adam, and to those that have connected. please feel free to connect. Sorry if anything that I've shared has not been articulated that well, but I've tried to at least simplify it to be as understandable as possible. But if anyone does have any questions, yeah, please reach out. And once again, thanks for the opportunity.
Adam Firman (44:27.368)
No problem. Thank you, Stephen.
Steven Ormston - PPHS (44:29.475)
Take care.