By John Q. Hosedrinker 
Physician David Edward-Ooi Poon faces 43 sex-crime charges following a Google tip flagging suspected child sexual abuse material uploaded to an account in his name. Toronto police allege that images depicting naked prepubescent girls and unconscious adult women, some in folders titled “Girls I Drugged And Raped,” were found on his electronic devices. While such tips are common, this case triggered a significant police response, leading to Poon’s arrest and the suspension of his medical licenses in Ontario and Saskatchewan. The investigation is ongoing, with police working to identify unknown victims listed in many of the charges.
Read the original article here
Authorities were tipped off to potentially illicit images stored within a Canadian doctor’s online account, with search warrants detailing disturbing discoveries. The investigation reportedly stemmed from Google flagging content within the doctor’s account, leading to a cascade of serious charges. Detectives have since laid dozens of additional charges, encompassing offenses such as the creation and possession of child pornography, sexual assault, voyeurism for a sexual purpose, and administering drugs to facilitate sexual assault.
The allegations paint a grim picture, suggesting the doctor was not merely in possession of existing child sexual abuse material (CSAM), which is abhorrent in itself, but was actively involved in its creation. Adding a particularly chilling layer to the case, one detective stated that a photograph examined, along with others, appeared to be stored in a folder on the doctor’s iPhone titled “Girls I Drugged And Raped.” The sheer bluntness of such a label, if accurate, is staggering and underscores the alleged severity of the crimes.
It’s a stark reminder of how common it is for internet providers and email services to be the source of reports leading to investigations. The technology employed for detecting and reporting such content is quite sophisticated. Essentially, when an image with a known digital fingerprint, or “hash value,” associated with CSAM is detected being uploaded or even downloaded, it triggers an alert. These hash values act like unique identifiers for images, and when a match is found in databases maintained by law enforcement and organizations like the National Center for Missing and Exploited Children (NCMEC), it sets off alarms.
This sophisticated system means that once a piece of CSAM is identified and its hash value cataloged, any subsequent upload or transfer of that same file across platforms that utilize these detection systems will be flagged. This is precisely how Google, and other cloud service providers, can identify and report such material. They employ teams dedicated to reviewing flagged content and reporting suspicious activity to the authorities. The system isn’t designed to scan everything indiscriminately, but rather to identify specific, known pieces of CSAM through these unique digital fingerprints.
The doctor’s case also brings to light a disturbing familial pattern. A footnote within the reporting indicates that his father had also faced charges for sexual assaults approximately 15 years prior. This individual, David Edward-Ooi Poon, should not be confused with his father, Edward Poon, who was convicted of two counts of sexual assault in Saskatchewan in 2010 and subsequently had his medical license revoked. Such revelations often lead to further investigation into potential victims.
The storage of such content in folders with overtly incriminating names, like the alleged “Girls I Drugged And Raped” folder, might seem almost unbelievably brazen. It’s reminiscent of other infamous cases where perpetrators have labeled folders containing illicit material in a disturbingly literal fashion, making their alleged crimes both easier to identify and more profoundly disturbing. This practice, while facilitating the work of investigators, highlights a profound lack of remorse or even a twisted sense of documentation by those involved.
It’s important to understand the mechanics behind these alerts. The reporting mechanism relies on files that have already been identified as CSAM. Think of it as a digital fingerprint for each image. When an image’s fingerprint matches a reported CSAM entry in a secure database, it’s flagged. This flagging process doesn’t necessarily reveal the content of other files in the account. However, a confirmed match is substantial enough evidence for law enforcement to obtain a search warrant, at which point a more comprehensive examination of the account can occur.
The technology involved, like PhotoDNA, is crucial. It creates a unique mathematical code, or hash, for an image. Even minor alterations to an image, such as resizing or changing its format, will typically result in the same hash value if the core image data remains the same. When a cloud service provider calculates the hash of an uploaded file and it matches a hash in the CSAM database, they are obligated to notify authorities. This system is designed to catch not only new instances of CSAM but also a significant amount of older, still-circulating material.
While the notion of “tagged” images might be a simplification, the underlying principle is sound. The detection system identifies files whose digital fingerprints match those of known CSAM. These matches are not arbitrary; they are based on extensive databases compiled by law enforcement and NCMEC. The flagging system is a critical first alert, allowing for investigations to confirm the nature of the content. It’s crucial to note that while the initial match is strong enough to warrant a search warrant, law enforcement conducts its own investigation to definitively confirm the findings. This ensures that false positives, though rare, are addressed. The efficiency and reach of these systems are key to intercepting and prosecuting those who create and distribute such harmful material.