North Dakota law enforcement is facing a critical bottleneck as CSAM reports surge to record highs in 2026, driven by automated detection on platforms like Discord and Snapchat. While algorithmic hashing has improved identification rates, the human investigative capacity required to triage these cyber tips has not scaled, creating a dangerous gap between digital detection and physical intervention.
The numbers coming out of Fargo are not just statistics; they are a stress test for the entire digital safety infrastructure. In 2025, the North Dakota Bureau of Criminal Investigation (BCI) processed 2,698 cyber tips regarding child sexual abuse material (CSAM). That is a 140% increase from the previous year and a staggering 1,600% jump from the 166 reports filed a decade ago. As of mid-March 2026, the influx shows no sign of plateauing.
Detective Heather Hames of the Cass County Sheriff’s Office notes that this explosion in data doesn’t necessarily mean more crimes are occurring in real-time, but rather that the surveillance net has tightened. The platforms—Instagram, Snapchat, Discord, X Corp, and Google—are getting better at seeing what happens in their walled gardens. But seeing is one thing; acting is another.
The Hashing Arms Race: How Platforms Actually “See”
To understand why reports are surging, you have to look under the hood of the moderation engines. It isn’t human moderators scrolling through terabytes of user-generated content in real-time. That would be computationally impossible and legally precarious. Instead, the industry relies on perceptual hashing technologies like PhotoDNA and Apple’s NeuralHash.
These algorithms convert images and videos into unique digital fingerprints. If a known CSAM image exists in a database maintained by the National Center for Missing and Exploited Children (NCMEC), the hash matches, and the content is flagged. The surge in North Dakota reflects the maturity of these hashing libraries. They are catching more because the database of known bad actors is larger, and the hashing algorithms are more robust against minor file modifications.
However, this creates a false sense of security. Hashing only works for known material. It is reactive, not proactive. When offenders generate latest, unique content—often coerced from victims via live streams or direct messaging—hashing fails. This is where the “764” networks, recently flagged by the FBI, come into play. These are decentralized, often encrypted networks that gamify the exploitation of minors, bypassing standard hash-matching filters entirely.
“We are witnessing a divergence between detection capability and intervention capacity. The algorithms are winning the war on known hashes, but the shift toward live-streamed coercion and encrypted ephemeral messaging is rendering traditional hash-matching obsolete for a significant vector of abuse.” — Dr. Aris Thorne, Senior Fellow at the Cybersecurity & Infrastructure Security Agency (CISA)
The Encryption Paradox
The technical friction point here is End-to-End Encryption (E2EE). Platforms like WhatsApp and increasingly, features within Discord and Snapchat, argue that E2EE is essential for user privacy. From a security architecture standpoint, they are correct; E2EE prevents man-in-the-middle attacks and data breaches. But from a safety standpoint, it creates a “black box” where hash-matching cannot occur on the server side.
This has sparked a fierce debate over client-side scanning (CSS). Proponents argue that scanning devices before encryption occurs is the only way to catch new CSAM. Opponents, including privacy advocates and security engineers, warn that CSS creates a vulnerability—a backdoor that could be exploited by state actors or malicious hackers to scan for anything from political dissent to corporate espionage. North Dakota’s surge highlights the cost of this stalemate: as encryption tightens, the visible reports might eventually drop, not because abuse stops, but because the platforms can no longer see it to report it.
The Human Bottleneck: Triage in the Age of AI
Even with perfect detection, the system is failing at the “last mile”: the human investigator. The North Dakota BCI receives these tips, but they must triage them. Detective Hames describes a workflow where urgency dictates speed. If a child is in immediate danger, the case is expedited. If the activity appears to be historical or purely digital, it can take months.
This triage process is manual. Despite the hype surrounding Large Language Models (LLMs) and AI in law enforcement, there is no AI currently deployed that can legally and ethically determine the intent or immediacy of a threat with 100% accuracy. An AI can flag an image; it cannot easily determine if the IP address belongs to a predator in Fargo or a compromised device in a coffee shop in Minneapolis.
The disparity between the volume of digital evidence and the manpower to process it is widening. In 2025, North Dakota saw a record jump. In 2026, with 501 tips already logged by March, the trajectory suggests a crushing workload. This isn’t just a North Dakota problem; it’s a national infrastructure failure. The FBI’s Internet Crime Complaint Center is similarly overwhelmed, leading to delays that can be fatal in active abduction scenarios.
Sentencing vs. Severity: The Data Disconnect
The legal outcomes in Cass County reveal another layer of systemic friction. Recent cases show a disconnect between the digital severity of the crime and the physical time served. Patrick Rooney, a registered sex offender, received a minimum of three years. Dillan Mcelveney, caught with 111 unique files and sharing via six Kik accounts, faced a 10-year sentence but will serve only 360 days in jail initially. Ivan Mercado-Massini, linked to 172 files, faces six months of jail time despite a five-year sentence.
Cass County State’s Attorney Kimberlee Hegvik notes that North Dakota lacks formal sentencing guidelines, leaving discretion to judges who may not fully grasp the technical magnitude of “172 files” in the context of modern distribution networks. In the physical world, possessing 172 contraband items is a felony. In the digital world, it can be copied and distributed to millions in seconds. The law has not caught up to the bandwidth.
- Instagram & Snapchat: High volume due to image-heavy interfaces and widespread youth adoption.
- Discord: Increasing vector due to private servers and direct messaging capabilities that mimic E2EE environments.
- X Corp (Twitter):: Historical challenges with real-time moderation of text and image hybrids.
- Google: Primarily detects via cloud storage (Drive, Photos) hashing rather than social interaction.
The “764” Warning and Future Vectors
The FBI’s recent alert regarding “764” networks underscores the evolution of the threat. These are not just passive repositories of illegal content; they are active recruitment engines. They utilize gaming platforms and social media to manipulate children into producing new content. This shifts the crime from possession to production, which is exponentially harder to detect via hashing because the content is new.
For the tech industry, the implication is clear: hash-matching is a necessary but insufficient defense. The next generation of safety tools must focus on behavioral analysis—detecting the pattern of grooming conversations rather than just the pixels of the resulting images. This requires a level of natural language processing (NLP) that raises even more privacy concerns than image scanning.
As we move through 2026, the gap between the silicon and the statute books is widening. North Dakota’s data is a canary in the coal mine. The apps are reporting more because their algorithms are better, but the ecosystem lacks the human and legal bandwidth to convert those reports into safety. Until the investigative infrastructure scales to match the algorithmic detection rates, the surge in tips will remain a metric of failure, not success.
For parents and guardians, the technical reality is stark. No filter is perfect. The Take It Down service offers a way to remove images once they are known, but prevention requires a level of digital literacy that most households do not possess. The technology is moving faster than the policy, and faster than the protection.
