I would imagine that eventually you reach the Attorney General or equivalent person. They perhaps can provide an assurance that no prosecution would proceed under certain conditions. But even that would make one a trifle nervous.
There is no contract that they won’t prosecute. Indeed such a contract might have some interesting questions surrounding its legality even if someone wanted one.
Then there are strict liability laws. It isn’t impossible that some activities could fall under those.
In the USA I could imagine problems requiring dispensations from multiple levels of government, any of which might fail for various unforeseen reasons. Given the AG is a political appointment in most systems, and often a politician, a change of government could unravel assurances. Separation of judiciary and government might make for a strange set of problems.
All of which does suggest that unless the legislation includes explicit clauses for authorising circumstances where the law is not applied, you would not go near the problem.
Almost certainly, if you are in the US and are training an AI to identify CSAM, you will be working with, and using data from, NCMEC. For example, when Apple proposed scanning all photos for known CSAM, they were using NCMEC data to generate the fingerprints.
I work with private data from a variety of organizations and they all have special (and similar) rules describing how the data can be used, stored, and transported. None of it is anything like CSAM that would be illegal to posses, so the worst outcome of mishandling it is loss of use of the data, and potentially being fired.
This is speculation based purely on my experience with non-CSAM private data, and making a guess about what is reasonable. If your AI group and NCMEC decided to train an AI on CSAM, and you can’t do it on premises at NCMEC, because you need a datacenter full of GPUs to do the training, that it probably would be transported on an encrypted hard drive. So someone possessing the drive outside the work locations is a likely possibility. However transport might be something as mundane as FedEx, with the encryption key delivered separately. Strong enough encryption to prevent anyone from viewing the drive without the key is commonplace.
If, for some reason, the police raid the datacenter and arrest some sysadmins loading the the unlocked drive, it will get sorted out with lawyers and phone calls. The police calling NCMEC to report the huge stash of CSAM is going to be one of the first steps.
If someone is picked up with drive “just taking it home to do some work over the weekend,” it will probably end with jail time.
Though then the question is what legal status do the NCMEC have that means it is not illegal for them to store images that would be illegal for a random person to have in their possession? And what’s the legal mechanism that’s allows them to transfer that material to third parties (with suitable safeguards)?
This was a very real concern when we were engaged in computer forensics. As private investigators, we might be given authority to image an executive’s business computer in order to search it for evidence of inappropriate correspondence, financial fraud, theft of intellectual property, sexual harassment, etc. If we happened to stumble on “certain images and materials that shall not be named,” we would find ourselves in a very uncomfortable situation. Not only did we have copies of the materials, but we might be sharing them with other investigators and our clients. In essence, we could be distributing the material. Since we were conducting the investigation as a civil/internal matter, we had no defense that a LE agency might have. Furthermore, absolutely the last thing the client would want would be for us to go to a LE agency and make it a criminal matter. Stock prices are fickle things.
Our informal motto: “Don’t ask us to look if you’re not prepared for what we might find.”
That would be a law passed by Congress when they allocated money to setup NCMEC. When CSAM is discovered it needs to be reported to NCMEC’s CyberTipline, and then they work with the ICAC TaskForce to investigate.
I’m sure I have details wrong. Mostly I know about this from reports about what NCMEC could be doing better, and Apple using their database from a few years ago.