Government // Cybersecurity
News
2/27/2014
03:14 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

British Spies Capture Yahoo Webcam Images

UK agency's effort to collect facial images via Yahoo chat sessions brings in too many other body parts.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(Click image for larger view.)

The Five Eyes, a term used to describe the transnational intelligence-gathering alliance between Australia, Canada, New Zealand, the UK, and the US, would be more aptly named the Million Eyes, to reflect more accurately the agencies' ability to access webcam communications.

The UK's GCHQ intelligence service, with the help of the NSA, reportedly grabbed snapshots from millions of Yahoo users' webcam chat sessions in recent years, about 7% of which contained "undesirable nudity."

On Thursday, based on documents provided by whistleblower Edward Snowden, The Guardian published details about an intelligence-gathering program called Optic Nerve, which began in 2008 and continued at least through 2012, designed to test facial recognition technology and to identify persons of interest.

[Should Google Glass users learn self-defense? Read Google Glass Prompts Attack, Woman Claims.]

Optic Nerve is said to collect information from GCHQ's Internet cable taps and to route that data to the NSA's XKeyscore search program. Rather than collecting the full video stream, the program reportedly collects still images every five minutes.

According to the report, GCHQ collected 1.8 million images from Yahoo users' webcam chat sessions in a six-month period during 2008. Many of these images are said to be sexually explicit -- 7.1%, with a 3.7% margin of error.

"Unfortunately, there are issues with undesirable images within the data," one of the excepted documents posted by The Guardian reads. "It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."

Rather than taking steps to avoid capturing such images, GCHQ is said to have made an effort to exclude images from its searches when its software does not find any facial features. However, according to The Guardian, the agency's explicit imagery detection system generates too many false positives by identifying people's faces as pornographic.

What's more, such policies may be unsustainable now that the agency's aversion to nudity has become public knowledge. Continued refusal to consider explicit imagery would create a safe, though immodest, channel for covert communication -- pornography could shield steganography.

GCHQ declined to comment to The Guardian beyond insisting that its activities were legal.

In an emailed statement, a Yahoo spokesperson said the company was not previously aware of this GCHQ's program and disapproves of it, if it exists as claimed. "This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable and we strongly call on the world's governments to reform surveillance law consistent with the principles we outlined in December," Yahoo's spokesperson said, noting that the company intends to expand encryption across all of its services.

"This is just more evidence that the NSA's surveillance programs are broken and in need of serious and immediate reform," said Mark Rumold, a staff attorney at the Electronic Frontier Foundation, in a phone interview.

Rumold said this isn't particularly surprising since the bulk collection of online information practiced by the NSA and GCHQ can be assumed to include video communications. "But this has a bit more emotional pull to it, a bit more of a visceral feel, because a lot of people communicate with video chats over the Internet."

Computer & Communications Industry Association president Ed Black also condemned the program. "This secret capturing and storage of images taken from millions of video chats indicates government privacy violations have reached an alarming new level of intrusiveness," he said in a statement. "The size and audacity of this online spying is outrageous and shows how government surveillance officials will go as far as they can to gather data with minimal regard for privacy expectations, ethics, or laws."

Earlier this year, in response to months of reports about the scope of NSA surveillance, President Obama outlines five changes in US surveillance policy, to the dissatisfaction of privacy advocates. The most substantive change was a commitment to replace the agency's bulk collection of phone metadata with something less omnivorous. It remains to be seen exactly how this program will be reconstituted.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Laurianne
50%
50%
Laurianne,
User Rank: Author
2/27/2014 | 3:25:06 PM
Webcams are hackable too
This does present an interesting example of where an individual would assume privacy -- and would be wrong. Webcams are hackable, too, as we have reported, and some bad actors also want to take still pictures. The advice has been to cover your webcam with paper or tape just in case. It's too bad that the potential benefits of webcam in education, medicine, and everyday collaboration, may be outshadowed by apprehension over privacy and security.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
2/27/2014 | 3:51:04 PM
Re: Webcams are hackable too
This demonstrates the problem with grabbing bulk data off the wire. Anyone who has participated in any embarrassing activity captured in digital form on a network-connected device is potentially subject to blackmail by any intelligence agency with the skills to hijack data.
blueheron
50%
50%
blueheron,
User Rank: Apprentice
2/27/2014 | 4:56:33 PM
Re: Webcams are hackable too
What is frightening is that we live in a world where governments believe that because such data capture is feasible it must also mean that it is legal and ethical.
PaulS681
50%
50%
PaulS681,
User Rank: Ninja
2/27/2014 | 7:47:00 PM
Re: Webcams are hackable too
This isn't that surprising. It is widley known webcams are hackable and goverments can just say that they are looking for persons of interest and just invade everyones privacy. Sad but true.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/28/2014 | 10:59:25 PM
Re: Webcams are hackable too
Makes you wonder why internal webcams have become the standard...  In the good old days of external cams, you could simply unhook plug it when it wasn't in use.
jgherbert
50%
50%
jgherbert,
User Rank: Ninja
2/28/2014 | 11:28:38 PM
Re: Webcams are hackable too
Interesting legal situation. If the images they captured included underage nudity and they are storing these images on their servers, could they not be prosecuted for possession of child pornography?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/1/2014 | 4:38:25 AM
Re: Webcams are hackable too
@jgherbert: That was an issue that was raised repeatedly...although I believe the decision was to not prosecute.

And, for the most part, the school district quickly settled on the civil claims.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/27/2014 | 7:17:23 PM
British intelligence like American, only worse
British intelligence was surprised that some of its citizens transmit nudity over the Internet? This must be the same kind of intelligence that failed to see the break up of the Soviet Union coming.
PaulS681
50%
50%
PaulS681,
User Rank: Ninja
2/27/2014 | 7:49:17 PM
Re: British intelligence like American, only worse
I thought the same thing when I read this. Like they never would have thought they would get some nudity. I wouldn't be surprised at all if some were looking for porn and just covered there a$$ by saying it was in the interest of national security.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/28/2014 | 10:56:19 PM
Re: British intelligence like American, only worse
@PaulS: I like the distinction "undesirable nudity."

That would imply that some was desirable, no?  :p
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
2/28/2014 | 10:44:43 AM
But since nobody uses Yahoo anymore ...
OK, obviously someone still uses Yahoo, but seriously, why would they target Yahoo in particular? Does it really attract an audience of evildoers?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
2/28/2014 | 12:57:43 PM
Re: But since nobody uses Yahoo anymore ...
That was one of my reactions too, David. That and anger.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/28/2014 | 10:57:17 PM
Re: But since nobody uses Yahoo anymore ...
@Alison: This reminds me of that "WebcamGate" case a few years back w/ the Pennsylvania school district that was clandestinely turning on their students' webcams at home to spy on them -- in some cases picking up nudity and partial nudity.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
2/28/2014 | 10:55:35 PM
Re: But since nobody uses Yahoo anymore ...
FWIW, Yahoo may just be the one we know about.

Although Yahoo may well be favored by foreign "evildoers."  It has been favored by 419 scammers, for instance...
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.