informa
/
News

British Spies Capture Yahoo Webcam Images

UK agency's effort to collect facial images via Yahoo chat sessions brings in too many other body parts.
9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(Click image for larger view.)

The Five Eyes, a term used to describe the transnational intelligence-gathering alliance between Australia, Canada, New Zealand, the UK, and the US, would be more aptly named the Million Eyes, to reflect more accurately the agencies' ability to access webcam communications.

The UK's GCHQ intelligence service, with the help of the NSA, reportedly grabbed snapshots from millions of Yahoo users' webcam chat sessions in recent years, about 7% of which contained "undesirable nudity."

On Thursday, based on documents provided by whistleblower Edward Snowden, The Guardian published details about an intelligence-gathering program called Optic Nerve, which began in 2008 and continued at least through 2012, designed to test facial recognition technology and to identify persons of interest.

[Should Google Glass users learn self-defense? Read Google Glass Prompts Attack, Woman Claims.]

Optic Nerve is said to collect information from GCHQ's Internet cable taps and to route that data to the NSA's XKeyscore search program. Rather than collecting the full video stream, the program reportedly collects still images every five minutes.

According to the report, GCHQ collected 1.8 million images from Yahoo users' webcam chat sessions in a six-month period during 2008. Many of these images are said to be sexually explicit -- 7.1%, with a 3.7% margin of error.

"Unfortunately, there are issues with undesirable images within the data," one of the excepted documents posted by The Guardian reads. "It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."

Rather than taking steps to avoid capturing such images, GCHQ is said to have made an effort to exclude images from its searches when its software does not find any facial features. However, according to The Guardian, the agency's explicit imagery detection system generates too many false positives by identifying people's faces as pornographic.

What's more, such policies may be unsustainable now that the agency's aversion to nudity has become public knowledge. Continued refusal to consider explicit imagery would create a safe, though immodest, channel for covert communication -- pornography could shield steganography.

GCHQ declined to comment to The Guardian beyond insisting that its activities were legal.

{image 1}

In an emailed statement, a Yahoo spokesperson said the company was not previously aware of this GCHQ's program and disapproves of it, if it exists as claimed. "This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable and we strongly call on the world's governments to reform surveillance law consistent with the principles we outlined in December," Yahoo's spokesperson said, noting that the company intends to expand encryption across all of its services.

"This is just more evidence that the NSA's surveillance programs are broken and in need of serious and immediate reform," said Mark Rumold, a staff attorney at the Electronic Frontier Foundation, in a phone interview.

Rumold said this isn't particularly surprising since the bulk collection of online information practiced by the NSA and GCHQ can be assumed to include video communications. "But this has a bit more emotional pull to it, a bit more of a visceral feel, because a lot of people communicate with video chats over the Internet."

Computer & Communications Industry Association president Ed Black also condemned the program. "This secret capturing and storage of images taken from millions of video chats indicates government privacy violations have reached an alarming new level of intrusiveness," he said in a statement. "The size and audacity of this online spying is outrageous and shows how government surveillance officials will go as far as they can to gather data with minimal regard for privacy expectations, ethics, or laws."

Earlier this year, in response to months of reports about the scope of NSA surveillance, President Obama outlines five changes in US surveillance policy, to the dissatisfaction of privacy advocates. The most substantive change was a commitment to replace the agency's bulk collection of phone metadata with something less omnivorous. It remains to be seen exactly how this program will be reconstituted.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)