Britain's surveillance agency is said to have captured images from millions of Yahoo users' webcams as part of a broad program running from 2008 through at least 2012. According to the Guardian, the GCHQ was able to intercept webcam images from more than 1.8 million users over a period of just six months in 2008. The images were used for intelligence by gathering metadata and testing facial recognition technology — though they were reportedly taken from users who had not been suspected of wrongdoing. Yahoo denies having knowledge of Optic Nerve and calls the alleged program "completely unacceptable."
"A whole new level of violation of our users' privacy."
The Guardian reports that the US National Security Agency assisted in the webcam image collection program, which is known as Optic Nerve. Images were reportedly collected every five minutes and were stored in bulk in agency databases. As with phone metadata, the GCHQ appears to have used the information it gathered to tie together individual suspects. In this case, it would also be able to confirm that through the captured imagery.
Because the imagery was largely tied to anonymous usernames, the GCHQ reportedly attempted to use facial recognition to match people in captured images with known targets. Bulk surveillance on Yahoo webcams apparently started in the first place because the GCHQ found that the service was being used by its suspects. The GCHQ declined to comment to the Guardian, but said that all of its activities were "carried out in accordance with a strict legal and policy framework."
As one might imagine, not all of the webcam data that the GCHQ captured was of value to it. "Unfortunately," a GCHQ document reportedly reads, "it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person." The Guardian reports that the agency estimated that between 3 and 11 percent of the images it gathered contained "undesirable nudity," and it apparently did not attempt to filter that out. It did, however, remove images that did not contain faces from its database search results and limited bulk searches to metadata only.
Optic Nerve is easily among the most invasive secret surveillance programs detailed over the past year. Yahoo's name has been tied to a number of them, and the company has been active in pushing for the government to at least allow it to release more data about government requests it receives. "We were not aware of nor would we condone this reported activity," a Yahoo spokesperson says in a statement to The Verge. "This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December."
Though NSA tools and systems were used to facilitate Optic Nerve, the Guardian reports that it's unclear if the American agency also had access to the images it collected. In a statement, the American Civil Liberties Union calls the program "truly shocking" and calls for more information on the NSA's involvement. "This report also raises troubling questions about the NSA’s complicity in what is a massive and unprecedented violation of privacy," Alex Abdo, an ACLU National Security Project staff attorney, says in a statement. "We need to know more about what the NSA knew, and what role it played."
Yahoo is the only party with services noted as an Optic Nerve surveillance target. However, the Guardian reports that the GCHQ has also considered whether the built-in webcam on the Xbox 360's Kinect could be used as part of a broader program. In that case, it's unclear if the agency is interested in images or metadata alone.
Though the Guardian does not state whether Optic Nerve's collected webcam chats were publicly or privately broadcasted, Yahoo's primary webcam offering in Yahoo Messenger only supports private webcam chats.