The Guardian reports that a GCHQ program dubbed Optic Nerve collected and stored these sill images in bulk between 2008 and 2010. And in just one half of 2008, the program snooped on accounts of more than 1.8 million Yahoo users.
Yahoo says it had no knowledge that any such spying was going on and says that this revelation demonstrates “a whole new level of violation of our users’ privacy.”
The idea, much like the other mass-collection snooping operations that have recently been made public, was about casting a wide net hoping to catch… something. After all, some bad guys use Yahoo, so if you tap into as many Yahoo users as possible, maybe you’ll catch some of these villains.
According to the documents leaked by former NSA contractor Edward Snowden, Optic Nerve was developed as a prototype in 2008. Among the purposes intended for the program, which would take a snapshot of a cam chat feed every five minutes, were experiments in automated facial recognition and the monitoring of existing GCHQ targets.
“Face detection has the potential to aid selection of useful images for ‘mugshots’ or even for face recognition by assessing the angle of the face,” reads one document about the program. “The best images are ones where the person is facing the camera with their face upright.”
And while GCHQ did try to limit the availability of these captured images so analysts couldn’t just amuse themselves by searching for stills of people looking stupid on webcams, there were loopholes.
For example, even though bulk searches were limited to the images’ metadata (the who/what/where/when info attached to each image), the Guardian reports that analysts were still shown the faces of people with similar usernames to surveillance targets. So if the search target had a username that had many similar variations, that opens the door for the analyst to see many unrelated, likely innocent users’ images.
GCHQ also ran trials that would allow analysts to search for users with faces similar to the face of a targeted individual. Again, depending on how unique that target’s features are, and how wide the search parameters were, that could turn up quite a lot of people.
And as you’d expect, the snooping turned up more than a few nude and sexually explicit images from folks using their webcams.
“Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person,” reads one document, which figures that between 3-11% of collected Yahoo images contain “undesirable nudity.”
GCHQ was also surprised to learn that because Yahoo’s system allows one cam user to broadcast their feed without having to see the feeds of everyone watching, “it appears sometimes to be used for broadcasting pornography.”
The best way GCHQ could figure to filter out pornographic images from analysts’ search was to exclude images that the software determined did not include a face.
The agency would not comment to the Guardian specifically on Optic Nerve but did claim that all of its work “is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.”