Report: UK spies captured millions of Yahoo users' webcam images
The report represents a whole new level of violation of users' privacy that is 'completely unacceptable,' Yahoo said
IDG News Service - U.K. intelligence agency GCHQ captured and stored still webcam images of millions of Yahoo users including substantial quantities of sexually explicit material, the Guardian newspaper reported Thursday.
GCHQ gathered the images with the help of the U.S. National Security Agency (NSA), the Guardian reported on the basis of documents provided by NSA leaker Edward Snowden.
The program, called Optic Nerve, began as a prototype in 2008 and was still active in 2012, according to the report. Through the program, the U.K. agency collected webcam stills from more than 1.8 million Yahoo user accounts globally in a six-month period in 2008 alone, according to the report. GCHQ used Optic Nerve to monitor targets and discover new targets while it was also used to experiment with automated facial recognition, it added.
Webcam videos were not captured in their entirety, but Optic Nerve rather saved one image every five minutes to avoid overloading the agency's servers and partly to comply with human rights legislation, according to the report.
Images were gathered in bulk rather than only from existing targets, according to the report. While analysts' ability to see webcam images was restricted to searches in metadata only, they were also shown faces of people with similar user names, potentially capturing webcam images of large numbers of innocent people, it added.
Webcam information was gathered via GCHQ's network of Internet cable taps and then processed and fed into NSA's XKeyscore, a surveillance program that the NSA reportedly uses to allow analysts to search through vast stores of metadata. NSA research was also used to build a tool to identify Yahoo webcam traffic, the Guardian reported.
Yahoo was not aware of the reported activity, a Yahoo spokeswoman said in an emailed statement. "This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable," Yahoo stated, adding that it is committed to preserving its users' trust and security and will continue its efforts to expand encryption across all services.
GCHQ said in an emailed statement that it is "a longstanding policy that we do not comment on intelligence matters."
"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate," the spokesman said, adding that there is rigorous oversight from the relevant U.K. authorities.
Because Optic Nerve was used to collect data in bulk, the program is unable to filter out information from U.S. or U.K. citizens, the Guardian noted.
The vast majority of the videos have "no intelligence value whatsoever," according to a cited document.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Privacy White Papers | Webcasts