British spy agency may have seen you naked in surveillance of Yahoo webcam chats

Edward Snowden turned over documents to The Guardian detailing GCHQ's collection of at least 1.8 million Yahoo users' webcam chats.

The Guardian reported that GCHQ, Britain’s surveillance agency, captured stills from Yahoo webcam chats between 2008 and 2010.

The Guardian reported that GCHQ, Britain’s surveillance agency, captured stills from Yahoo webcam chats between 2008 and 2010.

Another day, another revelation about intelligence agencies' ability to peer into your private life: The Guardian reported that GCHQ, Britain's surveillance agency, captured stills from Yahoo webcam chats between 2008 and 2010.

The program, codenamed Optic Nerve, mined the chats of more than 1.8 million Yahoo users around the world, regardless of whether they were suspected of terrorist activity--and that was just during one 6-month period. The Guardian learned of the program from documents provided by National Security Agency whistleblower Edward Snowden.

GCHQ believed some targets were using Yahoo webcam chats to communicate, so they pulled in stills--one shot taken every five minutes--from users whose Yahoo usernames were similar to those used by terror suspects. The spy agency was reportedly collecting the webcam stills to test facial recognition automation and keep track of targets.

According to The Guardian, GCHQ doesn't have the ability to differentiate images collected from American and British users from others, so citizens of the US and UK weren't protected from the dragnet. Users living in New Zealand, Australia, and Canada were also included in the searches without legal protections.

GCHQ told The Guardian that all of its activities are legal.

The porn problem

In documents obtained by The Guardian, it appeared that GCHQ struggled to separate useful content from the 3-11 percent of Yahoo webcam stills that contained nudity.

"It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person," one Optic Nerve document detailed. "Also, the fact that the Yahoo software allows for more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."

It's surprising that GCHQ was surprised that people use webcams for sexual purposes. Are British spies unfamiliar with the Internet?

GCHQ did little to filter out explicit images, which means analysts were actually viewing your nude chats, but later on tweaked the Optic Nerve software to exclude shots without faces in them.

Yahoo told The Guardian that it was unaware of the British program and does not condone the collection of its users' webcam chats.

"This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable, and we strongly call on the world's governments to reform surveillance law consistent with the principles we outlined in December," the company said in a statement to the newspaper.

The Optic Nerve program was ongoing as of 2012. GCHQ was reportedly interested in video captured by the Xbox 360's Kinect camera and might be of use in future surveillance efforts.

The NSA denied using GCHQ to collect information it couldn't legally collect itself.

Join the CSO newsletter!

Error: Please check your email address.

Tags YahooThe GuardianNational Security AgencysecurityprivacyGCHQ

More about GCHQNational Security AgencyNSAXboxYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Caitlin McGarry

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place