Report: NSA facial recognition program collects 'millions' of photos from the Web

Newly leaked documents reveal a massive NSA program to collect and analyze photographs, according to the New York Times.

Here's another reason to think twice before you post photos of yourself on the Internet: The New York Times reported Sunday that the National Security Agency collects millions of photos each day from electronic communication and analyzes them as part of a major facial recognition effort.

According to the leaked documents obtained by the Times, of the millions of images it collects daily, the NSA harvests about 55,000 that it considers to be "facial recognition quality."

The report says that "it is not clear how many people around the world, and how many Americans, might have been caught up in the effort," and goes on to state that current US privacy and surveillance laws don't specifically protect against the use of facial recognition technology to identify individuals.

The NSA's facial recognition program is separate from the agency's bulk metadata collection program, which collects information such as which phone numbers you've dialed. According to the Times, the NSA still needs to get court approval to collect images from American citizens, since they fall under the same legal umbrella as the content of an email or the audio from a phone call--neither of which can be collected without a warrant.

For its part, an NSA spokesperson tells the Times that the agency can't get at driver's license or passport photo databases, but the agency refused to say whether it collects photos from social media "through means other than communications intercepts."

Although these specific revelations are new, experts have voiced concerns about the impact of facial recognition technology on your privacy for a number of years.

In 2011, Facebook introduced a feature that could automatically tag people in photos, which had privacy activists up in arms. Senator Al Franken went on the record in 2012 to call for controls on how companies and government agencies can use facial recognition technology to identify individuals. And in 2013, the Electronic Frontier Foundation filed a lawsuit over the FBI's use of facial recognition.

Join the CSO newsletter!

Error: Please check your email address.

Tags new york timessecuritynsaprivacy

More about Electronic Frontier FoundationFacebookFBINational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nick Mediati

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place