NSA building global identity database from intercepted images, new Snowden documents reveal

But aren't many police forces already doing the same?

The NSA is processing millions of facial images from intercepted communications as part of a program to build a global identity database of persons of interest, documents from the Edward Snowden cache seen by the New York Times have revealed.

The number of images said to have passed through the system ran into millions per day, the documents said, 55,000 of which were "facial recognition quality images" [i.e. able to recognise individuals from various angles] which the NSA document praises for their "tremendous untapped potential."

This was a document from 2011 discussing an older program, facial recognition technology has moved on a bit, and the state and size of this system in 2014 is anyone's guess. Whether the potential has been tapped is a matter of conjecture but the size of the program is likely to have grown since then.

"It's not just the traditional communications we're after: It's taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to compile biographic and biometric information" that can help "implement precision targeting," said a document quoted by the NYT, perfectly summarising the principle at work.

It's the sort of revelation that could easily be misunderstood as a general snooping on the pictures and videos posted every day by ordinary members of the public, but a deeper dive into the NYT report suggests that the program, started around 2010, is far more targeted.

The NYT reports makes clear that the image analysis program had been accelerated after Nigerian Umar Farouk Abdulmutallab tried to blow up a Detroit-bound plane in 2009 and the attempted car-bombing of Times Square in May 2010 by Faisal Shahzad.

From a 2014 perspective, it would actually be more surprising of the NSA and FBI weren't doing this sort of analysis. The bigger question is probably less what the system is doing than who it is doing it to.

The NYT story suggests that the images are not 'found' on the Internet so much as eavesdropped from intercepts, including videoconferences, foreign databases of individuals and airline data. These images become more useful and significant because they can be related to specific communications and events.

It was this cross-referencing - the ability to connect an image or images of the same person in apparently different guises - that had led to the analytical use of images by the NSA. As of 2011, the NSA appeared able in some circumstances to pinpoint where the images were taken using satellite maps.

On the other hand, in February the US and UK intelligence agencies were revealed through separate Snowden documents to have collected 1.8 million webcam images from Yahoo users as far back as 2008 through a program called 'Optic Nerve'. That system also used image recognition and appeared to be grabbing every image it could get hold of, regardless of whether the target was under surveillance or not.

The legitimate concern isn't that the NSA cares about every picture of a person with their pet cat - these are after all deliberately made public - but that they are now building a system capable of relating that image to every other one of the same person, including those gathered officially.

Given that the NSA is said to be using commercial technology, a good guess as to its future capabilities will be what is possible in that sector. A good example of what is now possible is a forensic system from NetClean, which recently diversifiedfrom spotting Internet child porn into general policing tool able to do some of what the NSA appears to have been investigating.

In conclusion, it isn't just the NSA that is looking into image collection ana analysis; many police forces are now doing the same and there will be no holding this back.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechNetworkingsecuritynsa

More about FBINSAYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts