Are you ready to add another creepy bullet point to the list of things the world's spy agencies collect about you online? No? Too bad. Because the Guardian reported on Thursday that the U.K.'s surveillance agency, with the help of the NSA, has a bulk collection program of Yahoo webcam images.
According to their report based on documents from (who else?) Edward Snowden, the Optic Nerve program was active as late as 2012 and involves millions of images — including lots of naughty ones — from users who aren't suspected of any wrongdoing, including U.K. and U.S. citizens.
Don’t be worried about GCHQ spying on your webcam, be worried about everyone on the internet doing it http://t.co/UhEmjsJYi9— James Cook (@JamesLiamCook) February 27, 2014
Optic Nerve allowed the GCHQ to collect one screenshot every five minutes from Yahoo's webcams, without the knowledge of the company or its users. In six months during 2008, the agency collected images from 1.8 million users. It doesn't filter out U.K. or U.S. citizens from its database, apparently because it doesn't have the means to do so. The GCHQ's program relied on NSA research and systems to target and filter the webcam feeds. The UK accessed the cameras through existing taps on cable connections in the country.
Oh, and they experimented with allowing agents to search by facial recognition. Here's the Guardian:
The documents also show that GCHQ trialled automatic searches based on facial recognition technology, for people resembling existing GCHQ targets: "[I]f you search for similar IDs to your target, you will be able to request automatic comparison of the face in the similar IDs to those in your target's ID."
That capability was later shut down, but there are other ways the program could potentially result in a U.K. spy accessing the images and metadata from a user's webcam. Agents, the Guardian explains, were only allowed to see metadata results from a bulk search. But if an agent knew the username of one of their surveillance targets, they'd also be able to access "webcam images associated with similar Yahoo identifiers."
As it turns out, British spies had a bit of trouble dealing with all the people who use webcams in various states of undress. One document described their shock at just how much of the traffic was naughty — between 3 and 11 percent of the images they collected:
"Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."
The agency tried out some porn detectors to try and automatically filter the images, but that didn't work very well. Because those detectors blocked images showing a certain percentage of human flesh, it sometimes had trouble distinguishing between, say, a person showing off their bits and the face of someone sitting close to their computer. Eventually, it seems that the U.K. just banned images that didn't appear to show faces from their database.
In case you were wondering how Yahoo feels about all of this, the Guardian reports that the company was "furious" when they learned of the program. A spokesperson for the program called Optic Nerve "a whole new level of violation of our users' privacy."