GCHQ Could Have Been Watching Your Webcam Feed

British intelligence agency GCHQ (Government Communications Headquarters) has been collecting millions of images of law-abiding citizens obtained directly from their webcams during online chats, suggests an article published in The Guardian.

According to the documents stolen from the US National Security Agency (NSA) by whistleblower Edward Snowden, the programme codenamed ‘Optic Nerve’ was targeting the users of Yahoo Webcam services.

Due to the nature of the platforms under surveillance, the data included tens of thousands of sexually explicit images, and GCHQ had to issue extensive guidelines on dealing with nudity.

Yahoo has denied any knowledge of the Optic Nerve programme. “This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable, and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December,” said the company in a statement

“We are committed to preserving our users’ trust and security and continue our efforts to expand encryption across all of our services.”

GCHQ insists all of its activities are necessary, proportionate, and in accordance with UK law.

GCHQ is Watching You

According to the information provided by Snowden, GCHQ built Optic Nerve in 2008, with the approval and support of its US colleagues at the NSA, which offered the XKeyscore tool to help identify Yahoo’s webcam traffic.

The programme was designed to monitor existing intelligence targets, conduct experiments in facial recognition, and to discover new targets which might have changed location or used fake identification.

However, most of the time, data was collected indiscriminately and in bulk, including that from the UK and US citizens.

The software connected to individual webcams and saved one image every five minutes. The exact size of the database is unknown, but documents suggest GCHQ processed 1.8 million users in a six-month period in 2008. They also state that Yahoo was selected for Optic Nerve due to the service being frequently used by existing surveillance targets.

After collecting the images, GCHQ analysts were able to search the database using ‘metadata’ – information about when the image was taken and where. However, the analysts also processed images of users with similar names to surveillance targets, the majority of them completely innocent.

There is no proof that this extensive operation was of any benefit to the UK security. In fact, one of the documents notes that “one of the greatest hindrances to exploiting video data is the fact that the vast majority of videos received have no intelligence value whatsoever, such as pornography, commercials, movie clips and family home movies.”

The naked truth

During the lifetime of the programme, the agency made some interesting observations about digital communications. In one of the documents, GCHQ estimates that between three and eleven percent of all webcam exchanges on Yahoo feature nudity.

To make matters worse, the automatic filter which was meant to block such content proved to be useless – basing its judgement on the prevalence of certain colours on a picture, it frequently labelled large shots of faces as pornography, while letting images of somewhat distant full-frontal nudity enter the database.

“It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography,” states one of the documents.

The Guardian says GCHQ did not make any specific attempts to prevent the collection or storage of explicit images, but it did eventually decide to exclude pictures on which the automatic system couldn’t detect flesh-coloured areas.

The GCHQ guidelines note that dissemination of “offensive material” featuring nudity is a disciplinary offence, and advise analysts who are uncomfortable working with such content to avoid opening the pictures.

The agency also discussed applying a similar programme to Microsoft’s Kinect add-on for the Xbox 360 gaming console, potentially giving it a way to enter and observe people’s living rooms.

“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee,” GCHQ said in a statement to the newspaper.

It is not currently clear if the agency’s American counterpart, the NSA, operates a system similar to the Optic Nerve.

What do you know about whistleblowers and their tech? Take our quiz!