Classified documents reveal that the British security agency has collected webcam images from over 1.8 million Yahoo! users. As part of the program code named “Optic Nerve,” the British Government Communications Headquarters (GCHQ) tapped web cameras of Yahoo! users for facial recognition data.

“Face detection has the potential to aid selection of useful images for ‘mugshots’ or even for face recognition by assessing the angle of the face.”

Optic Nerve collected images from Yahoo! users once every five minutes to avoid human rights violations and to prevent GCHQ servers from overloading. The classified documents state, “Face detection has the potential to aid selection of useful images for ‘mugshots’ or even for face recognition by assessing the angle of the face.” By cross referencing image data collected from Yahoo!, the GCHQ hoped to match faces with targets already in its database.

As you can imagine, the overwhelming collection of images from webcams resulted in tons of false positives. One of the documents dated from the mid-2000s read: “One of the greatest hindrances to exploiting video data is the fact that the vast majority of videos received have no intelligence value whatsoever, such as pornography, commercials, movie clips and family home movies.”

The document estimates between 3%-11% of images captured were of “undesirable nudity.” Optic Nerve implemented a pornography filter, which generated its own false positives, tagging people’s faces as pornogrphy. Images without faces were discarded.

A spokesperson for Yahoo! responded immediately stating “We were not aware of, nor would we condone, this reported activity. This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable, and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December.”

“This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable.”

Both the NSA and GCHQ have responded, stating that both organizations follow all legal and political frameworks. “All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee,” said a spokesperson for the GCHQ.

Yahoo! joins other tech companies in urging Congress to stop NSA bulk surveillance. Last month, new leaked documents showed that both the NSA and GCHQ collected personal information from mobile apps like Flickr, which is also a Yahoo! product.

The Guardian does not specify how Optic Nerve managed to bypass Yahoo!’s security measures to collect webcam photos. There’s also the question of whether the collected data was from private or public web chats, though it should be noted that Yahoo! Messenger only supports private web chats. If the GCHQ was able to tap into Yahoo! Messenger, are services like Skype and Google Hangouts also vulnerable?

Source: The Guardian