Thursday, February 27, 2014

2:49 PM

By Unknown

In: , , ,

No comments

British Spies Said to Have Intercepted Yahoo Webcam Images - New York Times

HTTP/1.1 302 Found Date: Thu, 27 Feb 2014 22:17:51 GMT Server: Apache Set-Cookie: NYT-S=0M9q35hpFNVJjDXrmvxADeHy6tN5F7exxcdeFz9JchiAIUFL2BEX5FWcV.Ynx4rkFI; expires=Sat, 29-Mar-2014 22:17:51 GMT; path=/; domain=.nytimes.com Location: http://ift.tt/1eBSfUV Content-Length: 0 Cneonction: close Content-Type: text/html; charset=UTF-8 HTTP/1.1 200 OK Server: Apache Cache-Control: no-cache Content-Type: text/html; charset=utf-8 Content-Length: 56271 Accept-Ranges: bytes Date: Thu, 27 Feb 2014 22:17:51 GMT X-Varnish: 24178534 24177795 Age: 11 Via: 1.1 varnish Connection: keep-alive X-Cache: HIT






Technology |British Spies Said to Have Intercepted Yahoo Webcam Images



http://nyti.ms/MzrARK








SAN FRANCISCO — A British intelligence agency collected video webcam images — many of them sexually explicit — from millions of Yahoo users, regardless of whether they were suspected of illegal activity, according to accounts of documents leaked by Edward J. Snowden.


The surveillance effort operated by Britain’s Government Communications Headquarters, or GCHQ, was code-named Optic Nerve. Images from Yahoo webcam chats were captured in bulk through the agency’s fiber-optic cable taps and saved to a GCHQ database, where they could be queried by search tool provided by the National Security Agency called XKeyscore, according to a report on Thursday by The Guardian.


The report did not indicate whether the agency also collected webcam images from similar services, such as Google Hangouts or Microsoft’s Skype. The Guardian did say the British intelligence agency was studying the possibilities of using the cameras in Microsoft’s Kinect devices, which are used with its Xbox game consoles, to spy on users.


Microsoft had no immediate comment on the report.


Yahoo, which was named in GCHQ documents, said in a statement on Thursday that it was not aware of the program and expressed outrage at published reports.


“This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December,” the company said in a statement. “We are committed to preserving our users’ trust and security and continue our efforts to expand encryption across all of our services.”


Companies like Yahoo, Google and Microsoft that operate Internet services send vast amounts of data — including video and webcam chats — through the fiber-optic lines between their data centers around the world. After recent disclosures about government tapping of some such lines, all three companies have said they are working to encrypt those links between their data centers to thwart spying.



Yahoo has said that encryption will be in place for all of its services by March 31. Google has encrypted its video chat services, including Hangouts, since at least 2010.


In response to earlier concerns about potential government surveillance of the Kinect camera, Microsoft said last year that it would allow users to turn it off. The company also said that it did not give any government broad access to Skype data or security technologies.


Documents dated between 2008 and 2010 show the GCHQ was collecting still images from Yahoo webcam chats and storing them in an agency database. The GCHQ’s Optic Nerve program, which began as a prototype, was still active in 2012, according to an internal GCHQ document.


Because the British agency lacked the technical means to filter out the content of British or American citizens, and because it faces fewer legal restrictions than the N.S.A. in the United States, documents show that the GCHQ was collecting vast amounts of webcam images. In one six-month period in 2008, the agency collected webcam images from more than 1.8 million Yahoo user accounts globally, including those of Americans, according to the Guardian report.


The British agency restricted its collection by saving one image every five minutes from users’ feeds, partly to avoid overwhelming its servers. It also restricted its image searches to so-called metadata, information that tells analysts what content the files contain, such as the sender and receiver’s usernames, file types, time, date and duration of their webcam chat.


But analysts were still able to view the contents of webcam chats between users whose usernames matched those of surveillance targets. One document instructs analysts that they are allowed to view “webcam images associated with similar Yahoo identifiers to your known target.”



The agency also apparently experimented with facial recognition technology, which searched webcam images for faces resembling those of GCHQ targets. One undated document shows that the agency shuttered this capability. It was unclear if or when it was resurrected. It is also unclear if the N.S.A. also had access to the metadata and images.


The program posed unique challenges. According to one GCHQ document, between 3 and 11 percent of collected Yahoo webcam images contained sexually explicit content. “Unfortunately, there are issues with undesirable images within the data,” one GCHQ document reads. “It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person.”


An internal agency survey of 323 Yahoo usernames found that 7.1 percent of those images contained “undesirable nudity.”


The same document also notes that because Yahoo users can broadcast webcam streams to more than one user, without a reciprocal stream, the service “appears sometimes to be used for broadcasting pornography.”


In an effort to make the GCHQ’s program “safer to use,” one document notes that the agency used pornography detection technology but that the technology often produced false positives, incorrectly tagging user’s faces as pornography.


One document advises analysts that they are forbidden to disseminate “offensive material” and that “retrieval of or reference to such material should be avoided.”


Collecting and storing content from video sources has long posed a dilemma for the N.S.A. and its intelligence counterparts because files are often larger and more difficult to store. Also, the video files often contain pornography, family videos, commercials and content of questionable intelligence value.


In its article, The Guardian described one presentation in which GCHQ analysts discuss interest and potential in spying on webcam traffic from Microsoft’s Xbox 360’s Kinect camera, claiming it generated “fairly normal webcam traffic” and was being considered for part of a wider surveillance program.


Previous disclosures from documents released by Mr. Snowden show that the N.S.A. was actively exploring the video capabilities of video game consoles for surveillance, and that N.S.A. analysts infiltrated virtual games like World of Warcraft and Second Life to snoop on targets.


A GCHQ spokesman cited “a longstanding policy that we do not comment on intelligence matters.”


“Furthermore,” the spokesman, who declined to be identified, said, “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the Interception and Intelligence Services commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.”


Vaneé Vines, a spokeswoman for the N.S.A., said in a statement on Thursday: “The National Security Agency does not ask its foreign partners to undertake any intelligence activity that the U.S. government would be legally prohibited from undertaking itself. N.S.A. works with a number of partners in meeting its foreign intelligence mission goals, and those operations comply with U.S. law and with the applicable laws under which those partners operate.


“A key part of the protections that apply to both U.S. persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with U.S. attorney general-approved procedures to protect privacy rights. Those procedures govern the acquisition, use, and retention of information about U.S. persons.”


The Guardian article referred to an internal GCHQ document that considered the legalities of the Optic Nerve program as new capabilities, like automated facial matching, were developed. But the article said that the agency would wait to consider legalities until experimental capabilities were fully developed.


As The Guardian published its story on Thursday, global security experts and intelligence officials were convening in San Francisco as part of the annual RSA Conference on cybersecurity.


Richard Clarke, former United States counterterrorism czar and member of a recent White House review panel on N.S.A. surveillance, said intelligence agencies needed clearer guidelines on what intelligence should and should not be collected.


“We have to have some understanding about what we are going to collect and what we are not going to collect,” Mr. Clarke said. “If there are things that we think are so embarrassing that they wouldn’t pass the ‘front page test,’ then don’t do it.”



Vindu Goel contributed reporting.




Site Index











Source: Top Stories - Google News - http://ift.tt/1fuwUN3

0 comments:

Post a Comment