When you think about government surveillance programs (the ones we have been hearing about for almost a year now), what do you think the likes of the American NSA and the British GCHQ are monitoring? Who you are calling, emailing and perhaps even the websites you visit? Almost certainly. How about your documents and family photos which you store in Facebook, Google+ Photos and Flickr? Probably. Did it occur to you that British intelligence agents have been delving into your most intimate moments too? No? Think again.

The Guardian has reported on an operation called “Optic Nerve” which reveals just how intimate government surveillance has become:

Britain’s surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.

In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.

GCHQ analysts were, apparently, given access to user profiles which seemed to correspond with names of terror suspects but the process doesn’t seem to have been terribly discriminating:

The agency did make efforts to limit analysts’ ability to see webcam images, restricting bulk searches to metadata only.

However, analysts were shown the faces of people with similar usernames to surveillance targets, potentially dragging in large numbers of innocent people. One document tells agency staff they were allowed to display “webcam images associated with similar Yahoo identifiers to your known target”.

Although the GCHQ didn’t capture complete video streams and rather collected stills every 5 minutes, this sort of mass collection from video sources is known not to be particularly valuable:

The privacy risks of mass collection from video sources have long been known to the NSA and GCHQ, as a research document from the mid–2000s noted: “One of the greatest hindrances to exploiting video data is the fact that the vast majority of videos received have no intelligence value whatsoever, such as pornography, commercials, movie clips and family home movies.”

Not surprisingly, a large number of webcam users have experimented with video chat for very private purposes and while the majority of those adventurous people are presumably consenting adults, the medium lends itself to unforeseen challenges. For starters, the way Yahoo’s technology works, it starts to resemble a broadcast which could fall foul of broadcast and publication laws:

Sexually explicit webcam material proved to be a particular problem for GCHQ, as one document delicately put it: “Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography.”

Would our Film and Publications Act cover these apparently explicit broadcasts?

What is more of a concern is just how intimate the GCHQ’s (and, by extension, the NSA’s) surveillance activities are. Granted having explicit video “chats” is risky anyway (government surveillance agencies are not the only organisations capable of intercepting Internet traffic) but this is deeply private material being reviewed and stored. It is one thing monitoring communications which seem likely to be linked to terror suspects but quite another almost indiscriminately collecting such detailed imagery of people when they are most exposed and most expect to have their privacy respected.

The GCHQ’s response doesn’t give much comfort:

In a statement, a GCHQ spokesman said: “It is a longstanding policy that we do not comment on intelligence matters.

“Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.

That is what we need. Even more scrutiny.

[Image – CC GiselaGiardino]
I am a digital risk strategist, writer and photographer. My interests are pretty varied and I enjoy sharing my thoughts about the social Web’s evolution; new technology that catches my attention; experiences that inspire me and stupidity that amazes me. It’s a mixed bag and I love doing it. You can also find out more about me on my site at http://pauljacobson.me