backtop


Print 12 comment(s) - last by lagomorpha.. on Mar 4 at 6:21 PM

About 3 percent to 11 percent of images contained nudity or other graphic images

Attention Yahoo users: Britain's surveillance agency might've taken stills of your webcam sessions and stored them in databases. 

According to a new report from The Guardian, British surveillance agency GCHQ collected millions of webcam images in bulk from Yahoo users and stored them in databases under a program dubbed "Optic Nerve." The program reportedly ran from 2008 to 2010, but was still active in 2012. 

The information was provided by documents from former U.S. National Security Agency (NSA) contractor Edward Snowden. 

Optic Nerve reportedly started out as a prototype in 2008. During a six-month period in that year alone, GCHQ intercepted 1.8 million Yahoo users' communication. 

The Guardian said about 3 percent to 11 percent of the Yahoo webcam stills caught by GCHQ contained nudity and other graphic or inappropriate content. 

The report further stated that the webcam users were not being targeted for any particular reason. Many were caught in a net of bulk collection, because GCHQ said that Yahoo webcam was a service often frequented by GCHQ's suspects and targets. 

The documents also show that GCHQ tested automatic searches based on facial recognition technology as a way to find people resembling current GCHQ targets.

Yahoo was upset by the discovery, saying that it had no idea GCHQ was accessing communications and imagery between its webcam users. 

"We were not aware of, nor would we condone, this reported activity," said a Yahoo spokeswoman. "This report, if true, represents a whole new level of violation of our users' privacy that is completely unacceptable, and we strongly call on the world's governments to reform surveillance law consistent with the principles we outlined in December.

"We are committed to preserving our users' trust and security and continue our efforts to expand encryption across all of our services."


GCHQ, on the other hand, denied that it did anything wrong. It said its actions are watched very closely by overheads. 

"It is a longstanding policy that we do not comment on intelligence matters," said GCHQ in a statement. "Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.

"All our operational processes rigorously support this position."

It was reported that the NSA aided GCHQ in Optic Nerve, but the NSA said it never asked foreign partners to collect information that it couldn't legally collect itself.

"As we've said before, the National Security Agency does not ask its foreign partners to undertake any intelligence activity that the US government would be legally prohibited from undertaking itself," said NSA spokeswoman Vanee Vines. "The NSA works with a number of partners in meeting its foreign intelligence mission goals, and those operations comply with US law and with the applicable laws under which those partners operate.

"A key part of the protections that apply to both US persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with US Attorney General-approved procedures to protect privacy rights. Those procedures govern the acquisition, use, and retention of information about US persons."

Back in December 2013, it was reported that GCHQ and the NSA teamed up to spy on the virtual worlds of the Xbox Live network, World of Warcraft, and Second Life to find acts of terrorism. That information was contained in an NSA document from 2008 titled "Exploiting Terrorist Use of Games & Virtual Environments."

The two also targeted smartphones and mobile games like "Angry Birds" and "Candy Crush" to spy on users. 

Source: The Guardian



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

This might not be a bad thing
By Solandri on 3/1/2014 2:09:50 PM , Rating: 2
A big gripe I've had with many online services is that they insist on transmitting/storing your data in a format they can read, when they are not the final recipient. e.g. Dropbox stores your data as-is, so any employee could browse through your files if they wanted to. They say it's against their policy to do that, but the fact remains that they could do it. And if they can do it, so can someone who eavesdrops on or breaks into their system.

A few services do it the right way by using end-to-end encryption. Firefox's cloud backup service works by having your browser encrypt everything before transmitting it to Firefox. That encrypted blob is what they store. If you want to sync or restore on another device, that encrypted blob is what they send you. And your local copy of Firefox decrypts it using the key you generated. If you lose this key, nobody can decrypt the data. SSL encryption for secure web sites operates on the same principle.

So hopefully incidents like this will discourage transmission of unnecessarily unencrypted data. If a company like Dropbox promises not to read your data, there is no reason for them to store your data in a format they can read. Likewise if Yahoo doesn't intend to watch your webcam videos, then they shouldn't be transmitting the videos in an unencrypted format. It should be encrypted in a manner so that only the people at the endpoints can see it. Transmitting it as cleartext just creates the possibility that your data will be compromised while in transit.




By lagomorpha on 3/4/2014 6:21:18 PM , Rating: 2
quote:
Dropbox stores your data as-is, so any employee could browse through your files if they wanted to.


Provided they manage to guess the passphrase to my truecrypt container.

Companies have already shown that they can't be trusted to be relied upon for the security of your data. They will either intentionally leave your data in a format they can look through for their own benefit (Facebook, Google) or they will indifferently leave your data in a format that can be looked through because your privacy just isn't a priority.

Even commercial software that claims end-to-end encryption actually turns out to leave in ways for the US government to get to your data (Skype, iOS messages) and any company that tries to not give the government this access is shut down (Lavabit). If you want end to end encryption that works it has to be open source and fully controllable by the end user.


"And boy have we patented it!" -- Steve Jobs, Macworld 2007














botimage
Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki