GCHQ reportedly monitored Yahoo cam chats. Company confirms cam traffic not secure pre-2012
The Guardian reports that GCHQ, a British analog to the National Security Agency, collected and stored images from Yahoo webcam streams through a program called "Optic Nerve." According to the report, the agency targeted "millions of internet users not suspected of wrongdoing," including citizens of both the United States and the United Kingdom, with the program.
If true, the program is certainly creepy. What's unclear is whether it actually constitutes illegal spying.
For one thing, under UK law, GCHQ is permitted to collect images of British citizens, including through hacking or wiretapping. According to the Guardian, the only legal restriction the agency faces is one that prevents analysts from viewing the images if their subjects are suspected of being in the British Isles at the time. (Both GCHQ and the NSA insist that all of their actions, including those revealed by this report, are legal.)
The report states that the image gathering, which GCHQ claims was intended to identify suspected terrorists and to test a facial recognition system, took place between 2008 and 2012. The Guardian reports that the spying was "based on collecting information from GCHQ's huge network of internet cable taps."
What's interesting here, though, is the date of the program. Up until 2012, Yahoo provided public video chat rooms through its Messenger service, after which time they turned the public option off. GCHQ's monitoring of Yahoo's webcam traffic also halted in 2012.
The dates could be a coincidence, of course, but given the somewhat boastful nature of other leaked NSA/GCHQ documents, it's equally feasible that the analysts are using vague language to show off their prowess at screen scraping.
What we do know, because a Yahoo spokesperson just confirmed it to me, is that prior to 2012, Yahoo did not encrypt its webcam traffic. (The company previously issued a mea culpa about allowing data to flow unencrypted between its servers, and has resolved to encrypt all data in the future.)
Again, the idea of government workers sifting through gigabytes of camgirl (and camboy) footage in order to build tools to better monitor the rest of us is certainly icky -- but it's also something which any committed 14 year old boy was probably doing at the time. (No, mom, I was just trying to combat terrorism! I sweeeeaaar!)
As such, the Guardian's report, like so much of the reporting around Snowden's leaked documents, is infuriatingly vague on the technical details. And Yahoo's statements to various news organizations are no more illuminating, mainly along the lines of "if the government is hacking us then we'd sure be mad!" (Yahoo's spokesperson is continuing to answer my questions, including offering theories on what might have happened here. I'll update the post as I hear more. I'm yet to get a response to my request for comment from the Guardian.)
Of course this lack of specific details hasn't stopped the media going into the same frothing frenzy they've suffered with every previous leak. Only this time, there's nudity!
"Spy agency intercepts Yahoo webcam chats, nudes and all" says Ars Technica. "The NSA may not be listening to your private phone calls, but it has been watching your private parts," warns ZDNet -- while UK-based The Register screamed Snowden leaks latest: UK spies ogle MILLIONS of Yahoo! webcams.
I'll update this post when I hear more from Yahoo or the Guardian.