Spencer Ackerman and James Ball / The Guardian & Justin Raimondo / AntiWar.com – 2014-02-28 00:42:28
http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo
Yahoo Webcam Images from
Millions of Users Intercepted by GCHQ
Spencer Ackerman and James Ball / The Guardian
(February 27, 2014) — Britain’s surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.
GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.
In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of “a whole new level of violation of our users’ privacy”.
GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans’ images being accessed by British analysts without an individual warrant.
The documents also chronicle GCHQ’s sustained struggle to keep the large store of sexually explicit imagery collected by Optic Nerve away from the eyes of its staff, though there is little discussion about the privacy implications of storing this material in the first place.
OPTIC NERVE – Yahoo Webcam display and target discovery
[Redacted]
Summary
A report on the development of OPTIV NERVE – a web interface to display Yahoo Webcam images sampled from unselected intercept and a system for proportionate target discovery.
Optic Nerve, the documents provided by NSA whistleblower Edward Snowden show, began as a prototype in 2008 and was still active in 2012, according to an internal GCHQ wiki page accessed that year.
The system, eerily reminiscent of the telescreens evoked in George Orwell’s 1984, was used for experiments in automated facial recognition, to monitor GCHQ’s existing targets, and to discover new targets of interest. Such searches could be used to try to find terror suspects or criminals making use of multiple, anonymous user IDs.
Rather than collecting webcam chats in their entirety, the program saved one image every five minutes from the users’ feeds, partly to comply with human rights legislation, and also to avoid overloading GCHQ’s servers. The documents describe these users as “unselected” – intelligence agency parlance for bulk rather than targeted collection.
One document even likened the program’s “bulk access to Yahoo webcam images/events” to a massive digital police mugbook of previously arrested individuals.
“Face detection has the potential to aid selection of useful images for ‘mugshots’ or even for face recognition by assessing the angle of the face,” it reads. “The best images are ones where the person is facing the camera with their face upright.”
The agency did make efforts to limit analysts’ ability to see webcam images, restricting bulk searches to metadata only.
However, analysts were shown the faces of people with similar usernames to surveillance targets, potentially dragging in large numbers of innocent people. One document tells agency staff they were allowed to display “webcam images associated with similar Yahoo identifiers to your known target”.
Optic Nerve was based on collecting information from GCHQ’s huge network of internet cable taps, which was then processed and fed into systems provided by the NSA. Webcam information was fed into NSA’s XKeyscore search tool, and NSA research was used to build the tool which identified Yahoo’s webcam traffic.
Bulk surveillance on Yahoo users was begun, the documents said, because “Yahoo webcam is known to be used by GCHQ targets”.
Metadata:
At the moment of OPTIC NERVE’s data supply (run by B13) does not select but simply collects in bulk, and as a trade-off only collects an image every 5 minutes. It would be helpful to incorporate selection and collect images at a faster rate (all?) for targets. CS to find out from B13 if this is feasible.
Programs like Optic Nerve, which collect information in bulk from largely anonymous user IDs, are unable to filter out information from UK or US citizens. Unlike the NSA, GCHQ is not required by UK law to “minimize”, or remove, domestic citizens’ information from its databases. However, additional legal authorisations are required before analysts can search for the data of individuals likely to be in the British Isles at the time of the search.
There are no such legal safeguards for searches on people believed to be in the US or the other allied “Five Eyes” nations – Australia, New Zealand and Canada.
GCHQ insists all of its activities are necessary, proportionate, and in accordance with UK law.
The documents also show that GCHQ trialled automatic searches based on facial recognition technology, for people resembling existing GCHQ targets: “[I]f you search for similar IDs to your target, you will be able to request automatic comparison of the face in the similar IDs to those in your target’s ID”.
The undated document, from GCHQ’s internal wiki information site, noted this capability was “now closed … but shortly to return!”
The privacy risks of mass collection from video sources have long been known to the NSA and GCHQ, as a research document from the mid-2000s noted: “One of the greatest hindrances to exploiting video data is the fact that the vast majority of videos received have no intelligence value whatsoever, such as pornography, commercials, movie clips and family home movies.”
Sexually explicit webcam material proved to be a particular problem for GCHQ, as one document delicately put it: “Unfortunately … it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography.”
The document estimates that between 3% and 11% of the Yahoo webcam imagery harvested by GCHQ contains “undesirable nudity”. Discussing efforts to make the interface “safer to use”, it noted that current “naïve” pornography detectors assessed the amount of flesh in any given shot, and so attracted lots of false positives by incorrectly tagging shots of people’s faces as pornography.
27. Unfortunately, there are issues with undesirable images within the data. It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that the Yahoo software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography.
28. A survey was conducted, taking a single image from each of 323 used ids. 23 (7.1%) of those images contained undesirable nudity. From this we can infer that the true proportion of undesirable images in Yahoo webcam is 7.1% +/- 3.75 with confidence 95%.
GCHQ did not make any specific attempts to prevent the collection or storage of explicit images, the documents suggest, but did eventually compromise by excluding images in which software had not detected any faces from search results – a bid to prevent many of the lewd shots being seen by analysts.
The system was not perfect at stopping those images reaching the eyes of GCHQ staff, though. An internal guide cautioned prospective Optic Nerve users that “there is no perfect ability to censor material which may be offensive. Users who may feel uncomfortable about such material are advised not to open them”.
It further notes that “under GCHQ’s offensive material policy, the dissemination of offensive material is a disciplinary offence”.
[edit] Potentially Undesirable Images
We use face detection to try to censor material which may be offensive but this does not work perfectly so you should read the following before using OPTIC NERVE:
* It is possible to handle and display undesirable images. There is no perfect ability to censor material which may be offensive. Users who may feel uncomfortable about such material are advised not to open the.
* You are reminded that under GCHQ’s offensive material policy, the dissemination of offensive material is a disciplinary offence.
* Retrieval of or reference to such material should be avoided; see IB 150 for guidance on dealing with offensive material.
Once collected, the metadata associated with the videos can be as valuable to the intelligence agencies as the images themselves.
It is not fully clear from the documents how much access the NSA has to the Yahoo webcam trove itself, though all of the policy documents were available to NSA analysts through their routine information-sharing. A previously revealed NSA metadata repository, codenamed Marina, has what the documents describe as a protocol class for webcam information.
In its statement to the Guardian, Yahoo strongly condemned the Optic Nerve program, and said it had no awareness of or involvement with the GCHQ collection.
“We were not aware of, nor would we condone, this reported activity,” said a spokeswoman. “This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable, and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December.
“We are committed to preserving our users’ trust and security and continue our efforts to expand encryption across all of our services.”
Yahoo has been one of the most outspoken technology companies objecting to the NSA’s bulk surveillance. It filed a transparency lawsuit with the secret US surveillance court to disclose a 2007 case in which it was compelled to provide customer data to the surveillance agency, and it railed against the NSA’s reported interception of information in transit between its data centers.
The documents do not refer to any specific court orders permitting collection of Yahoo’s webcam imagery, but GCHQ mass collection is governed by the UK’s Regulation of Investigatory Powers Act, and requires certification by the foreign secretary, currently William Hague.
The Optic Nerve documentation shows legalities were being considered as new capabilities were being developed. Discussing adding automated facial matching, for example, analysts agreed to test a system before firming up its legal status for everyday use.
“It was agreed that the legalities of such a capability would be considered once it had been developed, but that the general principle applied would be that if the accuracy of the algorithm was such that it was useful to the analyst (ie, the number of spurious results was low, then it was likely to be proportionate),” the 2008 document reads.
The document continues: “This is allowed for research purposes but at the point where the results are shown to analysts for operational use, the proportionality and legality questions must be more carefully considered.”
Optic Nerve was just one of a series of GCHQ efforts at biometric detection, whether for target recognition or general security.
While the documents do not detail efforts as widescale as those against Yahoo users, one presentation discusses with interest the potential and capabilities of the Xbox 360’s Kinect camera, saying it generated “fairly normal webcam traffic” and was being evaluated as part of a wider program.
Documents previously revealed in the Guardian showed the NSA were exploring the video capabilities of game consoles for surveillance purposes.
Microsoft, the maker of Xbox, faced a privacy backlash last year when details emerged that the camera bundled with its new console, the Xbox One, would be always-on by default.
Beyond webcams and consoles, GCHQ and the NSA looked at building more detailed and accurate facial recognition tools, such as iris recognition cameras – “think Tom Cruise in Minority Report”, one presentation noted.
The same presentation talks about the strange means the agencies used to try and test such systems, including whether they could be tricked. One way of testing this was to use contact lenses on detailed mannequins.
To this end, GCHQ has a dummy nicknamed “the Head”, one document noted.
In a statement, a GCHQ spokesman said: “It is a longstanding policy that we do not comment on intelligence matters.
“Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.
“All our operational processes rigorously support this position.”
The NSA declined to respond to specific queries about its access to the Optic Nerve system, the presence of US citizens’ data in such systems, or whether the NSA has similar bulk-collection programs.
However, NSA spokeswoman Vanee Vines said the agency did not ask foreign partners such as GCHQ to collect intelligence the agency could not legally collect itself.
“As we’ve said before, the National Security Agency does not ask its foreign partners to undertake any intelligence activity that the US government would be legally prohibited from undertaking itself,” she said.
“The NSA works with a number of partners in meeting its foreign intelligence mission goals, and those operations comply with US law and with the applicable laws under which those partners operate.
“A key part of the protections that apply to both US persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with US Attorney General-approved procedures to protect privacy rights. Those procedures govern the acquisition, use, and retention of information about US persons.”
The Worst Snowden Revelation of Them All
Justin Raimondo / AntiWar.com
(February 27, 2014) — One common reaction to Edward Snowden’s exposure of the National Security Agency’s pervasive surveillance of Americans and people around the world has been: Well, at least they aren’t doing what US government agents did in the 1960s and 1970s — targeting dissident political activists, spying on and disrupting their constitutionally-protected activities, and seeking to discredit them with programs like Cointelpro.
Except they are, as it turns out.
The latest revelations and newly-released documents, detailed by Glenn Greenwald in a shocking piece for his new outlet, The Intercept, show that’s exactly what they’re doing. Whereas J. Edgar Hoover’s FBI used old-fashioned methods — primitive bugging devices, poison pen letters, and physical infiltration of “suspect” groups — today’s Thought Police use the Internet to, as Greenwald puts it, “control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the Internet itself.”
In a presentation by the British spy agency GCHQ to the NSA, and the Canadian, Australian, and New Zealand intelligence agencies, the top-secret JTRIG unit instructed their allies in the methodology of targeting and destroying political dissidents, and countering their influence on the Internet. Their approach is oh-so-“scientific,” citing social science theories about human motivation, giving the whole document the aura of an academic study — albeit one written by someone with a sensibility that veers from the playful to the downright sinister.
The goal of this covert action program is to create what GCHQ describes as “cyber-magicians,” who can work their “magic” on the Internet and their designated targets — and indeed the presentation is illustrated with a photo of John Mulholland, the renown “magician” who was hired by the CIA in the 1950s to write a manual on the uses of “misdirection, concealment, and stagecraft,” as Noah Shachtman put in it Wired.
Also pictured are Jasper Maskelyne, a British stage magician of the 1930s recruited by British intelligence, and Houdini, who is noted for his “1865 mission on behalf of Napoleon III to help quell the Marabout-led uprising in Algeria.”
Interesting that GCHQ and their American and other partners would identify with Napoleon III and his mostly unsuccessful attempts to plant the French flag far and wide. In the Algerian case, however, he was relatively successful: the Arab rebels, it seems, had been inspired to rise by religious figures, charismatic imams supposedly capable of performing magic.
The French decided to out-do the imams with some magic tricks of their own, and so they brought in Houdini, who performed the old bullet-between-the-teeth stunt. This supposedly so impressed the rebels that they became too afraid to go on with their rebellion — although the horrific slaughter inflicted on Algerian villages by occupying troops may have had something to do with it as well.
This unrestrained violence, while motivated by the usual racism, was also a manifestation of something new. Edward Burke III, professor of history emeritus at the University of California, Santa Cruz, traces it to the anti-clericalist legacy of the French Revolution. The wholesale destruction of the rebels’ religious and ideological infrastructure — which Burke refers to as “the French kulturkampf in Algeria” — was “a Jacobin step toward the diffusion of reason and science.”
Utilizing the techniques of the social and psychological “sciences,” our “cyber-magicians,” in waging their cyber-kulturkampf, see their targets — us — the same way 19th century French colonialists viewed their Algerian helots. If you look through the slides published by Greenwald the theme is crystal-clear: human beings are depicted as emotion-driven easily manipulated idiots who have to be fooled into behaving properly.
How to fool them? In 19th century Algeria it was Houdini awing the natives with magic tricks: in the online world of the 21st century, it’s “cyber-magicians” planting “false flags” — posts attributed to the target that were not written by him or her. Or posts ostensibly by people who are members or sympathizers of a targeted group.
This is what the FBI did to the antiwar movement of the 1960s: entire “cells” of radical groups were set up and controlled by the feds, who then used them to divide, disrupt, and discredit rising antiwar sentiment.
Another GCHQ ploy: what Greenwald calls “fake victim posts,” in which alleged victims of the target describe their victimization at the hands of the targeted individual or group. This technique seems to have been used to great effect against Julian Assange and WikiLeaks, who have racked up a record number of “tell-all” books and articles by former associates relating Assange’s alleged sins.
Aside from the above, a number of other techniques are listed, most of which are fairly descriptive:
• Ruse
• Set piece
• False rescue
• Disruption
• Sting
Anything is possible — and everything is permitted — with the kind of “cyber-magic” performed by our government sneaks: if you want to discredit a target, you can “set up a honey-trap” — a sexual assignation — or if you’re in a juvenile mode you can “change their photo on social networking sites.” And there’s always the old tactic of sending “emails/texts to their colleagues, neighbors, friends, etc.”
Again, there’s nothing new under the sun as far as the immorality and cheap vulgarity of our rulers is concerned: they did the same thing in the 1960s to Martin Luther King and a host of other civil rights and assorted “radical” figures, the only difference being they used the Post Office rather than email and texting. The technology may change, but the venality is a constant.
Of particular interest to GCHQ and its eager students at the NSA are techniques designed to “pull a group apart.” Listed as likely points of rupture are issues of “personal power,” “preexisting cleavages,” “competition,” and “ideological differences.” Again, these are old techniques empowered by new technology and gussied up in the pseudo-“scientific” language of sociology and behavioral psychology.
What’s new, however, is the nature of some of the targets: it’s not only high profile political dissidents like Assange (and Greenwald) alongside criminal suspects who might find themselves in the sights of GCHQ/NSA, but also private companies, as explicitly stated in the new documents.
Suggested covert actions against these corporate targets include leaking confidential information to rival companies and the media “via blogs, etc.”, and posting “negative information in appropriate forums,” resulting in stopping the target’s business deals and ruining business relationships.
Given the amount of purely industrial espionage detailed in previously released documents, the scope — and cost — of this destructive rampage across the corporate landscape by our vaunted “cyber-magicians” is absolutely mind-boggling.
The new documents describe a “cyber-offensive session” by two GCHQ officers on “Pushing the Boundaries and Action Against Hacktivism” which does indeed push the boundaries very far beyond the ostensible purpose of “fighting terrorism.”
The fine line between “hacktivist” and any sort of online political activism is not one likely to be precisely defined by these people: Julian Assange’s and Edward Snowden’s defenders, as well as those two individuals themselves, are fair game in this grand scale “cyber-offensive.” And what about the corporate entities enabling these revelations to come out in the first place?
Pierre Omidyar, the financial force behind First Look Media, which puts out The Intercept, is a principal of eBay, and has a financial interest in other companies. Will those companies now find themselves under attack? Will confidential information sucked up by the NSA “leak” onto various blogs and into the media?
Speaking of the media, this whole covert action program assumes easy access on the part of government agents to sympathetic contacts in the “mainstream” news and opinion outlets: it posits a ready consumer base of “journalists” hungry for a constant diet of smears, “false flags,” and compromising material. And we can all guess as to who some of them might be….
Cass Sunstein, President Obama’s close advisor and head of a commission to “reform” the NSA, has long advocated infiltrating online communities devoted to supposedly dangerous “conspiracy theories,” and otherwise steering online discourse in a more pro-government direction — and it looks like his ideas are being put into practice. The new documents promise a “full rollout complete by early 2013,” with “500+ GCHQ analysts” on the job — and how many from the NSA and US law enforcement agencies?
So let’s be clear about this: individuals, groups, and private companies accused of no crime are having their reputations destroyed, their private lives exposed and their financial affairs disrupted by a government-orchestrated smear campaign extending all across the globe.
If that doesn’t unmask our rulers as the ruthless authoritarians we libertarians always said they were, then I don’t know what will. Behind the mask of “democracy” and “progressivism” lurks the same old ugly face of a J. Edgar Hoover, only updated to look like the dome-headed professorial Cass Sunstein.
Posted in accordance with Title 17, Section 107, US Code, for noncommercial, educational purposes.