Optic Nerve (GCHQ)

Optic Nerve is a mass surveillance programme run by the British signals intelligence agency Government Communications Headquarters (GCHQ), with help from the US National Security Agency, that surreptitiously collects private webcam still images from users while they are using a Yahoo! webcam application. As an example of the scale, in one 6-month period, the programme is reported to have collected images from 1.8 million Yahoo! user accounts globally. The programme was first reported on in the media in February 2014, from documents leaked by the former National Security Agency contractor Edward Snowden, but dates back to a prototype started in 2008, and was still active in at least 2012.

The leaked documents describe the users under surveillance as "unselected", meaning that data was collected indiscriminately in bulk from users regardless of whether they were an intelligence target or not. The vast majority of affected users would have been completely innocent of any crime or suspicion of a crime. Optic Nerve as described in the documents collected one still image every 5 minutes per user, attempting to comply with human rights legislation. The images were collected in a searchable database, and used for experiments in facial recognition, to monitor known targets, and to discover new targets. The choice of Yahoo! for surveillance was taken because "Yahoo webcam is known to be used by GCHQ targets". Unlike the US NSA, the UK GCHQ is not required by law to minimise the collection from domestic citizens, so UK citizens could have been targeted on the same level as non-UK citizens.

The story was broken by The Guardian in February 2014, and is based on leaked documents dating to between 2008 and 2012. Yahoo! expressed outrage at the programme, when approached by The Guardian, and subsequently called it "a whole new level of violation of our users' privacy." A GCHQ spokesperson stated "It is a long-standing policy that we do not comment on intelligence matters".

Though there were some limits to which photos security analysts were allowed to see, with bulk searches limited to metadata, security analysts were allowed to see "webcam images associated with similar Yahoo identifiers to your known target".

Technical details
Optic Nerve worked by collecting the information from GCHQ's large network of Internet cable taps, feeding into systems provided by the United States' National Security Agency. NSA research was used to build the tool to isolate the webcam traffic.

Given that both Yahoo! Messenger chats and webcam streams are sent unencrypted, it would have been relatively easy (though not trivial) to intercept the webcam traffic. Following the Snowden leaks, Yahoo! planned to give all users the option to encrypt all communications with Yahoo!'s servers by April, 2014.

Sexually explicit images
Between 3% and 11% of the images captured by the webcams were sexually explicit in nature and deemed "undesirable nudity".

"Unfortunately... it would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person. Also, the fact that the Yahoo! software allows more than one person to view a webcam stream without necessarily sending a reciprocal stream means that it appears sometimes to be used for broadcasting pornography."

Other webcam traffic targets
The documents mentioned interest in monitoring the video from the Xbox 360 and Xbox One's Kinect camera, something which Microsoft has reported it was oblivious to.

Reactions
"This is a truly shocking revelation that underscores the importance of the debate on privacy now taking place and the reforms being considered. In a world in which there is no technological barrier to pervasive surveillance, the scope of the government’s surveillance activities must be decided by the public, not secretive spy agencies interpreting secret legal authorities."

- The American Civil Liberties Union