The latest top-secret documents leaked by Edward Snowden reveal the National Security Agency and its British counterpart, the the Government Communications Headquarters (GCHQ) may have peered into the lives of millions of internet users who were not suspected of wrongdoing. The surveillance program codenamed “Optic Nerve” compiled still images of Yahoo webcam chats in bulk and stored them in the GCHQ’s databases with help from the NSA. In one six-month period in 2008 alone, the agency reportedly amassed webcam images from more than 1.8 million Yahoo user accounts worldwide. According to the documents, between 3 and 11 percent of the Yahoo webcam images contained what the GCHQ called “undesirable nudity.” The program was reportedly also used for experiments in “automated facial recognition” as well as to monitor terrorism suspects. We speak with James Ball, one of the reporters who broke the story. He is the special projects editor for Guardian U.S.
TRANSCRIPT:
This is a rush transcript. Copy may not be in its final form.
AMY GOODMAN: A new report based on top-secret documents leaked by Edward Snowden reveals the National Security Agency and its British counterpart, the Government Communications Headquarters, or GCHQ, may have peered into the lives of millions of Internet users who were not suspected of wrongdoing. A surveillance program codenamed “Optic Nerve” compiled still images of Yahoo webcam chats in bulk and stored them in GCHQ’s databases with help from the NSA. In one six-month period in 2008 alone, the agency reportedly amassed webcam images from more than 1.8 million Yahoo user accounts worldwide.
The program was reportedly used for experiments in “automated facial recognition” as well as to monitor terrorism suspects. A more accurate name for the “Optic Nerve” program may have been “Peeping Tom,” because it ended up collecting a large number of sexually explicit images. According to the documents, between 3 and 11 percent of the Yahoo webcam images contained what the GCHQ called “undesirable nudity.” Yahoo responded to the news by denying any prior knowledge of the program, saying the spy agencies had, quote, “reached a whole new level of violation of our users’ privacy.”
The documents also reveal the surveillance agencies discussed intercepting other types of cameras, such as the ones found on Xbox 360 game consoles. The NSA and the GCHQ also reportedly considered designing more sophisticated and accurate facial recognition tools, such as iris recognition cameras.
For more, we’re joined now by one of the two reporters who broke the story, James Ball. He is the special projects editor for Guardian US. The article he co-wrote with Spencer Ackerman is called “Yahoo Webcam Images from Millions of Users Intercepted by GCHQ.”
James Ball, welcome to Democracy Now!
JAMES BALL: Hi there.
AMY GOODMAN: Great to have you with us. OK, start from the beginning, what you found. What were contained in the documents Edward Snowden released?
JAMES BALL: I think ever since we first sort of reported, Glenn Greenwald in The Guardian reported the Verizon spying, we had all kind of wondered about mass surveillance. Is it just metadata? Is it just foreigners? And we’d kind of wondered just how far it might go. And this one, I think, even after nine months, was really shocking. This is webcams in people’s homes. Essentially, if you used a webcam service, if you were having a chat, if you were broadcasting, it looks as if—the documents show that GCHQ could see that traffic and just grabbed it en masse. They didn’t just look for current targets. They didn’t just look for suspects. They saved a little bit of everything.
AMY GOODMAN: Did you have to—did it have to be active for them to collect it, or could it just be sitting on your desk at home?
JAMES BALL: This particular program was just collecting when people were using it, as if you’re having a kind of Skype call or something like that. If you were using a webcam to have a chat, it just grabbed images from it as you did it. There are other programs which discuss sort of turning on the webcam for targets, but however you feel about that, at least that’s just people they suspect. This is everyone. This is you, me, Americans, Brits. Everyone can get caught in this.
AMY GOODMAN: So, this is GCHQ. What’s the role of NSA?
JAMES BALL: I think this is a really important question. What we do know is that the NSA helped—NSA research helped build this. NSA learned how Yahoo transmitted its webcam imagery, and GCHQ used that research to build the system. The NSA also have this XKeyscore system, this huge search that can grab all of your Internet activity. And this—results from Optic Nerve could feed into this database. So we know the NSA knew about the program, because it was in the Snowden files. We know the NSA research helped it. And we know it knew NSA’s systems. What we really have to know is whether the NSA had access to this system, whether they raised concerns about Americans’ information being in there, because we know it was, and what else their involvement was, because it does look as if the NSA themselves couldn’t legally have built a system like this, although it’s such a complicated area of law, it’s quite hard to be sure.
AMY GOODMAN: You called Yahoo?
JAMES BALL: Yes, well, my colleague, our national security editor, Spencer Ackerman, called Yahoo. And, yes, they were—they were very surprised and alarmed. I mean, I think we have to say, if Yahoo had been more secure at the time, if they’d have encrypted people’s chats, if they’d have had that level of concern about people’s privacy, they could have prevented this. And, you know, people were saying at the time they should do it. It’s not as if it’s just hindsight. But now they have come out very strongly. They’re calling for reform of surveillance laws. They’ve been one of the tech companies that’s really pushed for reform. And you can see from their statement they are not happy about this.
AMY GOODMAN: Well, Democracy Now! invited Yahoo to join us on the program. They declined, but did send us a statement saying, quote, “We were not aware of nor would we condone this reported activity. This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December. We are committed to preserving our users’ trust and security and continue our efforts to expand encryption across all of our services.” That’s what they said. But are there deals being made with these huge, multinational web giants and the governments to continue to operate?
JAMES BALL: I mean, there’s two different sets of problems. There’s the Internet companies and the degree to which they are working with law enforcement. And this was, of course, the PRISM program that is now a household name—it’s even in TV shows. That seems to have been legally compelled at least; they weren’t voluntarily handing it over. But it does seem as if they helped build automated or semi-automated systems to make it easy.
I think the big questions have to be asked for the cable companies, and, you know, whether the ones who put—pipe the Internet into our house or the industrial ones. They seem to have gone further. We know from GCHQ documents and NSA documents that they really do a lot to help the cable-tapping operations that power all of these other programs. And if I was really looking to ask companies questions about secret deals and who’s getting cash and who might be not just doing what they have to, but a bit further, it’s the cable companies I’d be asking.
AMY GOODMAN: Talk more about the facial recognition aspect of this.
JAMES BALL: So they had a couple of tricks with facial recognition. One of the things that they tried to do was just to see if there was a face in the image, so telling a face from an elbow. Happily, it seems the intelligence agencies can do that now. They did this to try and knock out some of the adult images, some of the other stuff. The bit that might get more concerning is they are trying to—what they’re trying to do with this is see if the person using one particular Yahoo account is the same person using another. So they’re trying to find if their targets are using more than one account. So, they try to automatically match it, check it against all of these images they’re collecting, and see if they get something, which would be fine if it was a perfect technology—well, it might be fine if it was a perfect technology—but it’s not. And so, there’s this risk of false matches, of people in these spy agencies looking up your pictures, your webcam chats, just because some malfunctioning algorithm thinks you look like someone GCHQ is spying on.
AMY GOODMAN: I want to turn to—talk more about the sexually explicit images.
JAMES BALL: I mean, it’s quite a concerning thing. It’s essentially—they were actually complaining at length in the documents about just how many of these images were sexually explicit. I mean, we know they were capturing—this program ran for years and might still be going. In just one six-month period, they got 1.8 million people. They reckon up to about 180,000 of those were sending explicit images. So, GCHQ has this vast sort of store of pornographic images from people who had no intention of them seeing it.
In fairness to GCHQ, in this particular instance, it doesn’t look like they were trying to collect that. They actually complain almost about their analysts having to see it. They’re warned, “Hey, you know, if you don’t want to see something nasty, don’t use this database.” But I think it kind of shows how concerning it is. Is your privacy only violated when an actual human analyst looks at an adult picture of you, or is just the very idea of the British government or the American government having this huge store of compromising pictures itself a bit creepy? I think most of us might feel it’s the latter. And GCHQ, every document we saw on this, suggested they weren’t trying to use these, they weren’t wanting to look at them. But there have been other documents relating to other programs talking about perhaps using people’s browsing habits and porn habits to discredit them, and so we know they’re not entirely above this kind of behavior.
AMY GOODMAN: Last month, a report from Glenn Greenwald and NBC News based on leaks from Edward Snowden revealed the British government can spy on social media sites, including YouTube, in real time, without the knowledge of companies. Another round of news reports based on Snowden’s disclosures found the NSA and its British counterpart are targeting smartphone apps, including the popular game “Angry Birds,” for personal data on users, from their location to their sexual preferences. James Ball, you wrote this article for The Guardian called “Angry Birds Firm Calls for Industry to Respond to NSA Spying Revelations.” Tell us more about it.
JAMES BALL: I think the key thing is, a lot of what lets the NSA spy on this stuff in bulk, rather than kind of picking their targets and going for them—and most people would say, “Hey, if they’re interested in a small number of terror suspects, OK, they should spy on those”—what lets them spy in bulk is things like the advert tracking cookies or bad security from the Internet firms or that kind of stuff. So, yes, by all means, we—we are, in America, having a debate about the limits of surveillance law, and it’s looking, hopefully, like there might be some reforms, maybe a lot more limited than people want. But in the meantime, the tech companies and the app makers can do a lot to protect us. And I think, as people who use those, we have to make it clear that if you want change, you’ve got to let your phone maker know, your app makers know, because a lot of this is just piggybacking on either their bad security or them tracking you to try and sell you stuff. There’s kind of a bit of a relationship going on between these big companies and the spy agencies, even if it wasn’t a deliberate one.
AMY GOODMAN: In November, leaks from Edward Snowden showed the NSA had gathered records on the online sexual activity of Muslim targets in a bid to discredit them. The Huffington Post reported the NSA had identified at least six Muslim leaders whose speeches have the potential to radicalize their audiences with an “extremist message,” they said. None were accused of involvement in terror plots. The NSA had apparently collected their evidence of their online activity, including visits to porn sites, in a bid to undermine their credibility or intimidate them into silence. It’s unclear if the NSA carried out any of its plans. Given how the NSA has approached explicit images in the past, what risks are posed by the mass collection of potentially compromising webcam photos?
JAMES BALL: This is essentially the problem of bulk surveillance. It’s—we all do things which are perfectly acceptable, legitimate activities, but private—you know, things that we send to our partners, to our friends. We all do things that we wouldn’t want the world to know. And that’s kind of the problem. If it’s all collected, we all have some things we might [not] want used against us. And so, if the intelligence agencies really want to say, “Look, OK, we collected this stuff. It might be a bit compromising, but we don’t want to and we’d never dream of misusing it,” that really is demanding quite a lot of trust. It’s—deliberately or not, they essentially have a bit of a blackmail file on almost everyone. And the issue is, with stories like that, it does suggest that maybe we shouldn’t be trusting them with it. As I should say, to be fair to the agencies, on this particular program, there’s no sign of misuse. But we do know, from the report you cited in November and so on, it’s not as if they’ve dismissed this as a tactic. And I think the idea of the government building, deliberately or accidentally, these dossiers on each of us is quite worrying.
AMY GOODMAN: And the relationship between these companies, like Yahoo, like Google, and the government, the trade-offs that are made. I mean, the deals they make with the government, the government expects something in return.
JAMES BALL: Exactly. I mean, we talk about this a lot in China. You know, Google, fairly commendably, actually, got out of China when the censorship demands became too much. But other companies, like Microsoft, will censor search results, will do what they have to do there. We never quite think about it the same way for companies operating here. There is a trade-off. They have to sort of comply with U.S. law. They often want friendly relations. You know, they’re worried about new regulation coming in, all sorts of things. And so, any country in the world, when the tech companies are working in, there are going to have to come some accommodations with the government, and sometimes that’s not going to be in the interests of the privacy of consumers or of activists. It’s kind of the same everywhere.
AMY GOODMAN: And has the NSA responded?
JAMES BALL: So, to this particular story, the NSA refused to answer any questions. We asked them very specific, very simple questions. Have you seen this imagery? You know, would you do the same? Do you have similar programs? No answer.
AMY GOODMAN: It’s still going on?
JAMES BALL: So, and whether it’s still going on. I’m really hoping someone in Congress asks the same questions, because hopefully the NSA will find it harder to give them no comment.
AMY GOODMAN: What would—what legislation would—what would legislation look like that prevents this kind of thing from happening, not to mention overall spying on Americans and people around the world?
JAMES BALL: It’s—I think you really would have to beef up this idea that there’s only a problem when this stuff is searched. I think you really have to focus on what should the NSA collect, what reasons should they have to have to collect on me or on you or on anyone. You know, I’m not American, so I tend to worry about the privacy of foreigners, because I am one, even though I live here. And so, we want reasonable protections. We want the idea that you shouldn’t have to collect—you know, you shouldn’t just start worrying about the law or about privacy when you search it; it’s when you store it. And that’s kind of the shift in principle that people are thinking about. It’s—I think, if not, if the NSA wants to make the case that they absolutely have to do mass collection, they really are going to have to convince the American public of it and show why it’s necessary. I think they’ve had nine months to do that, and they really haven’t been able to point to a terror plot stopped or a serious criminal caught because of mass surveillance. And I think if that’s the case they want to make, they’ve got to do it a lot better.
AMY GOODMAN: James Ball, I want to thank you for being with us, special projects editor for Guardian US. He recently co-wrote the piece with Spencer Ackerman called “Yahoo Webcam Images from Millions of Users Intercepted by GCHQ.” We’ll link to it at democracynow.org. This is Democracy Now! Back in a minute.
[break]
AMY GOODMAN: During the break, our TV audience has just been seeing pictures sent in from listeners and viewers from around the world telling us why Democracy Now! is important to them. February marked the 18th anniversary of Democracy Now! It’s wonderful to see all the messages people have been sending in online, signs and videos. We’ve posted many of these photos online, which you can see on our website at democracynow.org. Send more, send more, in our birthday month. Well, this is Democracy Now! I’m Amy Goodman.
Join us in defending the truth before it’s too late
The future of independent journalism is uncertain, and the consequences of losing it are too grave to ignore. To ensure Truthout remains safe, strong, and free, we need to raise $44,000 in the next 6 days. Every dollar raised goes directly toward the costs of producing news you can trust.
Please give what you can — because by supporting us with a tax-deductible donation, you’re not just preserving a source of news, you’re helping to safeguard what’s left of our democracy.