“It was terribly dangerous to let your thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away. A nervous tic, an unconscious look of anxiety, a habit of muttering to yourself—anything that carried with it the suggestion of abnormality, of having something to hide. In any case, to wear an improper expression on your face (to look incredulous when a victory was announced, for example) was itself a punishable offense. There was even a word for it in Newspeak: facecrime, it was called.” — George Orwell, Nineteen Eighty-Four
Welcome back to the future: Yesterday, The Guardian published a stunning article exposing Optic Nerve, a secret program operated by the British intelligence service, GCHQ, that indiscriminately intercepts and stores webcam images from millions of Yahoo! users. The article, based on documents obtained from NSA whistleblower Edward Snowden, invokes Orwell’s “telescreens” in reporting that “with aid from the US National Security Agency,” GCHQ has collected images from webcam chats at five-minute intervals from at least 2008 to 2012, ostensibly in order to compile a kind of “digital police mugbook.” The program may still be active today.
Even after almost eight full months of profoundly disturbing revelations about NSA and GCHQ mass surveillance, one can’t help but be stopped cold by this story. After all, we carry webcams in our pockets and stare at them on our laptops all day long. On camera, every day, we conduct business meetings; we talk to far-away grandparents; and we even, well, show our “intimate parts” to others (as a GCHQ document so Britishly put it). Now we’ve learned that snapshots of these communications might reside in computers we’re consistently told are meant to catch terrorists.
According to The Guardian article, it doesn’t really matter what we do on camera: these images are harvested in bulk, so not even the most benign of our video conversations are immune from collection and retention. As a technical matter, the spy agencies can’t even filter out British or American chats. And the only reason millions of innocent Yahoo! users find their videos in a massive surveillance database is because “Yahoo webcam is known to be used by GCHQ targets.” That rationale is not just a slippery slope—it’s a cliff.
Though the new article focuses on GCHQ, the NSA’s presence lurks in the shadows of everything we know about Optic Nerve. For example, “[w]ebcam information was fed into NSA’s XKeyscore search tool, and NSA research was used to build the tool which identified Yahoo’s webcam traffic.” And: “[A]ll of the policy documents were available to NSA analysts through their routine information-sharing. A previously revealed NSA metadata repository, codenamed Marina, has what the documents describe as a protocol class for webcam information.”
To paraphrase Senator Howard Baker: What did the NSA know, and when did it know it? Here are five questions the NSA must answer about its role in this perversion of “counterterrorist surveillance”:
- Are images obtained through Optic Nerve available to NSA analysts through XKeyScore? The article suggests that they are, putting still frames of Aunt Edna and your baby cousin in a surveillance “mugbook.” Even if not, does the NSA have its own version of Optic Nerve, collecting in bulk images of our intimate moments? Can NSA analysts use the XKeyScore search engine to turn up these images or those captured using Optic Nerve from their desks in Fort Meade?
- Did the NSA collaborate in the creation of the program? The Snowden documents indicate that “NSA research” contributed to the “tool” behind Optic Nerve. Perhaps the U.S. spy agency do something more? The NSA’s carefully worded statement to The Guardian says that it “does not ask its foreign partners to undertake any intelligence activity that the US government would be legally prohibited from undertaking itself.” But given the word games the NSA’s been playing recently, it would be naïve not to ask whether the agency considers a “suggestion” to be an illegal “ask”?
- What efforts has the NSA undertaken to protect the privacy of innocent Americans caught up in the program? If GCHQ lacks the “technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans’ images being accessed by British analysts without an individual warrant,” then how many Americans have been monitored under the program—and are their images still on the spy servers? What steps, if any, did the NSA take to make sure that the “tool” it contributed to Optic Nerve wouldn’t be used to target Americans (or any other innocent individuals, for that matter)?
- Does GCHQ share information obtained via Optic Nerve with the United States, and under what conditions? It’s unclear from the article whether the NSA has received anything obtained through Optic Nerve—but if it has, what’s been done with the data? NSA defenders consistently point to its rules governing minimization as the ramparts of privacy protection against the sea of global surveillance. But those rules are so riddled with loopholes that they resemble the targets at a shooting gallery. What’s being done with American video chats obtained through the program?
- What other video-chat services have been mined by bulk surveillance? Since it’s highly unlikely that Yahoo! is the only webcam service “known to be used by GCHQ targets,” which other services have been swept up in similar operations?
The NSA has been able to evade some of the hardest questions about its mass-surveillance apparatus, but reporters, legislators, and citizens alike should not let that happen in the wake of The Guardian’s new report of unprecedented privacy intrusions online. We shouldn’t have to worry about the government watching us connect with Grandma and Grandpa—but now we know that we do.