SAN FRANCISCO — A British intelligence agency collected webcam images — many of them sexually explicit — from millions of Yahoo users, regardless of whether they were suspected of illegal activity, according to accounts of documents leaked by Edward J. Snowden.
The surveillance, by Britain’s Government Communications Headquarters, was code-named Optic Nerve. Images from Yahoo webcam chats were captured in bulk through fiber-optic cable taps and saved to a GCHQ database, where they could be queried by a search tool called XKeyscore, provided by the National Security Agency, according to a report Thursday by The Guardian.
The report did not indicate whether the agency collected images from similar services, such as Google Hangouts or Microsoft’s Skype. The Guardian did say the British agency was studying the possibility of using cameras in Microsoft’s Kinect devices, which are used with its Xbox game consoles, to spy on users. Microsoft had no immediate comment on the report.
Yahoo, which was named in GCHQ documents, said it was unaware of the program and expressed outrage.
“This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable, and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December,” the company said in a statement. “We are committed to preserving our users’ trust and security and continue our efforts to expand encryption across all of our services.”
Companies that operate Internet services send vast amounts of data — including video and webcam chats — through fiber-optic lines between their data centers around the world. After recent disclosures about government tapping of some of those lines, all three companies have said they are working to encrypt links between data centers.
Yahoo has said that encryption will be in place for all of its services by March 31. Google has encrypted its video chat services since at least 2010.
In response to earlier concerns about potential government surveillance of the Kinect camera, Microsoft said last year that it would allow users to turn it off. The company also said that it did not give any government broad access to Skype data or security technologies.
Documents dated 2008 to 2010 show GCHQ was collecting still images from Yahoo webcam chats and storing them. Its Optic Nerve program was still active in 2012, according to an internal GCHQ document.
Because the British agency lacked the technical means to filter out the content of British or US citizens, and because it faces fewer legal restrictions than the NSA in the United States, GCHQ was collecting vast numbers of webcam images, documents show. In one six-month period in 2008, it collected webcam images from more than 1.8 million Yahoo user accounts globally, including those of Americans, according to the Guardian report.
GCHQ saved one image every five minutes from users’ feeds, partly to avoid overwhelming its servers. It restricted its image searches to so-called metadata, information that tells analysts what content the files contain, such as the sender and receiver’s user names, file types, time, date and duration of their chat.
But analysts were still able to view the contents of webcam chats between users whose usernames matched those of surveillance targets.
The agency apparently experimented with facial recognition technology, which searched webcam images for faces resembling those of GCHQ targets. One document shows the agency shuttered this capability. It was unclear if or when it was resurrected. It is also unclear if the NSA had access to the metadata and images.
Collecting and storing content from video sources has long posed a dilemma for the NSA and its intelligence counterparts because files are often larger and more difficult to store. Also, the video files often contain pornography, family videos, commercials, and content of questionable intelligence value.