A story came out recently that the NSA and the UK’s GCHQ intelligence agencies were working together to gather images from webcams on Yahoo’s video chat application. In a program known as “Optic Nerve”, GCHQ collected over 1.8 million images in just 6 months, in a program that went on for over two years. Between 3-11% of those images were of “intimate parts” of the user’s body. GCHQ then shared those images with the NSA, including images of Americans.
Despite the glaring problem of collecting images of American’s genitalia from a foreign intelligence agency, the NSA still insists that it is within the limits of “the law” and is not spying on Americans. If the fact that the NSA is a government spy agency with no constitutional authority wasn’t reason enough to distrust everything they say, I hope this drives home the point. If the NSA is warehousing surreptitiously obtained photos of American’s private parts, and says that doesn’t count as spying on Americans, I’m really interested to know how exactly they define the terms “spying” and “American”.
Yahoo issued the following statement over the story,
“We were not aware of nor would we condone this reported activity. This report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable and we strongly call on the world’s governments to reform surveillance law consistent with the principles we outlined in December. We are committed to preserving our users’ trust and security and continue our efforts to expand encryption across all of our services.”
The fact of the matter is though, Yahoo can secure their services anytime they want. They have had the technology to do so all along, but chose not to use it, presumably to avoid legal issues in countries like Iran, where most encryption is banned, and encryption embargoes imposed by the United States on countries who don’t bow to its edicts.
Now, it’s all fine and well that Yahoo has seen fit to respond to government coercion, most of us do this in some form or another. What isn’t fine, is acting surprised when governments spy on a system that was designed to be spied upon, and assuring your users that you are doing everything you can to protect them from their governments, when in fact you have complied with the government specifically for the purpose of allowing them to spy on your users.
There is only one reason a government would object to encryption, and that reason is obvious, it obstructs their ability to spy on people. There is literally no other reason for this objection, if you aren’t trying to spy on the system, then whether or not it is encrypted makes absolutely no difference to you. Yahoo knows this, and intentionally opted to not encrypt their communications anyway.
Encryption has been widely available throughout the entire history of the Internet, in fact, well prior to anything modern web users would recognize as “the Internet”, encryption has been readily available to everyone.
Yahoo pretending anything otherwise is simply dishonest. The same thing goes for Google, Microsoft, Apple, and other providers. They can secure their systems anytime they want. They are intentionally choosing not to, specifically so governments can spy on their people.
What should disturb users even more, is that the NSA didn’t use any sort of secret government spy weapon to obtain these images. The fact of the matter is, if the NSA can do it, anybody can. Yahoo, at the behest of government agents, has made their protocols susceptible to spying not only by governments, but by private sector criminal elements as well.
The good news is, you can secure your own communications without their assistance. To get started, check out these articles on ChristopherCantwell.com
- How To Hide on the Internet: Part 1
- How To Make Your Files NSA Proof
- How To Encrypt Your Email and Other Communications
- Anarchist Android App Audit: Security
To demonstrate how easy it would be for Yahoo to secure their network, I have submitted a request to my hosting provider to upgrade the hosting package for this website to include SSL. By the middle of this week, ChristopherCantwell.com will be encrypted, and it will cost me less than $40/year.