Britian's GCHQ took photos of missions of unsuspecting Yahoo! users through webcams

http://www.ft.com/cms/s/0/01267c6e-9fd2-11e3-9c65-00144feab7de.html#axzz2uZazIpQ4

Your tax dollars (pounds?) at work

You know, if they captured any explicit pictures of teenagers, couldn't they be convicted for producing child porn?

 

I never have trusted webcams. As a family we avoid them and disable them on laptops. Except my younger sister who always uses it. These spy agencies are wasting their time and money, anyone planning a serious crime would do it the old fashioned way face to face with no phones or computers that can be monitored. Only noobs would plan a terrorist attack using yahoo lol

 

Meh, actually not not bothered.

It's not like there's a bank of people in darkened rooms sitting there watching webcam footage. If you're a person of interest, then it may get viewed by someone at some point, if you're not it won't.

Anyone thinking that the agencies are listening to all their calls, watching them on the webcam and rifling through their bins needs a reality check - because they're just not that interesting.

 

I guess the old tin-foil hat could also be used to over one's bits..........

 

So does that mean we can charge GCHQ employees with knowingly collecting (indecent) images of children?

 

Thing is, power corrupts. Agencies may not be professionally interested in you, but agency personnel may be personally interested. Whether you are their love interest, or just their perv interest, secret access to people's webcam footage may be a temptation too hard to resist.

 

Makes you want to. If it was anyone else stealing streamed footage from childrens webcams their would be uproar.

 

Of course, but the trial will collapse because the government will have granted them a selective amnesty.

 

True, but then this sort of behaviour isn't exclusive to intelligence agencies - there are just as many news snippets you see of employees of TV, phone, credit cards, banks, ISPs, HR depts etc abusing the information they have access to. I worked at a subco of Sky in a call centre for a bit when I was at university and looking up friends, old flames and colleagues was openly talked about amongst the staff, almost like a game of "find the most dirt on someone you know". The most personal sort of information anyone could tend to find was that X is skint and can't pay their bill or Y ordered some dodgy sounding PPV, but employees of banks and credit card companies or CCTV operators would no doubt have access to far more information.

Granted, intelligence agencies are likely to have a greater degree of personal data, but these agencies have rigorous vetting processes and procedures in place to minimise this sort of activity. More often than not there's little to no meaningful clearing process for the private sector employees I mention above, especially in call centres.

That said... "It was recommended that the subject not be given a security clearance", highlights an issue in the vetting and security process to start with IMO. I would have expected that simply being on an NSA site unescorted, let alone as an employee, would have required a fairly rigorous security clearance process (it certainly would with regards to UK agencies).

I've been in situations with work previously where if I chose to I could access all sorts of very personal information (e.g. not just that they ordered some porn on Sky) on what's likely to be many individuals on this very forum (and almost certainly yourself, Nexxo ). I chose not to for three reasons - there would have been a huge risk to myself and my livelihood in doing so, I'm generally not a dick so have no reason to want "dirt" on people but most of all, I just don't care.

... has that "intimate" rash you had back in 2011 cleared up, by the way?

 

It's probably more a matter of them just setting out to grab as much data as they could and work out if the needed it later.

Doesn't make it right though.

 

However it seems the story was a bit overcooked in places. In that "It is possible to" gets read as "have already been" and so on.

I'm not saying that there isn't an issue here. Just that it isn't quite what the headline says as ever.

 

It isn't exclusive to intelligence agencies, but when you are giving personal data to Sky, VISA or Virgin, at least you know what you are sharing and are making the decision to do so. Informed consent and all that.

And I'm sure that you'd feel less violated if someone knew some abstract information about you, e.g. how much you had in the bank, than if that person was able to watch you in the privacy of your own home on your webcam. It's a different level of intrusion.

You are highlighting two issues. How good are organisations at keeping the rules, and how likely are people to break them.

The larger an organisation, the more it relies on people to be professional. This is because the bigger the group, the harder it is to exert social self-policing (it's why Communism works fine for Amish communities, but not for whole countries). Associated with this is company culture: the implicit or tacit norms and values that exist amongst the workforce. If you work in a system run by psychopaths, that endorses psychopathic values and behaviour, then (in order to survive and thrive) you will adopt the psychopathy, cf. News of the World and the phone hacking scandal. Now, how psychopathic is the NSA?

The more power people have in an organisation, the more important it is that they wield that power professionally. To ensure that there are not only really strict rules, but people with more responsibility are also paid more; after all the worse people are paid, the less penalty there is for breaking the rules and losing your job. The problem is that organisations have a lot of little people with informal responsibility and power which is not recognised in their pay, but if they were to break the rules the consequences could be huge (cf. Bradley Manning for a graphic example). Large organisations simply are not aware of this, like we are not aware of our immune cells coursing through our bodies keeping us safe from germ invasion. One of your underpaid student zero-hour contract employees at Sky could for instance just sell on personal customer data to anyone willing to pay for it --and indeed, if criminals try to access customer data, this is often how they do it. They bribe the little fish who are undervalued, underpaid and disgruntled, and have really nothing to lose.

On the other end of the scale are the people in power, who occupy those positions in part because they like power. And the only way to experience power is to use it... This is why politicians, consultant doctors and celebrities (cf. Jimmy Saville) can go completely off the rails. They had everything to lose... and yet they risked it all. Not only because they could get away with it, but because they loved getting away with it. It's what power is all about.

In between those extremes are the many people are a bit morally compromised, and some people are outright crazy. It's why we have shoplifting, road rage, pub brawls, football hooliganism, fraud, workplace bullying. It's why we had the 2011 riots. Those people will break the workplace rules, even if there are good reasons not to. Because power corrupts, and some people have less of a moral centre to resist that temptation than others.

So the moral of the story is: power absolutely corrupts. Pay people well, maintain firm rules and boundaries, and keep an eye on the people in the boardroom as much as the cleaner emptying the waste baskets at night. And don't give anybody too much power.

 

I had a really extensive and well worded contribution mostly typed out here on Friday before I ran away to kick off 48 hours of one of the most unpleasant bouts of puking and high fever of my adult life. Good times!

To summarise though, a few points:

- I can't disagree with any of what you say. It's the "OMG Guvrnmint is stealin mah datas!" individuals and news items that I find ridiculous - as if there are hundreds of individuals in darkened rooms perving on live webcam footage of people people, whether they're having intimate exchanges or paying their water bill. Reality check - the overwhelming majority of the images ingested will never be seen by a real person.

Is a targeted hack on someone's webcam an invasion of privacy? Absolutely.
Is a mass HPC-based analysis of static images transmitted by thousands of webcams, where images of "normal" people are discarded an invasion of privacy? I'm on the fence here.

- You're quite right that collecting information without the source's consent is a different matter entirely, but on the other hand you are transmitting information over service that is known not to be infallible in terms of security, and that it's not rocket science to intercept any of the information sent. If you're passing secret notes in class and someone in the chain decides to have a read, should you be surprised? If you change your pants in front of an open window should you get upset if someone seed you naked? I'm not saying this excuses illicit interception of information, I'm just surprised more people don't consider it.

I wonder what weasel words Yahoo, Skype etc have in their T&Cs to cover something of this nature? I'm disinclined to read through in detail what I imagine to be 80 pages of incredibly dry legalese to satisfy my curiosity though.

- For every individual that abuses privileged access to information, regardless of how it's obtained, there are thousands that do not. Of course nobody is going to report on the people that get to work and do their day jobs without breaking the rules.

 

Clause 18, Section 8, Paragraph 4:

"If teh guv't want ter peek at u wankin', we cant stop em"

It's the new level of illegibility.

 

I'm pleased to hear that one of my noxious rotovirus farts from the arse end of last week made it all the way to the East Midlands

 

Whenever I hear someone say they have "vigorous vetting procedures" I cringe. Working at companies that need these "vigorous vetting procedures" I can tell you this; mostly, all they are looking for is this:

Do you have any large outstanding debts, not including mortgages
Do you take drugs (they dont seem bothered about alcohol... )
How do you spend your weekends
Do you watch porn and is it highly fetishised
Have you any secret family
Are you comfortable with your sexuality
History of health

They will interview a friend also.

Basically, all to determine if you are corrupt-able. Essentially, most people will pass this even if they do have many of the above. At the end of the day, you can't vigorously vet someone enough to ensure they aren't a human being. And most of them won't have had the opportunity to be corrupt-able until they work for their new employer.

 

What surprises me more is not that things like this happen, it's that people are surprised when it does, as Mister_Tad says the (vanilla) internet isn't the most secure form of transmitting data.
The fact that so many people seem to think posting or transmitting intimate details of their personal life all over the place still boggles my mind

 

I was only using the immune system as an example!

What can I say? People don't really understand the technology that they use on a daily basis.

I'm surprised that nobody has created a EULA reader program yet, to do it for us. Legalese is pretty standard jargon so it shouldn't be hard for a parser to analyse it and give you a simple bullet-pointed summary (even Word has Autosummarise).

Do you expect your doctor to do your job well, or should it be marked as an auspicious occasion every time he does?