Friday, 28 February 2014

GCHQ Privacy Disregard Touches the Optic Nerve

The latest GCHQ revelation courtesy of The Guardian and Edward Snowden, is arguably the most privacy damming of them all. A GCHQ surveillance program called 'Optic Nerve', collected more than 1.8 million webcam imagines from Yahoo chat accounts between 2008 and 2010. The program saved one webcam image every five minutes from unknowing Yahoo users using private webcam chat.  One of the stolen GHCQ memos made no bones that the service struggled to keep the large store of sexually explicit imagery collected from the eyes of its staff.

The fact these images were collected on mass and indiscriminately without the knowledge of Yahoo's users, the vast majority of which are law abiding, is a real privacy invasion. Most worryingly is that such an undertaking could be "green lighted" by senior officials, this beggars belief, pointing to a general lack of human morality and to the uncontrolled power our security agencies have. This is what happens when covert security agencies are given a high degree of trust and power, but are held completely unaccountable for their actions.  

This has parallels with hackers, credit card fraudsters and even online cyber bullies, when certain people believe they are not accountable for their actions online, namely they feel they can get away with it, certain people will commit dark acts without the fear of any recourse and do dastardly things they certainly wouldn't repeat in the more accountable real world. Take the example of Curtis Woodhouse, a professional boxer who turned the tables on his cyber abuser by offering a £1,000 reward on Twitter is anyone who could identify his abuser. Duly enough he received a name and an address, and proceeded to travel across England to meet his abuser face to face, tweeting his progress along the way. As he reached the doorstep of his troll he received a full apology from him on Twitter. Just in the nick of time, and to Curtis' great credit he resisted demonstrating his boxing prowess to his abuser, but instead has used his cyber bully and the whole experience to raise awareness.

Back to the GCHQ privacy abuse, it is high time the UK government got a stronger grip with GHCQ, by holding them to account by introducing an independent privacy protection oversight function with all of their covert digital operations, and perhaps even direct GCHQ into helping to protect the UK's national cyber assets and critical infrastructure. The latter is especially important given this week we heard UK energy companies security is so weak, they can't obtain any cyber insurance.

The UK government needs to get its cyber priorities straight, and tackle the UK cyber defence problem, which is often talked about, but little is ever done. If the UK lost power or water due to a cyber attack, it would be national crises. As with their handling of GCHQ, the UK government are doing a poor job into holding profit hungry energy and utility companies to account for their security, even though their services are crucial to UK citizens and businesses alike.

No comments: