recommended reading

More Snowden Leaks: NSA Intercepting Millions of Facial Images


Nearly one year after the classified leaks from former National Security Agency contractor Edward Snowden began to generate worldwide headlines, their persistent drip continues to shine a light into the NSA’s affinity for information of any sort.

The latest bombshell comes via The New York Times, which reported over the weekend that the NSA “is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations” to advance its facial recognition programs.

The NSA documents delivered by Snowden suggest the agency’s reliance on facial recognition technology picked up after 2010 as a result of Umar Farouk Abdulmutallab’s attempted airplane bombing and Faisal Shahzad’s car-bombing attempt in Times Square. The 2011 documents say the agency intercepts “millions of images per day,” including 55,000 “facial recognition quality images,” and note the agency had turned to new software to “exploit the flood of images included in emails, text messages, social media, videoconferences and other communications.”

The documents show the NSA considers facial images on the same level of importance for tracking terrorists as fingerprints and other identifiers, and because the cited classified documents are three years old, it’s likely the NSA’s potential to capture facial recognition quality images from Internet traffic has significantly increased.

“It’s not just the traditional communications we’re after: It’s taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to compile biographic and biometric information” that can help “implement precision targeting,” said one 2010 document.

Unlike the most expansive NSA disclosures thus far, such as the agency’s subversion of computer encryption standards or collecting phone call content from an entire country, privacy advocates and defenders of Internet freedom have little by way of legal statutes to stand on in this case. The Times points out that “neither federal privacy laws nor the nation’s surveillance laws provide specific protections for facial images.”

The NSA did not say whether it had access to the State Department’s massive facial imagery database – considered by some to be the largest in the government – but an NSA spokeswoman did confirm that the NSA does not have access to state databases of driver’s licenses or to American passport images.

But what of social media platforms like Facebook, which boasts the largest image database in the world?

The NSA declined to comment on whether the agency collected facial imagery of American citizens from Facebook and other platforms through means other than communications intercepts.

(Image via ra2studio/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.