KARMA
POLICE is also the name of a popular song released in 1997 by the
Grammy Award-winning British band Radiohead, suggesting the spies may
have been fans. A verse repeated throughout the hit song includes the
lyric, “This is what you’ll get, when you mess with us.”
Key
parts:
Before
long, billions of digital records about ordinary people’s online
activities were being stored every day. Among them were details
cataloging visits to porn, social media and news websites, search
engines, chat forums, and blogs. The mass surveillance
operation — code-named KARMA POLICE — was launched by British
spies about seven years ago without any public debate or scrutiny.
It was just one part of a giant global Internet spying apparatus
built by the United Kingdom’s electronic eavesdropping agency,
Government Communications Headquarters, or GCHQ.
As of
2012, GCHQ was storing about 50 billion metadata records about online
communications and Web browsing activity every day, with plans in
place to boost capacity to 100 billion daily by the end of that year.
The agency, under cover of secrecy, was working to create what it
said would soon be the biggest government surveillance system
anywhere in the world.
The power
of KARMA POLICE was illustrated in 2009, when GCHQ launched a
top-secret operation to collect intelligence about people using the
Internet to listen to radio shows. The agency used a sample of nearly
7 million metadata records, gathered over a period of three
months, to observe the listening habits of more than 200,000 people
across 185 countries, including the U.S., the U.K., Ireland, Canada,
Mexico, Spain, the Netherlands, France, and Germany.
A summary
report detailing the operation shows that one aim of the project was
to research “potential misuse” of Internet radio stations to
spread radical Islamic ideas. GCHQ spies from a unit known as the
Network Analysis Center compiled a list of the most popular stations
that they had identified, most of which had no association with
Islam, like France-based Hotmix Radio, which plays pop, rock, funk
and hip-hop music.
GCHQ’s
documents indicate that the plans for KARMA POLICE were drawn up
between 2007 and 2008. The system was designed to provide the agency
with “either (a) a web browsing profile for every visible user on
the Internet, or (b) a user profile for every visible website on the
Internet.” The origin of the surveillance system’s name is not
discussed in the documents. But KARMA POLICE is also the name of a
popular song released in 1997 by the Grammy Award-winning British
band Radiohead, suggesting the spies may have been fans. A verse
repeated throughout the hit song includes the lyric, “This is what
you’ll get, when you mess with us.”
GCHQ
vacuums up the website browsing histories using 'probes' that tap
into the international fiber-optic cables that transport Internet
traffic across the world.
... data
collected by GCHQ as part of bulk “unselected” surveillance,
meaning it is not focused on particular “selected” targets and
instead includes troves of data indiscriminately swept up about
ordinary citizens’ online activities. Between August 2007 and
March 2009, GCHQ documents say that Black Hole [a massive
repository] was used to store more than 1.1 trillion “events”
— a term the agency uses to refer to metadata records — with
about 10 billion new entries added every day.
As of
March 2009, the largest slice of data Black Hole held — 41 percent
— was about people’s Internet browsing histories. The rest
included a combination of email and instant messenger records,
details about search engine queries, information about social media
activity, logs related to hacking operations, and data on people’s
use of tools to browse the Internet anonymously. Throughout this
period, as smartphone sales started to boom, the frequency of
people’s Internet use was steadily increasing. In tandem, British
spies were working frantically to bolster their spying capabilities,
with plans afoot to expand the size of Black Hole and other
repositories to handle an avalanche of new data.
By
2010, according to the documents, GCHQ was logging 30 billion
metadata records per day. By 2012, collection had increased to 50
billion per day, and work was underway to double capacity to 100
billion. The agency was developing “unprecedented” techniques
to perform what it called “population-scale” data mining,
monitoring all communications across entire countries in an effort to
detect patterns or behaviors deemed suspicious. It was creating what
it said would be, by 2013, “the world’s biggest” surveillance
engine “to run cyber operations and to access better, more valued
data for customers to make a real world difference.”
In
isolation, IPs would not be of much value to GCHQ, because they are
just a series of numbers — like 195.92.47.101 — and are not
attached to a name. But when paired with other data they become a
rich source of personal information. To find out the identity of a
person or persons behind an IP address, GCHQ analysts can enter the
series of numbers into a separate system named MUTANT BROTH, which is
used to sift through data contained in the Black Hole repository
about vast amounts of tiny intercepted files known as cookies.
When you
visit or log into a website, a cookie is usually stored on your
computer so that the site recognizes you. It can contain your
username or email address, your IP address, and even details about
your login password and the kind of Internet browser you are using —
like Google Chrome or Mozilla Firefox. For GCHQ, this information is
incredibly valuable. The agency refers to cookies internally as
“target detection identifiers” or “presence events” because
of how they help it monitor people’s Internet use and uncover
online identities.
A
top-secret GCHQ document from March 2009 reveals the agency has
targeted a range of popular websites as part of an effort to covertly
collect cookies on a massive scale. It shows a sample search in which
the agency was extracting data from cookies containing information
about people’s visits to the adult website YouPorn, search engines
Yahoo and Google, and the Reuters news website. Other websites listed
as “sources” of cookies in the 2009 document (see below) are
Hotmail, YouTube, Facebook, Reddit, WordPress, Amazon, and news sites
operated by CNN, BBC, and Channel 4 News.
In one
six-month period between December 2007 and June 2008, the document
says, more than 18 billion records from cookies and other similar
identifiers were accessible through MUTANT BROTH.
The
agency operates a bewildering array of other eavesdropping systems,
each serving its own specific purpose and designated a unique code
name, such as: SOCIAL ANTHROPOID, which is used to analyze
metadata on emails, instant messenger chats, social media connections
and conversations, plus “telephony” metadata about phone calls,
cell phone locations, text and multimedia messages; MEMORY HOLE,
which logs queries entered into search engines and associates each
search with an IP address; MARBLED GECKO, which sifts through details
about searches people have entered into Google Maps and Google Earth;
and INFINITE MONKEYS, which analyzes data about the usage of online
bulletin boards and forums.
GCHQ has
other programs that it uses to analyze the content of intercepted
communications, such as the full written body of emails and the audio
of phone calls. One of the most important content collection
capabilities is TEMPORA, which mines vast amounts of emails, instant
messages, voice calls and other communications and makes them
accessible through a Google-style search tool named XKEYSCORE. As
of September 2012, TEMPORA was collecting “more than 40 billion
pieces of content a day” and it was being used to spy on people
across Europe, the Middle East, and North Africa, according to a
top-secret memo outlining the scope of the program. The existence
of TEMPORA was first revealed by The Guardian in June 2013.
In 2010,
GCHQ noted that what amounted to “25 percent of all Internet
traffic” was transiting the U.K. through some 1,600 different
cables. The agency said that it could “survey the majority of the
1,600” and “select the most valuable to switch into our
processing systems.” Many of the cables flow deep under the
Atlantic Ocean from the U.S. East Coast, landing on the white-sand
beaches of Cornwall in the southwest of England. Others transport
data between the U.K. and countries including France, Belgium,
Germany, the Netherlands, Denmark, and Norway by crossing below the
North Sea and coming aground at various locations on England’s east
coast.
A
little-known loophole in the law allows GCHQ to use external warrants
to collect and analyze bulk metadata about the emails, phone calls,
and Internet browsing activities of British people, citizens of
closely allied countries, and others, regardless of whether the data
is derived from domestic U.K. to U.K. communications and browsing
sessions or otherwise.
Intelligence
GCHQ collects on British persons of interest is shared with domestic
security agency MI5, which usually takes the lead on spying
operations within the U.K. MI5 conducts its own extensive domestic
surveillance as part of a program called DIGINT (digital
intelligence).
In
isolation, a single metadata record of a phone call, email, or
website visit may not reveal much about a person’s private life,
according to Ethan Zuckerman, director of Massachusetts Institute of
Technology’s Center for Civic Media. But if accumulated and
analyzed over a period of weeks or months, these details would be
“extremely personal,” he told The Intercept, because they could
reveal a person’s movements, habits, religious beliefs, political
views, relationships, and even sexual preferences.
... 10
percent of the agency’s “targeting” of individuals for
surveillance is audited annually and a random selection of metadata
searches are audited every six months.
“The
spread of encryption … threatens our ability to do effective target
discovery/development,” says a top-secret report co-authored by an
official from the British agency and an NSA employee in 2011.
“Pertinent metadata events will be locked within the encrypted
channels and difficult, if not impossible, to prise out,” the
report says, adding that the agencies were working on a plan that
would “(hopefully) allow our Internet Exploitation strategy to
prevail.”
Full
report, documents, maps:
Read
also:
Comments
Post a Comment