About seven years ago, British spies quietly launched a top-secret mass surveillance operation code-named Karma Police. Karma Police was just one of the many surveillance tools assembled by United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters (GCHQ), with one central goal in mind – to observe and gather as much information as possible on every visible user on the Internet.
After the operation was in full swing, Karma Police was quickly gathering billions of digital records on as many people as it could possibly reach. The data collected was extensive and included the users’ complete browsing habits. Amongst the recorded data were details of visits to social media and news websites, search engines, chat forums, pornography and much more.
While Karma Police has been around for many years, the revelation about the scope of the surveillance is fairly recent. As revealed in the documents leaked by National Security Agency whistleblower Edward Snowden – the GCHQ is a very elaborate eavesdropping powerhouse with many strands.
With reference to the disclosed documents – there were a number of programs built to better gather information and track the people associated with the data. One system, for example, is used to compile profiles to show people’s browsing histories. Other systems were built and implemented to track and analyze communications such as email, Skype, text messages, social media interactions and phone calls – amongst much else.
It’s all about the MetaData
The data collected would allow the GCHQ access to a complete set of metadata regarding the communication. In essence, GCHQ would know the sender and recipient of an email, as well as the phone numbers someone called and at what time. The content of a communication – via email, phone, or otherwise – is not part of the metadata, therefore, was not recorded during operations.
The GCHQ has been collecting unbelievable amounts of data. As of 2012, about 50 billion metadata records were collected daily, with the aim of doubling that number by the end of the year. At that rate, the agency was well on its way to becoming the largest government surveillance system on Earth.
The leaked documents provide some insight on how the CGHQ operates. In the case of browsing history profiles, the agency uses something they call Black Hole – a massive repository that stores raw logs of data collected by probes. These so-called “probes” tap into fiber-optic cables responsible for transporting the world’s Internet traffic to effectively absorb website browsing histories of users all across the world. This data comes from all types of users, with no specific demographic being targeting more so than the other. According to the documents – the Black Hole stored more than 1.1 trillion metadata records between August 2007 and March 2009.
Out of the 1.1 trillion records, about 41 percent were of users’ Internet browsing histories, and the rest were a combination of information on social media activity, instant messaging, online searches, and data on the tools used to browse the Internet anonymously.
Karma, Karma, Karma, Karma, Karma, Chameleon
While metadata itself may not seem very useful at first glance, GCHQ is able to uncover a person’s identity based on the raw data stored in the Black Hole or similar repositories. The way this can be done is by using a number of GCHQ’s systems to analyze the data.
One method used by the GCHQ involves the use of Karma Police to gather a person’s IP address. The IP address itself is not much use to the GCHQ, but when paired with other known data, the IP becomes a very valuable resource. For example, analysts can enter the IP address into a system named Mutant Broth – which will then look through the vast amounts of data stored in the Black Hole to locate cookies associated with the IP. Cookies often contain not only your username or email but also your login password and IP address.
When the agency is able to link your IP address with an email address, they can then use a different system to effectively spy on the target’s email and instant messenger conversations as well as web browsing habits. In essence, all the GCHQ needs is a single identifier to be able to access a very large amount of information on that person’s online activity.
Although officially GCHQ is on a search for questionable online behavior that could ultimately be connected to criminal activity such as terrorism, the entire system remains very controversial. Shortly after Snowden revealed some of the methods behind GCHQ’s data-gathering programs, the U.K. parliamentary committee called for an overhaul of regulations around spying – and with good cause. Most of the concerns stemmed around the incredibly vast and arguably intrusive datasets gathered by the GCHQ on a “wide range of people.”
The reports show that Karma Police and Mutant Broth are only two of the many more bulk collection systems in use by the GCHQ. All of these systems perform slightly different tasks and are extremely powerful when used to complement one another.
While these systems are supposed to be used for cyber defense, the sheer amount of data collected makes it very easy for GCHQ spies to abuse their access to personal information. In fact, the British spying regulations are considered quite lax in comparison to other superpowers – including the NSA. Which helps explain why Snowden told The Guardian that U.K surveillance is “worse than the U.S.”