“Karma Police”: Newly Published Documents Shed Light on a Massive British Metadata Dragnet

No, it is not a fictitious plot to a dystopian novel or the lyrics to a hit Radiohead song. Sadly, a recent report is just yet another real-life example of a secretive intelligence institution’s vast reach thanks to technology. Over two dozen documents recently made public by The Intercept provide startling revelations about a spy program carried out by the Government Communications Headquarters (GCHQ) – Britain’s version of the National Security Agency (NSA). The documents are the latest to be released in series of leaks from NSA whistleblower Edward Snowden. In December of 2014 The Intercept reported on how GCHQ used malware to infiltrate Belgium’s largest internet provider. The newest documents include details about a program with the code name “Karma Police,” which makes use of loop-holes in British law to spy on citizens of the U.K., its allies, and the rest of the world.
While the debate on mass-surveillance is still ongoing in Britain today, in 2007 GCHQ discreetly began planning a spy regime the with aim of creating “either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.” And the systems put in place where highly successful. Through a series of systems including Karma Police, “Mutant Broth”, and “Marbled Gecko”, GCHQ collected vast amounts of metadata and stored it in its “Black Hole.” In 2010, GCHQ predicted they would operating the largest surveillance engine in the world by 2013.
Black Hole is the code name for the system GCHQ used to store its raw metadata records. According to the report, “[b]etween August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion ‘events’ – a term the agency uses to refer to metadata records – with about 10 billion new entries added every day.” Karma Police is a surveillance system which recorded the IP address of anyone visiting a particular web-address. That information, combined with the capabilities of GCHQ’s other systems like Mutant Broth, can reveal the identity of an internet user and create an incredibly revealing profile of their online activity. By piecing bits of data together, spies can gain access to information such as usernames and passwords, email addresses, and web browsing histories.
A big reason why reports like this one are so concerning is the shear scope of this type of drag-net surveillance.

These documents suggest that spy agencies such as GCHQ are interested in who visits what web-sites, regardless of any particular individual’s connection to terrorism – or indeed any criminal activity whatsoever.

In one instance the documents show that GCHQ used Karma Police to track one person in Egypt’s visits to sites ranging from Facebook to the porn site Redtube. No allegation was made, however, of any legitimate security reason for targeting this individual. In fact, as the report outlines, the data-scraping systems have been used in a variety of covert ways that had nothing – at least directly – to do with combating terrorism.
Even with the intelligence community’s insistence that such programs are designed to target foreign terrorist threats, not to target law-abiding citizens, GCHQ is nonetheless authorized to gather domestic metadata without a judicial warrant. Although GCHQ cannot monitor “content” of emails and phone calls of U.K. citizens without a warrant, when it comes to metadata, “there is no exemption or extra privacy protection for British people or citizens from countries that are members of . . . a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand.” Thus the fact that the NSA’s power in the United States has recently been dealt a blow with the passage of the USA Freedom Act may not mean U.S. web users’ privacy is much safer after all.
Like the U.S., Britain is having to take a long hard look at the value of its spy program. Calls for reform are growing and an independent report on Britain’s spy programs, including those run by GCHQ, has recently been released. All this ahead of a legislative push by the home secretary, Theresa May, for more spying powers. Perhaps this formidably-timed report from The Intercept will have some impact on the public debate.