This article is more than 1 year old
KARMA POLICE: GCHQ spooks spied on every web user ever
Leaked docs show how out-of-control spy agency went full Stasi on innocent surfers
New documents revealing GCHQ's mass-surveillance activities have detailed an operation codenamed KARMA POLICE, which slurped up the details of "every visible user on the Internet".
The operation was launched in 2009, without Parliamentary consultation or public scrutiny, to record the browsing habits of "every visible user on the Internet" without the agency obtaining legal permission to do so, according to documents published by The Intercept.
KARMA POLICE was constructed between 2007 and 2008, and according to slides was developed with the explicit intention of correlating "every user visible to passive SIGINT with every website they visit, hence providing either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet."
Its 2009 run was particularly interested in those listening to online radio shows, although one slide also shows tracking of those who have visited spook-baiting Cryptome.org, and pornography site RedTube.
A summary document reveals that the operation affected "224,446 unique listener IP addresses over a three month period, covering approximately 108448 /24 subnets."
Another programme, codenamed BLAZING SADDLES, was used to target listeners of "any one particular radio station ... to understand any trends or behaviours."
The summary report states how:
A wealth of datamining techniques could be applied on small closed groups of individuals, to look for potential covert communications channels for hostile intelligence agencies running agents in allied countries, terrorist cells, or serious crime targets.
One user was targeted, without any stated suspicion of being involved in terrorism or posing a threat to national security, and was found to have visited popular porn purveyor Redtube, as well as social media sites and several Arabic and Islamic sites, which appeared to be commercial enterprises.
Eric King, deputy director of Privacy International, tweeted his alarm at the revelations of GCHQ's activities and the spooks' thoughts regarding oversight:
Best argument for Judicial Authorisation I've seen comes from GCHQs own internal documents. https://t.co/oDLjyinPKX pic.twitter.com/7MlJJlVK0x— Eric King (@e3i5) September 25, 2015
The Register is analysing the new documents and will provide more reportage shortly. ®