James Thew - Fotolia
A new release of documents by National Security Agency (NSA) whistleblower Edward Snowden has revealed the alarming extent of online monitoring conducted by the UK’s electronic surveillance agency GCHQ.
The documents, which were released to investigative news service The Intercept, purport to show the existence of a covert programme called Karma Police – a Radiohead song from the late 1990s – which was allegedly established in the 2000s to record the browsing habits of “every visible user on the internet”.
Through Karma Police, GCHQ indiscriminately collects data on visits to Google and Yahoo, Facebook, Reddit, CNN, the BBC, Channel 4 News, Reuters and YouPorn, claimed The Intercept.
It also monitored many hundreds of thousands of people listening to online radio shows, particularly those broadcasting Islamic programming.
Elements of the system also target instant messaging services, email, Skype, SMS messages, mobile phone location data, social media and even usage of Google Maps.
Other documents released by Snowden seem to show that GCHQ has been able to take advantage of a lax oversight regime in the UK when compared with other countries, in order to construct its monitoring systems.
The documents show that by 2012, GCHQ was able to collect 50 billion metadata records every day without a court order or judicial warrant and was conducting work to increase this to 100 billion.
Thanks to the UK’s geographic location and position as a transit hub for many hundreds of international fibre optic cables, GCHQ’s operatives are able to tap into the networks that make up the backbone of the internet to access the data, which is stored in a vast repository referred to as Black Hole.
According to The Intercept, the data is stored for up to six months and retrospectively trawled through using a separate system called Mutant Broth to collate huge amounts of information on the habits of internet users.
It was likely instrumental in the alleged hacking of Sim card maker Gemalto to steal mobile encryption keys, and a breach at Belgian incumbent operator Belgacom, where cookie data taken from employee use of Google and LinkedIn was used to target specific machines on the telco’s network.
Responsibility to spy
The latest release from Snowden’s trove of documents comes shortly after the head of MI5, Andrew Parker, told the BBC that websites, particularly social networks such as Facebook, had a responsibility to monitor their own platforms for suspicious or criminal activity.
Parker said the ongoing success of the intelligence services in carrying out their overall mission depended on them having “sufficient, up-to-date capabilities, used in a clear framework of law against those who threaten this country”.
“We need to be able to operate in secret if we are to succeed against those who mean the UK harm,” said Parker.
Home secretary Theresa May is currently garnering support for the revived surveillance bill, or Snooper’s Charter, with the intention of having a draft bill ready before Christmas.
The on-again-off-again Snooper’s Charter, which was effectively killed by the Liberal Democrats when it went before the Coalition government, sprang back to life after the Conservatives gained a slim parliamentary majority in the 2015 General Election.
Read more on Privacy and data protection
Civil liberties groups to challenge bulk surveillance and intelligence sharing in Strasbourg
GCHQ mass surveillance regime was in breach of human rights law, European court rules
NGOs challenge UK and US mass surveillance in human rights court
MI5 wrongly told staff it was exempt from privacy safeguards