GCHQ snooped on every single internet user

New documents revealed that British spy agency GCHQ has been running a mass surveillance programme that managed to record the activities of just about every user on the internet in the UK.

Called "Karma Police", the programme sniffed internet data from cables landing in the country at Cornwall. According to a report by online publication, The Intercept, the programme was launched several years ago. Details of the programme are contained in documents as part of files leaked by former NSA whistleblower Edward Snowden.

The scheme collected full details of sites visited, usernames and even passwords. While equivalent programmes run by the NSA in the US required judicial oversight, there appears to be no such oversight of GCHQ's activities in the UK.

In slides, Karma Police was built between 2007 and 2008 with the purpose of comparing "every user visible to passive SIGINT with every website they visit, hence providing either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet."

The programme itself is named after a Radiohead song and initially tracked people listening to internet radio stations, in particular, Islamic ones. These ones were targeted for more data collection including the identification of Skype and social networking accounts. The programme also tracked users on sites such as Google, Yahoo, Facebook, Reddit, CNN, the BBC, Channel 4 News, Reuters and adult sites.

The programme expanded as it became more successful. By 2009, the programme recorded 1.1 trillion events, such as web browsing sessions, in its "Black Hole" database. In 2010, the project was collecting 30 billion metadata records every day, rising to 50 billion per day by 2012.

The Black Hole database logged individual IP addresses visiting websites as well as cookies. Users visiting websites of interest to spies would then be profiled by correlating cookies from other websites and login credentials.

The data collected by GCHQ and its Five Eyes partners allowed spies to carry out attacks against persons of interest.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.