{"id":64478,"date":"2015-09-28T12:01:44","date_gmt":"2015-09-28T11:01:44","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=64478"},"modified":"2015-09-28T12:01:44","modified_gmt":"2015-09-28T11:01:44","slug":"profiled-from-radio-to-porn-british-spies-track-web-users-online-identities","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2015\/09\/profiled-from-radio-to-porn-british-spies-track-web-users-online-identities\/","title":{"rendered":"Profiled: From Radio to Porn, British Spies Track Web Users\u2019 Online Identities"},"content":{"rendered":"

25 Sep 2015 – <\/em>There was a simple aim at the heart of the top-secret program: Record the website browsing habits of \u201cevery visible user on the Internet.\u201d<\/p>\n

Before long, billions of digital records about ordinary people\u2019s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs.<\/p>\n

The mass surveillance operation\u00a0\u2014\u00a0code-named KARMA POLICE \u2014 was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom\u2019s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.<\/p>\n

The revelations about the scope of the British agency\u2019s surveillance are contained in documents obtained by The Intercept<\/em> from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.<\/p>\n

Amid a renewed push<\/a> from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today<\/a> by The Intercept<\/em> reveal for the first time several major strands of GCHQ\u2019s existing electronic eavesdropping capabilities.<\/p>\n

One system builds profiles showing people\u2019s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on \u201csuspicious\u201d Google searches and usage of Google Maps.<\/p>\n

The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens\u00a0\u2014 all without a court order or judicial warrant.<\/p>\n

Metadata reveals information about a communication\u00a0\u2014 such as the sender and recipient of an email, or the phone numbers someone called and at what time\u00a0\u2014 but not the written content of the message or the audio of the call.<\/p>\n

As of 2012, GCHQ was storing about 50 billion metadata records about online communications and Web browsing activity every day, with plans in place to boost capacity to 100 billion daily\u00a0by the end of that year. The agency, under cover of secrecy, was working to create what it said would soon be the biggest government surveillance system anywhere in the world.<\/p>\n

Radio radicalization<\/strong><\/p>\n

The power of KARMA POLICE was illustrated in 2009, when GCHQ launched a top-secret operation to collect intelligence about people using the Internet to listen to radio shows.<\/p>\n

The agency used a sample of nearly 7\u00a0million metadata records, gathered over a period of three months, to observe the listening habits of more than 200,000 people across 185 countries, including the U.S., the U.K., Ireland, Canada, Mexico, Spain, the Netherlands, France, and Germany.<\/p>\n

\"A<\/a>

A GCHQ graphic illustrating how KARMA POLICE works<\/p><\/div>\n

A summary report<\/a> detailing the operation shows that one aim of the project was to research \u201cpotential misuse\u201d of Internet radio stations to spread radical Islamic ideas.<\/p>\n

GCHQ spies from a unit known as the Network Analysis Center compiled a list of the most popular stations that they had identified, most of which had no association with Islam, like France-based Hotmix Radio<\/a>, which plays pop, rock, funk and hip-hop music.<\/p>\n

They zeroed in on any stations found broadcasting recitations from the Quran, such as a popular Iraqi radio station and a station playing sermons from a prominent Egyptian imam named Sheikh Muhammad Jebril. They then used KARMA POLICE to find out more about these stations\u2019 listeners, identifying them as users on Skype, Yahoo, and Facebook.<\/p>\n

The summary report says the spies selected one Egypt-based listener for \u201cprofiling\u201d and investigated which other websites he had been visiting. Surveillance records revealed the listener had viewed the porn site Redtube, as well as Facebook, Yahoo, YouTube, Google\u2019s blogging platform Blogspot, the photo-sharing site Flickr, a website about Islam, and an Arab advertising site.<\/p>\n

GCHQ\u2019s documents indicate<\/a> that the plans for KARMA POLICE were drawn up between 2007 and 2008. The system was designed to provide the agency with \u201ceither (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.\u201d<\/p>\n

The origin of the surveillance system\u2019s name is not discussed in the documents. But KARMA POLICE is also the name of a popular song<\/a> released in 1997 by the Grammy Award-winning British band Radiohead, suggesting the spies may have been fans.<\/p>\n

A verse repeated throughout the hit song includes the lyric, \u201cThis is what you\u2019ll get, when you mess with us.\u201d<\/p>\n

The Black Hole<\/strong><\/p>\n

GCHQ vacuums up the website browsing histories using \u201cprobes\u201d that tap into the international fiber-optic cables that\u00a0transport Internet traffic across the world.<\/p>\n

A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency\u2019s online spying operations, storing raw logs of intercepted material before it has been subject to analysis.<\/p>\n

Black Hole contains data collected by GCHQ as part of bulk \u201cunselected\u201d surveillance, meaning it is not focused on particular \u201cselected\u201d targets and instead includes troves of data indiscriminately swept up about ordinary people\u2019s online activities. Between August 2007 and March 2009, GCHQ documents say<\/a> that Black Hole was used to store more than 1.1 trillion \u201cevents\u201d\u00a0\u2014 a term the agency uses to refer to metadata records\u00a0\u2014 with about 10 billion new entries added every day.<\/p>\n

As of March 2009, the largest slice of data Black Hole held\u00a0\u2014 41 percent\u00a0\u2014 was about people\u2019s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people\u2019s use of tools to browse the Internet anonymously.<\/p>\n

Throughout this period, as smartphone sales started to boom, the frequency of people\u2019s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data.<\/p>\n

By 2010, according to the documents<\/a>, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased<\/a> to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing \u201cunprecedented\u201d techniques to perform what it called \u201cpopulation-scale<\/a>\u201d data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said<\/a> would be, by 2013, \u201cthe world\u2019s biggest\u201d surveillance engine \u201cto run cyber operations and to access better, more valued data for customers to make a real world difference.\u201d<\/p>\n

\"A<\/a>

A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository\u2019s structure.<\/p><\/div>\n

GCHQ is able to identify a particular person\u2019s website browsing habits by pulling out the raw data stored in repositories like Black Hole and then analyzing it with a variety of systems that complement each other.<\/p>\n

KARMA POLICE, for instance, works by showing the IP addresses of people visiting websites. IP addresses are unique identifiers that are allocated to computers when they connect to the Internet.<\/p>\n

In isolation, IPs would not be of much value to GCHQ, because they are just a series of numbers\u00a0\u2014 like 195.92.47.101\u00a0\u2014 and are not attached to a name. But when paired with other data they become a rich source of personal information.<\/p>\n

To find out the identity of a person or persons behind an IP address, GCHQ analysts can enter the series of numbers into a separate system named MUTANT BROTH, which is used to sift through data contained in the Black Hole repository about vast amounts of tiny intercepted files known as cookies.<\/p>\n

Cookies are automatically placed on computers to identify and sometimes track people browsing the Internet, often for advertising purposes. When you visit or log into a website, a cookie is usually stored on your computer so that the site recognizes you. It can contain your username or email address, your IP address, and even details about your login password and the kind of Internet browser you are using\u00a0\u2014 like Google Chrome or Mozilla Firefox.<\/p>\n

For GCHQ, this information is incredibly valuable. The agency refers to cookies internally as \u201ctarget detection identifiers\u201d or \u201cpresence events\u201d because of how they help it monitor people\u2019s Internet use and uncover online identities.<\/p>\n

If the agency wants to track down a person\u2019s IP address, it can enter the person\u2019s email address or username into MUTANT BROTH to attempt to find it, scanning through the cookies that come up linking those identifiers to an IP address. Likewise, if the agency already has the IP address and wants to track down the person behind it, it can use MUTANT BROTH to find email addresses, usernames, and even passwords associated with the IP.<\/p>\n

Once the agency has corroborated a targeted person\u2019s IP address with an email address or username, it can then use the tiny cookie files associated with these identifiers to perform a so-called \u201cpattern of life\u201d analysis showing the times of day and locations at which the person is most active online.<\/p>\n

In turn, the usernames and email and IP addresses can be entered into other systems that enable the agency to spy on the target\u2019s emails, instant messenger conversations, and web browsing history. All GCHQ needs is a single identifier\u00a0\u2014 a \u201cselector,\u201d in agency jargon\u00a0\u2014 to follow a digital trail that can reveal a vast amount about a person\u2019s online activities.<\/p>\n

A top-secret GCHQ document from March 2009<\/a> reveals the agency has targeted a range of popular websites as part of an effort to covertly collect cookies on a massive scale. It shows a sample search<\/a> in which the agency was extracting data from cookies containing information about people\u2019s visits to the adult website YouPorn, search engines Yahoo and Google, and the Reuters news website.<\/p>\n

Other websites listed as \u201csources\u201d of cookies in the 2009 document (see below) are Hotmail, YouTube, Facebook, Reddit, WordPress, Amazon, and sites operated by the broadcasters CNN, BBC, and the U.K.\u2019s Channel 4.<\/p>\n

\"In<\/a>

In one six-month period between December 2007 and June 2008, the document says, more than 18 billion records from cookies and other similar identifiers were accessible through MUTANT BROTH.<\/p><\/div>\n

The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose\u00a0\u2014 helping the agency hack into European companies\u2019 computer networks.<\/p>\n

In the lead up to its secret mission targeting Netherlands-based Gemalto<\/a>, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company\u2019s employees so it could hack into their computers.<\/p>\n

The system helped the agency analyze intercepted Facebook cookies<\/a> it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto\u2019s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.<\/p>\n

Similarly, MUTANT BROTH proved integral to GCHQ\u2019s hack of Belgian telecommunications provider Belgacom<\/a>. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company\u2019s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware.<\/p>\n

The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom\u2019s internal systems, granting British spies the ability to intercept communications passing through the company\u2019s networks.<\/p>\n

Cryptome surveillance<\/strong><\/p>\n

In March, a U.K. parliamentary committee published the findings<\/a> of an 18-month review of\u00a0GCHQ\u2019s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as \u201cbulk personal datasets\u201d being held about \u201ca wide range of people.\u201d However, it censored the section of the report describing what these \u201cdatasets\u201d contained, despite acknowledging that they \u201cmay be highly intrusive.\u201d<\/p>\n

The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to\u00a0\u2014 pulling back the veil of secrecy that has shielded some of the agency\u2019s most controversial surveillance operations from public scrutiny.<\/p>\n

KARMA POLICE<\/a> and MUTANT BROTH<\/a> are among the key bulk collection systems. But they do not operate in isolation\u00a0\u2014 and the scope of GCHQ\u2019s spying extends far beyond them.<\/p>\n

\"GCHQ\u2019s<\/a>

GCHQ\u2019s logo for the SOCIAL ANTHROPOID system<\/p><\/div>\n

The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID<\/a>, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus \u201ctelephony\u201d metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE<\/a>, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO<\/a>, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS<\/a>, which analyzes data about the usage of online bulletin boards and forums.<\/p>\n

GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA<\/a>, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE<\/a>.<\/p>\n

As of September 2012, TEMPORA was collecting \u201cmore than 40 billion pieces of content a day\u201d and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed<\/a> by The Guardian<\/em> in June 2013.<\/p>\n

To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface.<\/p>\n

SAMUEL PEPYS<\/a> is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time.<\/p>\n

One screenshot of SAMUEL PEPYS in action<\/a> shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome<\/a>.<\/p>\n

Domestic spying<\/strong><\/p>\n

Partly due to the U.K.\u2019s geographic location\u00a0\u2014 situated between the United States and the western edge of continental Europe\u00a0\u2014 a large amount of the world\u2019s Internet traffic passes through its territory across international data cables.<\/p>\n

In 2010, GCHQ noted<\/a> that what amounted to \u201c25 percent of all Internet traffic\u201d was transiting the U.K. through some 1,600 different cables. The agency said that it could \u201csurvey the majority of the 1,600\u201d and \u201cselect the most valuable to switch into our processing systems.\u201d<\/p>\n

Many of the cables flow deep under the Atlantic Ocean from the U.S. East Coast, landing on the white-sand beaches of Cornwall in the southwest of England. Others transport data between the U.K. and countries including France, Belgium, Germany, the Netherlands, Denmark, and Norway by crossing below the North Sea and coming aground at various locations on England\u2019s east coast.<\/p>\n

According to Joss Wright, a research fellow at the University of Oxford\u2019s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas.<\/p>\n

\u201cI could send a message from my computer here [in England] to my wife\u2019s computer in the next room and on its way it could go through the U.S., France, and other countries,\u201d Wright says. \u201cThat\u2019s just the way the Internet is designed.\u201d<\/p>\n

In other words, Wright adds, that means \u201ca lot\u201d of British data and communications transit across international cables daily, and are liable to be swept into GCHQ\u2019s databases.<\/p>\n

\"A<\/a>

A map from a classified GCHQ presentation about intercepting communications from undersea cables.<\/p><\/div>\n

GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister.<\/p>\n

The external warrants permit the agency to monitor communications in foreign countries as well as British citizens\u2019 international calls and emails\u00a0\u2014 for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of \u201cinternal\u201d U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ\u2019s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them.<\/p>\n

However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise.<\/p>\n

In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee\u2019s surveillance review, which stated in a section of its report that \u201cspecial protection and additional safeguards\u201d did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully \u201creturned as a result of searches\u201d conducted by GCHQ.<\/p>\n

Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers<\/a> issued to the agency\u2019s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand.<\/p>\n

\u201cIf you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,\u201d states one internal GCHQ policy document<\/a>, which is marked with a \u201clast modified\u201d date of July 2012. The document adds that analysts are free to search the databases for British metadata \u201cwithout further authorization\u201d by inputing a U.K. \u201cselector,\u201d meaning a unique identifier such as a person\u2019s email or IP address, username, or phone number.<\/p>\n

Authorization is \u201cnot needed for individuals in the U.K.,\u201d another GCHQ document explains<\/a>, because metadata has been judged \u201cless intrusive than communications content.\u201d All the spies are required to do to mine the metadata troves is write a short \u201cjustification\u201d or \u201creason\u201d for each search they conduct and then click a button<\/a> on their computer screen.<\/p>\n

Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).<\/p>\n

GCHQ\u2019s documents<\/a> suggest<\/a> that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for \u201ccyber defense.\u201d<\/p>\n

One secret policy paper<\/a> dated from January 2010 lists the wide range of information the agency classes as metadata\u00a0\u2014 including location data that could be used to track your movements, your email, instant messenger, and social networking \u201cbuddy lists,\u201d logs showing who you have communicated with by phone or email, the passwords you use to access \u201ccommunications services\u201d (such as an email account), and information about websites you have viewed.<\/p>\n

\"GCHQ<\/a>

GCHQ headquarters in Cheltenham, England. www.gchq.gov.uk<\/p><\/div>\n

Records showing the full website addresses you have visited\u00a0\u2014 for instance, www.gchq.gov.uk\/what_we_do\u00a0\u2014 are treated as content. But the first part of an address you have visited\u00a0\u2014 for instance, www.gchq.gov.uk\u00a0\u2014 is treated as metadata.<\/p>\n

In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person\u2019s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology\u2019s Center for Civic Media.<\/p>\n

But if accumulated and analyzed over a period of weeks or months, these details would be \u201cextremely personal,\u201d he told The Intercept<\/em>, because they could reveal a person\u2019s movements, habits, religious beliefs, political views, relationships, and even sexual preferences.<\/p>\n

For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be \u201ccorrosive towards democracy\u201d\u00a0\u2014 leading to a chilling effect on freedom of expression and communication.<\/p>\n

\u201cOnce we know there\u2019s a reasonable chance that we are being watched in one fashion or another it\u2019s hard for that not to have a \u2018panopticon effect,\u2019\u201d he said, \u201cwhere we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.\u201d<\/p>\n

Light oversight<\/strong><\/p>\n

A GCHQ spokesman declined to answer any specific questions for this story, citing a \u201clongstanding policy\u201d not to comment on intelligence matters. The spokesman insisted in an emailed statement that GCHQ\u2019s work is \u201ccarried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.\u201d<\/p>\n

It is unclear, however, whether there are sufficient internal checks in place in practice to ensure GCHQ\u2019s spies don\u2019t abuse their access to the troves of personal information.<\/p>\n

According to agency\u2019s documents, just 10 percent of its \u201ctargeting\u201d of individuals for surveillance is audited annually and a random selection of metadata searches are audited every six months.<\/p>\n

When compared to surveillance rules in place in the U.S., GCHQ notes<\/a> in one document that the U.K. has \u201ca light oversight regime.\u201d<\/p>\n

The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA\u2019s troves can be searched for data on British citizens, one document states<\/a>, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance.<\/p>\n

No such constraints are placed on GCHQ\u2019s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country.<\/p>\n

The scope of GCHQ\u2019s surveillance powers explain in part why Snowden told<\/a> The Guardian<\/em> in June 2013 that U.K. surveillance is \u201cworse than the U.S.\u201d In an interview<\/a> with Der Spiegel<\/em> in July 2013, Snowden added that British Internet cables were \u201cradioactive\u201d and joked: \u201cEven the Queen\u2019s selfies to the pool boy get logged.\u201d<\/p>\n

In recent years, the biggest barrier to GCHQ\u2019s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency\u2019s activities.<\/p>\n

\u201cThe spread of encryption \u2026 threatens our ability to do effective target discovery\/development,\u201d says a top-secret report<\/a> co-authored by an official from the British agency and an NSA employee in 2011.<\/p>\n

\u201cPertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,\u201d the report says, adding that the agencies were working on a plan that would \u201c(hopefully) allow our Internet Exploitation strategy to prevail.\u201d<\/p>\n

***************<\/p>\n

Documents published with this article<\/em>:<\/p>\n