New Snowden Documents Reveal 'Karma Police,' a Massive UK Digital Spy Operation

The program managed to capture emails, social media activity, and instant messages.

Google Maps

Edward Snowden isn’t done dropping some scathing information about the extent of covert surveillance operations around the world.

A new report by The Intercept, based on the files of National Security Agency whistleblower Snowden, detail a mass surveillance operation launched by the United Kingdom’s electronic spying agency, the particularly Orwellian sounding Government Communications Headquarters (GCHQ). What else would you expect from the most surveilled country in the world?

The irony doesn’t stop there. The system itself, which gathers large swaths of indiscriminate metadata from users all over the world, is codenamed KARMA POLICE, after the song on English band Radiohead’s seminal 1997 album OK Computer. Somebody at the GCHQ was a Radiohead fan, although it’s safe to assume Thom Yorke and co. aren’t fond of them.

The GCHQ or the British government haven’t issued a statement about the new report as of yet, but we’re pretty sure it’d go something like: “This is what you’ll get, when you mess with us.”

According to the documents obtained by The Intercept, the operation was begun between 2007 and 2008 with the task of acquiring “either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.” In keeping with the music theme of the whole illegal spy-game, the power of KARMA POLICE was tested in 2009 by collecting data from random people in 185 different countries listening to internet radio shows, especially ones that spread radical Islamic viewpoints.

Here’s how it worked: The GCHQ gathered the browsing histories of a large pool of users by using probes to tap directly into cables that carry internet traffic. The info is then relayed to a digital repository appropriately named “Black Hole” before suspicious info is singled out for further analysis if the GCHQ found something worth pursuing out of the collected data pool. In all, 11 trillion user sessions were stored on Black Hole in what the agency called “events” in the first two years of operation. By 2012, KARMA POLICE collected and stored a daily haul of about 50 billion sample sessions.

But browser history wasn’t everything. It also managed to capture emails, social media activity, and instant messages. Once a particular person is singled out, GCHQ can even determine the identity of a person behind an IP address in question using another surveillance system called MUTANT BROTH, which can identify everything from IP addresses, usernames, email address, login password data, and browser types using typically innocent cookies. These files usually attach themselves to your computer to recognize you for marketing purposes. GCHQ collected cookies from major website like Yahoo, Google, Hotmail, YouTube, Facebook, Reddit, WordPress, Amazon, CNN, BBC, Channel 4, and even adult website YouPorn, to cull together cookie data on a massive scale.

And even then if you think that’s where it ends, you’d be wrong. According to The Intercept:

“The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums.”

The documents suggest that the GCHQ tried to justify the operation as a noble endeavor. By moving forward with KARMA POLICE, the agency said it was creating “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.” Well, isn’t that nice.

One question remains: What does Yorke think about all this? It’s only a matter of time before the Radiohead frontman himself tweets out an angry screed or just makes the next Radiohead album all about it.

In the meantime, we’ll be over here listening to some music, but the GCHQ probably knew that already.