Documents: British Government Spied On EVERYONE'S Web Activity, Targeted Internet Radio Listeners

GCHQ called the operation ‘Karma Police’ because they were Radiohead fans; Mammoth operation bigger than anything NSA did


Spies with GCHQ, the British equivalent of the NSA spied on “every visible” user’s Internet activity and called the operation ‘Karma Police’ after a song by the band Radiohead.

The new revelation comes from documents provided to journalists with The Intercept by whistleblower Edward Snowden.

The report notes that the program, which enables spooks to monitor practically every facet of Internet activity, has been running for seven years.

The report states:

The origin of the surveillance system’s name is not discussed in the documents. But KARMA POLICE is also the name of a popular song released in 1997 by the Grammy Award-winning British band Radiohead, suggesting the spies may have been fans.

A verse repeated throughout the hit song includes the lyric, “This is what you’ll get, when you mess with us.”

The documents expose how the program is more intrusive than anything the NSA has attempted that is publically known. GCHQ itself referred to the program as the “world’s biggest” Internet data-mining operation.

The documents state that the program’s aim was to correlate “every user visible to passive SIGINT with every website they visit, hence providing either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.”

The GCHQ program works by pulling web data from intercontinental data cables landing at Cornwall. The cables provide British spies with access to up to one quarter of all global web traffic.

It is claimed that the program scours only ‘metadata’. However, the information contains full records of websites visited, usernames, and passwords.

It appears that there is ZERO judicial oversight of the GCHQ program, meaning spooks can sift through anything they want without any legal recourse.

The genesis of the program appears to have been an operation to track individuals listening to Internet radio. The spies were undertaking research into how ‘radicals’ could “misuse” Internet radio to spread their messages.

The Intercept report notes an example where GCHQ specifically targeted any Internet radio station that was broadcasting any spoken recitations from the Quran.

The spies then used the program to bulk collect information on all listeners of the radio stations, most of which were simply music stations with absolutely no link to Islam.

The documents reveal that the spies used tracking cookie networks to trawl the Internet and discover other accounts held by the radio listeners on Skype, Yahoo, and Facebook.

That specific aspect of the program enabled GCHQ to attack the SIM card manufacturer Gemalto, giving it access to the phone data of up to 2 billion SIM cards.

The Karma Police program targeted Gemalto employees, uncovering their passwords and allowing the government spies to insert malware and gain bulk access to Gemalto’s encryption keys, compromising the data of untold numbers of smart phone users.

The documents also reveal that the program was instrumental in enabling “Operation Socialist,” a hack of the Belgian telecom company Belgacom, which provided spies with the IP addresses of individuals they were targeting.

According to the GCHQ documents, by 2009 the program had stored over 1.1 trillion web browsing sessions, referred to as “events” in what was termed a “Black Hole” database. Just one year later in 2010, the system was said to be collecting 30 billion+ records per day of Internet traffic metadata. A further GCHQ document notes that by 2012 the volume was up to 50 billion per day.

The documents note that some of the websites specifically targeted for covert cookie collection included Facebook, Microsoft Live, Amazon, YouTube, Reddit, WordPress, Yahoo, Google, YouPorn and news sites such as Reuters, CNN, and the BBC.

The operation makjes the East German Stasi look like amatuer hobbyists.

The deputy director of Privacy International, Eric King, reacted to the revelation with the following tweet:


Way back in 2008, the British government announced its intention to create a massive central database,gathering details on every text sent, e-mail sent, phone call made and website visited by everyone in the UK. The timing correlates with GCHQ’s Karma Police program.

The program, referred to then as the “Interception Modernisation Programme”, was slated to allow spy chiefs at GCHQ to effectively place a “live tap” on every electronic communication in Britain in the name of preventing terrorism.

Following outcry over the announcement, the government suggested that it was scaling down the plans, with then Home Secretary Jacqui Smith stating that there were “absolutely no plans for a single central store” of communications data.

However, as the “climbdown” was celebrated by civil liberties advocates and the plan was “replaced” by new laws requiring ISPs to store details of emails and internet telephony for just 12 months, fresh details emerged indicating the government was implementing a big brother spy system that would go way beyond the original public announcement.

The London Times published leaked details of a secret mass internet surveillance project known as “Mastering the Internet” (MTI).

Costing hundreds of millions in public funds, the system was implemented by GCHQ with the aid of American defence giant Lockheed Martin and British IT firm Detica, which has close ties to the intelligence agencies.

The stated goal was to give every internet user a unique ID code and store all their data in one place. The “Black Hole” database mentioned in the newly leaked GCHQ documents seems to be a very similar concept.

The documents expose a huge leap forward in an incremental program to implement an already exposed full scale big brother spy system designed to completely obliterate privacy on a global scale.



Feds building huge biometric database on all citizens


For years the FBI maintained it had no interest in scanning fingerprints collected by employers — teachers, lawyers, state and federal workers, even bike messengers now routinely submit fingerprints for employment — but that has now changed.

“For the first time, fingerprints and biographical information sent to the FBI for a background check will be stored and searched right along with fingerprints taken for criminal purposes,” reports the Electronic Frontier Foundation, an organization dedicated to protecting rights online.

The change, which the FBI revealed quietly in a February 2015 Privacy Impact Assessment (PIA), means that if you ever have your fingerprints taken for licensing or for a background check, they will most likely end up living indefinitely in the FBI’s NGI database. They’ll be searched thousands of times a day by law enforcement agencies across the country—even if your prints didn’t match any criminal records when they were first submitted to the system.
The EFF believes the change is “part of an ever-growing movement toward cataloguing information on everyone in America—and a movement that won’t end with fingerprints.”
Now that the FBI has added a face recognition component to its database, employers and state and local governments will be urged to submit photographs along with fingerprints.

A database of photos will make it easier for the agency and the government to track people as they move about, the EFF explains.

“This violates our democratic ideals and our societal belief that we should not treat people as criminals until they are proven guilty,” the digital rights organization argues.

The government’s expanding biometric database — coupled with the NSA’s effort to surveil all personal communication — will further enable the technocratic police state now going into place.

The government is less interested in catching criminals than it is in controlling the populace, especially a politically active populace that may threaten its monopoly of power.

60 U.S. Police Departments Have Asked for Drone Certification

60 U.S. Police Departments Have Asked for Drone Certification

Eyes in the sky spying on you

by Michael Krieger | Liberty Blitzkrieg | September 17, 2015

Screen Shot 2015-09-16 at 3.15.23 PM

Are drones coming to a police department near you? Possibly.

Next thing you know, they’ll be pepper spraying you from 10,000 feet.

From Yahoo News:

Los Angeles (AFP) – Drones are increasingly making their mark in the arsenal of US police forces, operating in a legal gray area and sparking concerns of constant surveillance of civilians.

Since 2012, government agencies can use small drones — weighing less than 55 pounds, or 25 kilograms — under certain conditions and after obtaining a certificate from the Federal Aviation Administration.

But the FAA, which is preparing small drone regulations, does not have authority on privacy protection and there is no specific framework on the issue on a national level.

Up to two dozen police forces are currently fully equipped with drones and trained to use them, including pioneers Grand Forks in North Dakota; Arlington, Texas; Mesa County, Colorado and the Utah Highway Patrol.

According to the digital rights group Electronic Frontier Foundation, at least 60 police forces across the country — from Houston, Texas, to Mobile, Alabama, North Little Rock, Arkansas, and Miami-Dade County — have asked for drone certification.

The FBI also uses drones for specific missions

Rights groups are not opposed to drones as such but rather are concerned that some law enforcement agencies will use them for constant surveillance of the population.

Silly conspiracy theorists. Your government loves you, and would never surreptitiously spy on you.

“Without proper regulation, drones equipped with facial recognition software, infrared technology and speakers capable of monitoring personal conversations would cause unprecedented invasions of our privacy rights,” the ACLU said.

“Tiny drones could go completely unnoticed while peering into the window of a home or place of worship.”

The Electronic Privacy Information Center, for one, is calling for a warrant before each police drone flight.

For related articles, see:

The FBI Has Been Using Drones Domestically Since 2006

Drones in America? They are Already Here…

Where in the USA are the Drones Headed?

45 U.S. Military Veterans Sign Letter Urging Drone Operators to “Refuse to Fly”

 Meet Brandon Bryant: The Drone Operator Who Quit After Killing a Child

This is What Really Happens in the Drone Program from an Insider

McClatchy Study: Obama Administration Has No Idea Who They are Killing with Drones

U.S. Drone Strike Math – 41 Terrorists Targeted, 1,147 People Killed

New Report: Drone Strikes 10x More Deadly to Civilians than Manned Aircraft

Three of the Four U.S. Citizens Killed with Drones were Killed by Accident

Pentagon Plans to Boost Drone Flights 50% as Bernanke Warns Cutting Defense Spending Could Hurt Economy

Just Say NO: Seattle Residents Kill the City’s Drone Program

Feds Say Need Access to Americans’ Emails WITHOUT Warrant…


Bi­par­tis­an bid to re­form an elec­tron­ic-pri­vacy law has the sup­port of the tech com­munity and the White House, but fed­er­al law en­force­ment of­fi­cials tell Con­gress the changes would hamper civil pro­sec­u­tion.

Civil law en­force­ment agen­cies like the Fed­er­al Trade Com­mis­sion and the Se­cur­it­ies and Ex­change Com­mis­sion would not be able to ob­tain crit­ic­al in­form­a­tion if the law were changed to re­quire crim­in­al war­rants for ac­cess to data stored on cloud ser­vices, ac­cord­ing to wit­nesses from those agen­cies testi­fy­ing in front of the Sen­ate Ju­di­ciary Com­mit­tee Wed­nes­day.

The law en­force­ment of­fi­cials were re­act­ing to bills from Sens. Mike Lee and Patrick Leahy, and Reps. Kev­in Yo­der and Jared Pol­is, that aim to up­date the Elec­tron­ic Com­mu­nic­a­tions Pri­vacy Act, or ECPA.

In its cur­rent form, ECPA pro­tects emails from gov­ern­ment snoop­ing for 180 days. When the law was ini­tially drawn up in 1986, email pro­viders routinely re­moved emails from their serv­ers a month or two after they were de­livered; users would gen­er­ally down­load the mes­sages they in­ten­ded to keep. Whatever re­mains on an email serv­er after 180 days is fair game for gov­ern­ment to ac­cess, with just a sub­poena—not a war­rant.

Today, ubi­quit­ous cloud-based email sys­tems like Gmail, which of­fer giga­bytes of stor­age for free, al­low the av­er­age user to keep his or her mes­sages—and cal­en­dars, con­tacts, notes, and even loc­a­tion data—on a pro­vider’s serv­ers in­def­in­itely.

The ECPA Amend­ments Act would re­quire law en­force­ment to get a war­rant to ac­cess serv­er-hos­ted in­form­a­tion, no mat­ter how old, and would re­quire the gov­ern­ment to no­ti­fy an in­di­vidu­al that his or her in­form­a­tion was ac­cessed with­in 10 days, with cer­tain ex­cep­tions.

But law en­force­ment of­fi­cials ex­pressed op­pos­i­tion to some of the bill’s pro­posed changes, ar­guing that its re­quire­ment for crim­in­al war­rants could leave civil lit­ig­at­ors without ac­cess to im­port­ant elec­tron­ic in­form­a­tion.

“The bill in its cur­rent form poses sig­ni­fic­ant risk to the Amer­ic­an pub­lic by im­ped­ing the abil­ity of the SEC and oth­er civil law en­force­ment agen­cies to in­vest­ig­ate and un­cov­er fin­an­cial fraud and oth­er un­law­ful con­duct,” said An­drew Ceres­ney, dir­ect­or of en­force­ment at the Se­cur­it­ies and Ex­change Com­mis­sion.

Ceres­ney and Daniel Sals­burg—chief coun­sel for tech­no­logy, re­search, and in­vest­ig­a­tion in the FTC’s con­sumer pro­tec­tion branch—said the SEC and FTC are not look­ing for the au­thor­ity to ob­tain data with just a sub­poena, and in­stead pro­posed a sys­tem where they could ob­tain a court or­der for ac­cess to the data. Such a pro­cess would no­ti­fy the in­di­vidu­al be­ing in­vest­ig­ated and give him or her the chance to make a case in front of the judge be­fore an or­der is gran­ted or denied.

But des­pite their op­pos­i­tion to the pro­posed change to ECPA, neither the SEC nor the FTC has ob­tained emails through an ad­min­is­trat­ive sub­poena in the past five years, Ceres­ney and Sals­burg said Wed­nes­day.

Ceres­ney said the de­cision to avoid sub­poen­as was made “in de­fer­ence” to on­go­ing con­ver­sa­tions about ECPA re­form. A 2010 fed­er­al court or­der also bound the gov­ern­ment’s hands by de­clar­ing ECPA un­con­sti­tu­tion­al—a de­cision the ECPA Amend­ments Act in­tends to co­di­fy in­to law—but Ceres­ney said the SEC does not in­ter­pret the court’s de­cision as an im­ped­i­ment to us­ing sub­poen­as to ob­tain data.

The civil law en­force­ment of­fi­cials’ com­ments about ECPA re­form were met with im­me­di­ate back­lash from the tech com­munity, which has come out in strong sup­port of the changes.

“The FTC claims to be a cham­pi­on of con­sumer pri­vacy, yet the agency wants ac­cess to Amer­ic­ans’ data without a war­rant,” said Ber­in Szoka, pres­id­ent of Tech­Free­dom, a tech­no­logy think tank. “The Com­mis­sion’s testi­mony today con­firms long-stand­ing ru­mors that it will only sup­port ECPA re­form if it gets a carve-out from the bill’s war­rant re­quire­ment.

“This is the is­sue that has stalled ECPA re­form for over five years, des­pite over­whelm­ing bi­par­tis­an sup­port,” Szoka ad­ded. “The FTC’s testi­mony is care­fully craf­ted to sound reas­on­able, but the agency is simply help­ing to ob­struct the ma­jor pri­vacy re­form of our gen­er­a­tion.”

Ju­lie Brill, an FTC com­mis­sion­er, re­leased a state­ment Wed­nes­day in­dic­at­ing she dis­agreed with Sals­burg’s testi­mony. “I am con­cerned that a ju­di­cial mech­an­ism for civil law en­force­ment agen­cies to ob­tain con­tent from ECPA pro­viders could en­trench au­thor­ity that has the po­ten­tial to lead to in­va­sions of in­di­vidu­als’ pri­vacy and, un­der some cir­cum­stances, may be un­con­sti­tu­tion­al in prac­tice,” Brill said.

Google and BSA-The Soft­ware Al­li­ance, a prom­in­ent tech as­so­ci­ation, ap­peared in a sep­ar­ate wit­ness pan­el be­fore the com­mit­tee, call­ing for swift change in or­der to im­prove cus­tom­ers’ pri­vacy and al­le­vi­ate busi­ness pres­sures.

“By cre­at­ing in­con­sist­ent pri­vacy pro­tec­tion for users of cloud ser­vices and in­ef­fi­cient and con­fus­ing com­pli­ance hurdles for ser­vice pro­viders, ECPA has cre­ated an un­ne­ces­sary dis­in­cent­ive to move to a more ef­fi­cient, more pro­duct­ive meth­od of com­put­ing,” said Richard Sal­gado, the dir­ect­or of Google’s law en­force­ment and in­form­a­tion se­cur­ity branch.

This story was up­dated with a state­ment from FTC Com­mis­sion­er Ju­lie Brill.

AT&T, Verizon And Sprint Helped NSA With Mass Collection Of Phone Records

AT&T, Verizon And Sprint Helped NSA With Mass Collection Of Phone Records

Administration claims individuals can’t sue because they can’t prove they were spied upon

by Lucian Armasu | Tom’s Hardware | September 14, 2015

The EFF provided evidence in two of its cases that it was not just AT&T that helped the NSA collect phone records for millions of Americans, but also Verizon Wireless and Sprint. This information was not previously given by the government, which claimed that it was a state secret.

Despite all the revelations in the media from Snowden’s documents and other sources that the U.S. government is collecting citizens’ information, the administration is still claiming that either individuals or organizations such as the EFF have “no standing” to sue because they can’t prove that they were spied upon.

Of course, this kind of argument quickly turns into circular logic, because such evidence is often secret and can’t be easily given away via FOIA requests either (the released documents are often heavily redacted to the point of being useless). Therefore, you can’t prove you were spied upon because that information is typically classified.

Still, this time the EFF managed to get some evidence that AT&T, Verizon Wireless and Sprint were involved in helping NSA with the mass collection of phone records, from filings made to the secret Foreign Intelligence Surveillance Court (FISC) that were recently made public.

The EFF also got a letter sent from the DoJ to the FISC that was released in a FOIA lawsuit started by the New York Times, where the names “AT&T,” “Verizon,” “Verizon Wireless,” and “Sprint” are mentioned in regards to phone records collection. From a previously-released document by the Office of the Director of National Intelligence, the EFF learned that the letter is indeed about the mass collection of phone records.

The U.S. government’s tactics to either convince the judges to reject mass spying cases or at least delay them have worked rather well so far, but the EFF hopes this new evidence will put the focus back on the government’s violations of the First Amendment’s right of association and the Fourth Amendment’s protection against both unreasonable searches and seizures.

The EFF is now using this evidence in two of its cases: Smith vs. Obama, where both the EFF and ACLU are providing the legal aid to Anna Smith, who is suing the U.S. government over its bulk collection of telephone records, and First Unitarian Church of Los Angeles v. NSA where 22 organizations are suing the NSA for their First Amendment right of association.