GCHQ called the operation ‘Karma Police’ because they were Radiohead fans; Mammoth operation bigger than anything NSA did
by STEVE WATSON
Spies with GCHQ, the British equivalent of the NSA spied on “every visible” user’s Internet activity and called the operation ‘Karma Police’ after a song by the band Radiohead.
The new revelation comes from documents provided to journalists with The Intercept by whistleblower Edward Snowden.
The report notes that the program, which enables spooks to monitor practically every facet of Internet activity, has been running for seven years.
The report states:
The origin of the surveillance system’s name is not discussed in the documents. But KARMA POLICE is also the name of a popular song released in 1997 by the Grammy Award-winning British band Radiohead, suggesting the spies may have been fans.
A verse repeated throughout the hit song includes the lyric, “This is what you’ll get, when you mess with us.”
The documents expose how the program is more intrusive than anything the NSA has attempted that is publically known. GCHQ itself referred to the program as the “world’s biggest” Internet data-mining operation.
The documents state that the program’s aim was to correlate “every user visible to passive SIGINT with every website they visit, hence providing either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.”
The GCHQ program works by pulling web data from intercontinental data cables landing at Cornwall. The cables provide British spies with access to up to one quarter of all global web traffic.
It is claimed that the program scours only ‘metadata’. However, the information contains full records of websites visited, usernames, and passwords.
It appears that there is ZERO judicial oversight of the GCHQ program, meaning spooks can sift through anything they want without any legal recourse.
The genesis of the program appears to have been an operation to track individuals listening to Internet radio. The spies were undertaking research into how ‘radicals’ could “misuse” Internet radio to spread their messages.
The Intercept report notes an example where GCHQ specifically targeted any Internet radio station that was broadcasting any spoken recitations from the Quran.
The spies then used the program to bulk collect information on all listeners of the radio stations, most of which were simply music stations with absolutely no link to Islam.
The documents reveal that the spies used tracking cookie networks to trawl the Internet and discover other accounts held by the radio listeners on Skype, Yahoo, and Facebook.
That specific aspect of the program enabled GCHQ to attack the SIM card manufacturer Gemalto, giving it access to the phone data of up to 2 billion SIM cards.
The Karma Police program targeted Gemalto employees, uncovering their passwords and allowing the government spies to insert malware and gain bulk access to Gemalto’s encryption keys, compromising the data of untold numbers of smart phone users.
The documents also reveal that the program was instrumental in enabling “Operation Socialist,” a hack of the Belgian telecom company Belgacom, which provided spies with the IP addresses of individuals they were targeting.
According to the GCHQ documents, by 2009 the program had stored over 1.1 trillion web browsing sessions, referred to as “events” in what was termed a “Black Hole” database. Just one year later in 2010, the system was said to be collecting 30 billion+ records per day of Internet traffic metadata. A further GCHQ document notes that by 2012 the volume was up to 50 billion per day.
The documents note that some of the websites specifically targeted for covert cookie collection included Facebook, Microsoft Live, Amazon, YouTube, Reddit, WordPress, Yahoo, Google, YouPorn and news sites such as Reuters, CNN, and the BBC.
The operation makjes the East German Stasi look like amatuer hobbyists.
The deputy director of Privacy International, Eric King, reacted to the revelation with the following tweet:
Way back in 2008, the British government announced its intention to create a massive central database,gathering details on every text sent, e-mail sent, phone call made and website visited by everyone in the UK. The timing correlates with GCHQ’s Karma Police program.
The program, referred to then as the “Interception Modernisation Programme”, was slated to allow spy chiefs at GCHQ to effectively place a “live tap” on every electronic communication in Britain in the name of preventing terrorism.
Following outcry over the announcement, the government suggested that it was scaling down the plans, with then Home Secretary Jacqui Smith stating that there were “absolutely no plans for a single central store” of communications data.
However, as the “climbdown” was celebrated by civil liberties advocates and the plan was “replaced” by new laws requiring ISPs to store details of emails and internet telephony for just 12 months, fresh details emerged indicating the government was implementing a big brother spy system that would go way beyond the original public announcement.
The London Times published leaked details of a secret mass internet surveillance project known as “Mastering the Internet” (MTI).
Costing hundreds of millions in public funds, the system was implemented by GCHQ with the aid of American defence giant Lockheed Martin and British IT firm Detica, which has close ties to the intelligence agencies.
The stated goal was to give every internet user a unique ID code and store all their data in one place. The “Black Hole” database mentioned in the newly leaked GCHQ documents seems to be a very similar concept.
The documents expose a huge leap forward in an incremental program to implement an already exposed full scale big brother spy system designed to completely obliterate privacy on a global scale.
Feds building huge biometric database on all citizens
by KURT NIMMO | INFOWARS.COM | SEPTEMBER 22, 2015
For years the FBI maintained it had no interest in scanning fingerprints collected by employers — teachers, lawyers, state and federal workers, even bike messengers now routinely submit fingerprints for employment — but that has now changed.
“For the first time, fingerprints and biographical information sent to the FBI for a background check will be stored and searched right along with fingerprints taken for criminal purposes,” reports the Electronic Frontier Foundation, an organization dedicated to protecting rights online.
The change, which the FBI revealed quietly in a February 2015 Privacy Impact Assessment (PIA), means that if you ever have your fingerprints taken for licensing or for a background check, they will most likely end up living indefinitely in the FBI’s NGI database. They’ll be searched thousands of times a day by law enforcement agencies across the country—even if your prints didn’t match any criminal records when they were first submitted to the system.
The EFF believes the change is “part of an ever-growing movement toward cataloguing information on everyone in America—and a movement that won’t end with fingerprints.”
Now that the FBI has added a face recognition component to its database, employers and state and local governments will be urged to submit photographs along with fingerprints.
A database of photos will make it easier for the agency and the government to track people as they move about, the EFF explains.
“This violates our democratic ideals and our societal belief that we should not treat people as criminals until they are proven guilty,” the digital rights organization argues.
The government’s expanding biometric database — coupled with the NSA’s effort to surveil all personal communication — will further enable the technocratic police state now going into place.
The government is less interested in catching criminals than it is in controlling the populace, especially a politically active populace that may threaten its monopoly of power.
Eyes in the sky spying on you
Are drones coming to a police department near you? Possibly.
Next thing you know, they’ll be pepper spraying you from 10,000 feet.
From Yahoo News:
Los Angeles (AFP) – Drones are increasingly making their mark in the arsenal of US police forces, operating in a legal gray area and sparking concerns of constant surveillance of civilians.
Since 2012, government agencies can use small drones — weighing less than 55 pounds, or 25 kilograms — under certain conditions and after obtaining a certificate from the Federal Aviation Administration.
But the FAA, which is preparing small drone regulations, does not have authority on privacy protection and there is no specific framework on the issue on a national level.
Up to two dozen police forces are currently fully equipped with drones and trained to use them, including pioneers Grand Forks in North Dakota; Arlington, Texas; Mesa County, Colorado and the Utah Highway Patrol.
According to the digital rights group Electronic Frontier Foundation, at least 60 police forces across the country — from Houston, Texas, to Mobile, Alabama, North Little Rock, Arkansas, and Miami-Dade County — have asked for drone certification.
The FBI also uses drones for specific missions
Rights groups are not opposed to drones as such but rather are concerned that some law enforcement agencies will use them for constant surveillance of the population.
Silly conspiracy theorists. Your government loves you, and would never surreptitiously spy on you.
“Without proper regulation, drones equipped with facial recognition software, infrared technology and speakers capable of monitoring personal conversations would cause unprecedented invasions of our privacy rights,” the ACLU said.
“Tiny drones could go completely unnoticed while peering into the window of a home or place of worship.”
The Electronic Privacy Information Center, for one, is calling for a warrant before each police drone flight.
For related articles, see:
BY KAVEH WADDELL
Bipartisan bid to reform an electronic-privacy law has the support of the tech community and the White House, but federal law enforcement officials tell Congress the changes would hamper civil prosecution.
Civil law enforcement agencies like the Federal Trade Commission and the Securities and Exchange Commission would not be able to obtain critical information if the law were changed to require criminal warrants for access to data stored on cloud services, according to witnesses from those agencies testifying in front of the Senate Judiciary Committee Wednesday.
The law enforcement officials were reacting to bills from Sens. Mike Lee and Patrick Leahy, and Reps. Kevin Yoder and Jared Polis, that aim to update the Electronic Communications Privacy Act, or ECPA.
In its current form, ECPA protects emails from government snooping for 180 days. When the law was initially drawn up in 1986, email providers routinely removed emails from their servers a month or two after they were delivered; users would generally download the messages they intended to keep. Whatever remains on an email server after 180 days is fair game for government to access, with just a subpoena—not a warrant.
Today, ubiquitous cloud-based email systems like Gmail, which offer gigabytes of storage for free, allow the average user to keep his or her messages—and calendars, contacts, notes, and even location data—on a provider’s servers indefinitely.
The ECPA Amendments Act would require law enforcement to get a warrant to access server-hosted information, no matter how old, and would require the government to notify an individual that his or her information was accessed within 10 days, with certain exceptions.
But law enforcement officials expressed opposition to some of the bill’s proposed changes, arguing that its requirement for criminal warrants could leave civil litigators without access to important electronic information.
“The bill in its current form poses significant risk to the American public by impeding the ability of the SEC and other civil law enforcement agencies to investigate and uncover financial fraud and other unlawful conduct,” said Andrew Ceresney, director of enforcement at the Securities and Exchange Commission.
Ceresney and Daniel Salsburg—chief counsel for technology, research, and investigation in the FTC’s consumer protection branch—said the SEC and FTC are not looking for the authority to obtain data with just a subpoena, and instead proposed a system where they could obtain a court order for access to the data. Such a process would notify the individual being investigated and give him or her the chance to make a case in front of the judge before an order is granted or denied.
But despite their opposition to the proposed change to ECPA, neither the SEC nor the FTC has obtained emails through an administrative subpoena in the past five years, Ceresney and Salsburg said Wednesday.
Ceresney said the decision to avoid subpoenas was made “in deference” to ongoing conversations about ECPA reform. A 2010 federal court order also bound the government’s hands by declaring ECPA unconstitutional—a decision the ECPA Amendments Act intends to codify into law—but Ceresney said the SEC does not interpret the court’s decision as an impediment to using subpoenas to obtain data.
The civil law enforcement officials’ comments about ECPA reform were met with immediate backlash from the tech community, which has come out in strong support of the changes.
“The FTC claims to be a champion of consumer privacy, yet the agency wants access to Americans’ data without a warrant,” said Berin Szoka, president of TechFreedom, a technology think tank. “The Commission’s testimony today confirms long-standing rumors that it will only support ECPA reform if it gets a carve-out from the bill’s warrant requirement.
“This is the issue that has stalled ECPA reform for over five years, despite overwhelming bipartisan support,” Szoka added. “The FTC’s testimony is carefully crafted to sound reasonable, but the agency is simply helping to obstruct the major privacy reform of our generation.”
Julie Brill, an FTC commissioner, released a statement Wednesday indicating she disagreed with Salsburg’s testimony. “I am concerned that a judicial mechanism for civil law enforcement agencies to obtain content from ECPA providers could entrench authority that has the potential to lead to invasions of individuals’ privacy and, under some circumstances, may be unconstitutional in practice,” Brill said.
Google and BSA-The Software Alliance, a prominent tech association, appeared in a separate witness panel before the committee, calling for swift change in order to improve customers’ privacy and alleviate business pressures.
“By creating inconsistent privacy protection for users of cloud services and inefficient and confusing compliance hurdles for service providers, ECPA has created an unnecessary disincentive to move to a more efficient, more productive method of computing,” said Richard Salgado, the director of Google’s law enforcement and information security branch.
This story was updated with a statement from FTC Commissioner Julie Brill.
Administration claims individuals can’t sue because they can’t prove they were spied upon
The EFF provided evidence in two of its cases that it was not just AT&T that helped the NSA collect phone records for millions of Americans, but also Verizon Wireless and Sprint. This information was not previously given by the government, which claimed that it was a state secret.
Despite all the revelations in the media from Snowden’s documents and other sources that the U.S. government is collecting citizens’ information, the administration is still claiming that either individuals or organizations such as the EFF have “no standing” to sue because they can’t prove that they were spied upon.
Of course, this kind of argument quickly turns into circular logic, because such evidence is often secret and can’t be easily given away via FOIA requests either (the released documents are often heavily redacted to the point of being useless). Therefore, you can’t prove you were spied upon because that information is typically classified.
Still, this time the EFF managed to get some evidence that AT&T, Verizon Wireless and Sprint were involved in helping NSA with the mass collection of phone records, from filings made to the secret Foreign Intelligence Surveillance Court (FISC) that were recently made public.
The EFF also got a letter sent from the DoJ to the FISC that was released in a FOIA lawsuit started by the New York Times, where the names “AT&T,” “Verizon,” “Verizon Wireless,” and “Sprint” are mentioned in regards to phone records collection. From a previously-released document by the Office of the Director of National Intelligence, the EFF learned that the letter is indeed about the mass collection of phone records.
The U.S. government’s tactics to either convince the judges to reject mass spying cases or at least delay them have worked rather well so far, but the EFF hopes this new evidence will put the focus back on the government’s violations of the First Amendment’s right of association and the Fourth Amendment’s protection against both unreasonable searches and seizures.
The EFF is now using this evidence in two of its cases: Smith vs. Obama, where both the EFF and ACLU are providing the legal aid to Anna Smith, who is suing the U.S. government over its bulk collection of telephone records, and First Unitarian Church of Los Angeles v. NSA where 22 organizations are suing the NSA for their First Amendment right of association.