If you used the World Wide Web anytime after 2007, the United Kingdom’s Government Communications Headquarters (GCHQ) has probably spied on you. That’s the revelation contained in documents published today by The Intercept, which detail a GCHQ operation called “Karma Police”—a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the “world’s biggest” Internet data-mining operation, intended to eventually track “every visible user on the Internet.”
Karma Police—apparently named after the Radiohead song—started as a program to track individuals listening to Internet streaming audio “radio stations” as part of a research project into how radicals might “misuse” Internet radio to spread their messages. Listeners to streams that included Islamic religious content were targeted for more data collection in an effort to identify their Skype and social media accounts. The program gradually grew with its success. According to GCHQ documents, by 2009 the program had stored over 1.1 trillion “events”—Web browsing sessions—in its “Black Hole” database. By 2010, the system was gathering 30 billion records per day of Internet traffic metadata. According to another GCHQ document, that volume grew to 50 billion per day by 2012.
The Karma Police system and its Black Hole database log the IP addresses of individuals visiting Internet sites, as well as the cookies associated with their Web traffic. The users of specific sites can then be profiled by correlating recorded cookies from other sites, such as those used to deliver personalized ads (for instance, the Google “pref” cookie) or site login credentials.