GCHQ is using sophisticated surveillance programmes known as Karma Police and Black Hole to scoop up data from "every visible user on the internet".
British spooks are using mass metadata collection to eavesdrop on the activity of internet users, according to The Intercept and based on documents disclosed by former National Security Agency (NSA) contractor Edward Snowden
Karma Police was set up in around 2007 and was developed initially to monitor any "potential misuse" of internet radio stations that were spreading radical Islamic ideas, according to the documents.
Yet the programme quickly expanded over the years, and an internal GCHQ document marked ‘top secret' from February 2008 shows that its mandate quickly grew.
"Karma Police aims to correlate every user visible to passive SIGNT [Sgnals Intelligence] with every website they visit, hence providing either (a) a web browsing profile for every visible user on the internet, or (b) a user profile for every visible website on the internet," the document states.
A spying apparatus: Black Hole
Black Hole, meanwhile, is used to collect the website browsing histories of internet users along with email data, instant messaging records, search engine queries and social media activity logs.
The documents reveal that Black Hole was used to retain more than 1.1 trillion "events" between August 2007 and March 2009.
In this instance, the term ‘event' is a way of describing metadata that is not the content of communications, for example the audio of a phone call or content of an email, but the description of the communications process, including time/date stamps, recipient details and location tagging.
The documents reveal that, by 2012, GCHQ was retaining 50 billion records a day, an increase of 20 billion from 2010.
Another programme, Mutant Broth, is used by GCHQ to sift through the data collected by Black Hole, specifically tracking the internet cookies of users which the agency calls ‘target detection identifiers' (TDIs).
Cookies are commonly used by websites, usually for advertising purposes, and collect information including log-in details, when a user visits a website and password details. However, as one GCHQ slide notes "most events can be associated back to TDIs".
One GCHQ slide reveals that the sources of these cookies being actively tracked by the agency include Facebook, YouTube, Amazon and WordPress.
A GCHQ spokesperson told V3 that it is "long-standing policy" not to comment on matters of intelligence.
"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework ... which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state [and the] interception and intelligence services," stated the agency.
The news comes after the head of MI5, Andrew Parker, claimed that encryption technologies are making it harder for the security agencies to tackle terrorism, and that firms such as Facebook have a responsibility to pass data to the intelligence services.
"The important thing to say is that we're focused on the people who mean us harm. We're not about browsing through the private lives of the citizens of this country. We do not have population-scale monitoring or anything like that," Parker said at the time.
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons