Phone metadata can reveal sensitive info about individuals

Since Snowden revealed that the NSA collects from Verizon phone records of US citizens on a daily basis, those who support that kind of collection have been repeatedly pointing out that it’s “just metadata.”

The statement was meant to appease the public, as if sensitive information about various individuals that did nothing illegal can’t be discovered and inferred from it. Well, that’s simply not true.

The latest proof can be found in the results of a recent paper by three Stanford computer science and law researchers.

They collected and analyzed telephone and text message logs of 823 volunteers. They discovered that by possessing the numbers, times and lengths of communications that the volunteers effected, and by pairing that information with the information on the volunteers’ Facebook account, they could infer or discover much about those individuals.

This includes things like specific medical problems they have, the fact that they likely own a specific firearm or are engaged in growing cannabis, the likely identity of their significant other, their current location, and so on.

Their research also pointed out just how many people can get caught up in a single surveillance sweep.

“Certain metadata surveillance programs impose a ‘hop’ constraint, most notably the NSA’s domestic telephone program. After accessing metadata on a suspected (‘seed’) telephone number, an analyst can retrieve records for numbers one or more edges (‘hops’) distant in a connectivity graph,” the researchers explained. “These restrictions are intended to constrain the volume of metadata that an agency can access. Although the NSA program initially allowed three hops, executive officials scaled it back to two hops following criticism.”

But even with two hops, the NSA could pull metadata of roughly 25,000 individuals when their surveillance efforts start with just one “seed” phone user.

The researchers also pointed out that while currently 5 years of phone call metadata is available to NSA analysts, the White House is looking into reducing that batch to include only data collected in the last 18 months.

“Our results lend strong support to the view that telephone metadata is extraordinarily sensitive, especially when paired with a broad array of readily available information. For a randomly selected telephone subscriber, over a short period, drawing these sorts of sensitive inferences may not be feasible. However, over a large sample of telephone subscribers, over a lengthy period, it is inevitable that some individuals will expose deeply sensitive information. It follows that large-scale metadata surveillance programs, like the NSA’s, will necessarily expose highly confidential information about ordinary citizens,” the researchers concluded.

They hope their research will help policy makers have a better idea of how metadata can be sensitive data, and to strike a better balance between national security and civil liberties.