searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus

Black Hat USA 2022: Videos, news, interviews – our complete coverage is here!

Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security
May 18, 2016
Share

Phone metadata can reveal sensitive info about individuals

Since Snowden revealed that the NSA collects from Verizon phone records of US citizens on a daily basis, those who support that kind of collection have been repeatedly pointing out that it’s “just metadata.”

phone metadata

The statement was meant to appease the public, as if sensitive information about various individuals that did nothing illegal can’t be discovered and inferred from it. Well, that’s simply not true.

The latest proof can be found in the results of a recent paper by three Stanford computer science and law researchers.

They collected and analyzed telephone and text message logs of 823 volunteers. They discovered that by possessing the numbers, times and lengths of communications that the volunteers effected, and by pairing that information with the information on the volunteers’ Facebook account, they could infer or discover much about those individuals.

This includes things like specific medical problems they have, the fact that they likely own a specific firearm or are engaged in growing cannabis, the likely identity of their significant other, their current location, and so on.

Their research also pointed out just how many people can get caught up in a single surveillance sweep.

“Certain metadata surveillance programs impose a ‘hop’ constraint, most notably the NSA’s domestic telephone program. After accessing metadata on a suspected (‘seed’) telephone number, an analyst can retrieve records for numbers one or more edges (‘hops’) distant in a connectivity graph,” the researchers explained. “These restrictions are intended to constrain the volume of metadata that an agency can access. Although the NSA program initially allowed three hops, executive officials scaled it back to two hops following criticism.”

But even with two hops, the NSA could pull metadata of roughly 25,000 individuals when their surveillance efforts start with just one “seed” phone user.

The researchers also pointed out that while currently 5 years of phone call metadata is available to NSA analysts, the White House is looking into reducing that batch to include only data collected in the last 18 months.

“Our results lend strong support to the view that telephone metadata is extraordinarily sensitive, especially when paired with a broad array of readily available information. For a randomly selected telephone subscriber, over a short period, drawing these sorts of sensitive inferences may not be feasible. However, over a large sample of telephone subscribers, over a lengthy period, it is inevitable that some individuals will expose deeply sensitive information. It follows that large-scale metadata surveillance programs, like the NSA’s, will necessarily expose highly confidential information about ordinary citizens,” the researchers concluded.

They hope their research will help policy makers have a better idea of how metadata can be sensitive data, and to strike a better balance between national security and civil liberties.




More about
  • data analysis
  • data collection
  • government
  • metadata
  • privacy
  • surveillance
Share this

Featured news

  • Malicious PyPI packages drop ransomware, fileless malware
  • How bad actors are utilizing the InterPlanetary File Systems (IPFS)
  • Black Hat USA 2022 video walkthrough
Cisco has been hacked by a ransomware gang

What's new

The impact of exploitable misconfigurations on network security

25% of employees don’t care enough about cybersecurity to report a security incident

New infosec products of the week: August 12, 2022

Malicious PyPI packages drop ransomware, fileless malware

Don't miss

Malicious PyPI packages drop ransomware, fileless malware

How bad actors are utilizing the InterPlanetary File Systems (IPFS)

Cisco has been hacked by a ransomware gang

Which malware delivery techniques are currently favored by attackers?

Black Hat USA 2022 video walkthrough

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • The challenges of managing the modern external attack surface
  • Understanding your attack surface is key to recognizing what you are defending
  • Machine learning creates a new attack surface requiring specialized defenses
  • Browser synchronization abuse: Bookmarks as a covert data exfiltration channel

(IN)SECURE Magazine ISSUE 72 (July 2022)

  • 7 threat detection challenges CISOs face and what they can do about it
  • How to set up a powerful insider threat program
  • An offensive mindset is crucial for effective cyber defense
Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise