Metadata Reveals Sensitive, Private Information

The President and other apologists for the NSA have defended the NSA’s illegal mass surveillance of US telephones by arguing that it’s “only” metadata, so “nobody is listening to our telephone calls.” But where, when, how long and to whom customers make phone calls does reveal information that could easily be used to blackmail, stifle and control. A group of computer scientists at Stanford’s Security Laboratory gathered information from volunteers who agreed to have an app on their cell phone mimic what the NSA collects. Here is an initial report.

At the outset of this study, we shared the same hypothesis as our computer science colleagues—we thought phone metadata could be very sensitive. We did not anticipate finding much evidence one way or the other, however, since the MetaPhone participant population is small and participants only provide a few months of phone activity on average.

We were wrong…The degree of sensitivity among contacts took us aback. Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.

…Though most MetaPhone participants consented to having their identity disclosed, we use pseudonyms in this report to protect participant privacy.

  • Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
  • Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
  • Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
  • In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
  • Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.

In other news, a former president believes that his email is being monitored. He is probably correct. Monitoring presidential candidates is all too realistic.

Fortunately, President Obama has announced that the bulk collection of phone calls will end. Dismantling that illegal program is a start. Obviously, this would not have happened without the revelations of Edward Snowden.

Comments

Comments for this post are closed