What can we learn about a person just by looking at the people they call? We looked at that very question when we analyzed our own metadata and came to some surprising conclusions. But what do past phone-surveillance scandals tell us?
Published details about the NSA’s formerly secret cell-phone surveillance program are scarce. The few known facts come from classified court documents published by the Guardian—which show that Verizon gives the NSA information about the calling number, the receiving number, the call length, and the callers’ approximate locations each time a Verizon customer picks up the phone. The Wall Street Journal reports that the NSA collects similar data from AT&T and Sprint.
Such cell-phone "metadata" gives the NSA information about your conversations, but does not reveal the actual content of the conversations themselves. But computer security expert Susan Landau explains in The New Yorker that such cell-phone metadata could tell the NSA a lot about an individual’s personal life:
For example, she said, in the world of business, a pattern of phone calls from key executives can reveal impending corporate takeovers. Personal phone calls can also reveal sensitive medical information: "You can see a call to a gynecologist, and then a call to an oncologist, and then a call to close family members."
Joe Hall, a senior technologist with the Center for Democracy and Technology, takes it a step further. "I think metadata is more valuable to law enforcement than content," he says. "There is a whole lot of academic work that shows that rough data can tell you a whole lot about people."
For example, Hall cited one study that can uniquely identify someone based on prior patterns in their movement:
In a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier’s antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.
Metadata can also reveal a lot about networks of individuals. Mathematician Jonathan Farley of the Research Institute for Mathematics explained that: "Researchers have used simulated or real communications traffic to build the hierarchy of an organization." He pointed to studies that used metadata to gain insights into the hierarchy of Enron or the structure of the 9/11 terror cells.
In the Enron study, Jafar Adibi, then a researcher with University of Southern California, searched Enron’s email metadata looking for people who sent emails to lots of other people within the company. Based on metadata alone, he concluded that one of the key players in the Enron network was CEO Ken Lay’s secretary. This conclusion was not exactly right—but it does show how you can learn things about the structure of a network without observing the network traffic itself. (Farley used this same example in a 2006 op-ed on metadata—although he says he no longer fully endorses all of the positions he laid out in that article).
But even though metadata could be used to find terrorism, both Farley and Hall caution that methods used to glean information based on metadata would almost certainly focus the NSA’s attention on people who are not breaking any laws.
"For instance, someone may have sent or received 100 emails today, but only one terrorism-related email," says Farley. "Will the CIA or FBI chase down 99 people who have nothing to do with terrorism?"
Hall questions whether the NSA has actually learned enough to justify the increased surveillance. "We want to make sure cops have the tools to stop crime," he explains. "But all we see is a lot of data collection."
[Video: Flickr user Daviddje]