Stanford computer scientists show telephone metadata can reveal surprisingly sensitive personal information by Bjorn Carey.
The intelligence community assertion that telephone metadata only enables “connecting the dots,” has been confirmed to be a lie.
From the post:
Most people might not give telephone metadata – the numbers you dial, the length of your calls – a second thought. Some government officials probably view it as similarly trivial, which is why this information can be obtained without a warrant.
But a new analysis by Stanford computer scientists shows that it is possible to identify a person’s private information – such as health details – from metadata alone. Additionally, following metadata “hops” from one person’s communications can involve thousands of other people.
The researchers set out to fill knowledge gaps within the National Security Agency’s current phone metadata program, which has drawn conflicting assertions about its privacy impacts. The law currently treats call content and metadata separately and makes it easier for government agencies to obtain metadata, in part because it assumes that it shouldn’t be possible to infer specific sensitive details about people based on metadata alone.
The findings, reported today in the Proceedings of the National Academy of Sciences, provide the first empirical data on the privacy properties of telephone metadata. Preliminary versions of the work, previously made available online, have already played a role in federal surveillance policy and have been cited in litigation filings and letters to legislators in both the United States and abroad. The final work could be used to help make more informed policy decisions about government surveillance and consumer data privacy.
The computer scientists built a smartphone application that retrieved the previous call and text message metadata – the numbers, times and lengths of communications – from more than 800 volunteers’ smartphone logs. In total, participants provided records of more than 250,000 calls and 1.2 million texts. The researchers then used a combination of inexpensive automated and manual processes to illustrate both the extent of the reach – how many people would be involved in a scan of a single person – and the level of sensitive information that can be gleaned about each user.
From a small selection of the users, the Stanford researchers were able to infer, for instance, that a person who placed several calls to a cardiologist, a local drugstore and a cardiac arrhythmia monitoring device hotline likely suffers from cardiac arrhythmia. Another study participant likely owns an AR semiautomatic rifle, based on frequent calls to a local firearms dealer that prominently advertises AR semiautomatic rifles and to the customer support hotline of a major firearm manufacturer that produces these rifles.
One of the government’s justifications for allowing law enforcement and national security agencies to access metadata without warrants is the underlying belief that it’s not sensitive information. This work shows that assumption is not true.
…
See Carey’s post for the laypersons explanation of the Stanford findings or dive into Evaluating the privacy properties of telephone metadata by Jonathan Mayera, Patrick Mutchler, and John C. Mitchell, for more detailed analysis. (Thankfully open access.)
Would law enforcement and national security agencies think telephone metadata is not sensitive if hackers were obtaining it from telecommunication companies and/or from the electromagnetic field where communication signals are found?
If you were interested only in law enforcement, national security agencies and governments, a much smaller set of data for tracking and processing.
Sounds like a business opportunity, depending on what country, their degree of technology, market conditions for pro/anti government data.
U.S. government satellites collect such data but it is shared (or not) for odd and obscure reasons.
I’m thinking more along the lines of commercial transactions between willing sellers and buyers.
Think of it as a Rent-An-NSA type venture. Customers don’t want or need 24×7 rivals for power. Properly organized, they could buy as much or as little intelligence as they need. Exclusive access to some intelligence would be a premium product.