When the NSA was first caught with its hand in the cookie jar recording massive amounts of US citizens’ telephone information, it defended its actions by saying that it only collected ‘metadata’ – where, when, to who etc. calls were made., but not their actual content. Collection of metadata, or ‘anonymous usage statics’ is now almost ubiquitous, not just by spying agencies such as the NSA and GHCQ, but all sorts of commercial organisations as well, and is invariably defended on the grounds that as no actual conversations are recorded (or websites visited logged etc.), this is just harmless data.
Such argument are however, patently misleading, or why else would the NSA (and just about everyone else) be so keen on collecting this information? Metadata analysis can reveal shockingly large amounts of detailed personal information, as a new study by Stanford University confirms. In the study of 546 volunteers, researchers were able to identify a multiple sclerosis patient, a cannabis grower, and a visitor to an abortion clinic using just the time and destination of their calls.
Volunteers installed an app called ‘MetaPhone’ on their Android phones, which passed on who and when they called to researchers at the Stanford Security Laboratory, who also had access to their public Facebook page. The research team found that over a three week period,
‘We encountered a number of patterns that were highly indicative of sensitive activities or traits… [One volunteer] communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis… [Another] had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after… [A third] contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.’
Referencing statements by Barak Obama that the NSA was ‘not looking at content’, the report questions whether the legal distinction between ‘content’ and metadata’ is in fact meaningful. However, given how specific the type of information collected clearly is, researcher Jonathon Mayer’s (the same researcher who found that Google was illegally hacking cookies in Apple’s Safari browser so they would show tailored adverts) conclusion that the results ‘are strongly suggestive of the sensitivity in NSA and telecom databases’ seems rather mild.
‘Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.’