After the National Security
Agency’s routine collection of Americans’ phone records came to
light last summer, Sen. Dianne Feinstein (D-Calif.), who as
chairwoman of the Senate Intelligence Committee already knew about
the program, did not understand what the big deal was. “This is
just metadata,” she
told reporters. “There is no content involved.” One of her
colleagues on the intelligence committee, Sen. Ron Wyden (D-Ore.),
was less blasé, warning that “just metadata” can be very revealing.
“If you know who someone called, when they called, where they
called from, and how long they talked,” he said in
a speech the following month, “you lay bare the personal lives of
law-abiding Americans to the scrutiny of government bureaucrats and
outside contractors.”
A
recent study by Jonathan Mayer and Patrick Mutchler, computer
science graduate students at Stanford, illustrates Wyden’s point.
Beginning last November, Mayer and Mutchler used a smartphone app
called MetaPhone to collect metadata from 546 volunteers. They
analyzed the information to see how much they could deduce about
the people making the calls. Using publicly available directories
(Yelp and Google Places), they identified specific parties called
by the volunteers about one-fifth of the time (6,107 of 33,688
unique numbers). Among other things, they found that 57 percent of
the subjects had made medical calls, 40 percent had called
financial institutions, 30 percent had called pharmacies, 10
percent had called businesses offering legal services, and 8
percent had called religious organizations. The last sort of call
allowed Mayer and Mutchler to correctly identify the subject’s
religion about three-quarters of the time.
“The degree of sensitivity among contacts took us aback,” Mayer
writes. “Participants had calls with Alcoholics Anonymous, gun
stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually
transmitted disease clinics, a Canadian import pharmacy, strip
clubs, and much more. This was not a hypothetical parade of
horribles. These were simple inferences, about real phone users,
that could trivially be made on a large scale.” Here are some
examples of personal nformation uncovered by the study:
- Participant A communicated with multiple local neurology
groups, a specialty pharmacy, a rare condition management service,
and a hotline for a pharmaceutical used solely to treat relapsing
multiple sclerosis. - Participant B spoke at length with cardiologists at a major
medical center, talked briefly with a medical laboratory, received
calls from a pharmacy, and placed short calls to a home reporting
hotline for a medical device used to monitor cardiac
arrhythmia. - Participant C made a number of calls to a firearm store that
specializes in the AR semiautomatic rifle platform. They also spoke
at length with customer service for a firearm manufacturer that
produces an AR line. - In a span of three weeks, Participant D contacted a home
improvement store, locksmiths, a hydroponics dealer, and a head
shop. - Participant E had a long, early morning call with her sister.
Two days later, she placed a series of calls to the local Planned
Parenthood location. She placed brief additional calls two weeks
later, and made a final call a month after.
“We were able to infer medical conditions, firearm ownership and
more, using solely phone metadata,” Mayer writes. “Phone
metadata [are] unambiguously sensitive, even over a small
sample and short time window.” As U.S. District Judge Richard Leon
observed when he
ruled that the NSA’s metadata collection is probably
unconstitutional, “Records that once would have revealed a few
scattered tiles of information about a person now reveal an entire
mosaic—a vibrant and constantly updating picture of the person’s
life.”
Jess Remington
noted Mayer and Mutchler’s earlier work on linking phone
numbers to people or businesses.
from Hit & Run http://ift.tt/1geNyRl
via IFTTT