Your phone can tell the government everything

Time and again NSA’s data collecting ways have been defended for not being specific. “It’s just metadata, it’s not content,” the agency and its defenders have said.

Yet a new study has confirmed our worst fears. Metadata makes precise inferences of the most personal aspects of our lives, including “familial, political, professional, religious, and sexual associations,” probable.

The study crowdsourced its own metadata through the MetaPhone app, which submitted Android device logs and social network information for analysis. Despite an exceedingly small MetaPhone population, the analysts discovered that phone metadata was “unambiguously sensitive” and useful for inferring medical details, gun ownership and more.

William Binney, a highly-regarded data analyst, mathematician and NSA whistle-blower warned of the same thing as early as June of 2013.

“When you take all those records of who’s communicating with who, you can build social networks and communities for everyone in the world … And when you marry it up with the content you have leverage against everybody in the country,” he said.

Binney beileved that NSA was collecting content as well, despite what higher-ups have stated about the data miners.

Mark Rumold, a staff attorney at the Electronic Frontier Foundation, told the Daily Intelligencer that the NSA uses “metadata to create communications maps of Americans. So when they have a target — someone they believe is connected to terrorism — pull up their communications map.”

In their study, computer scientists Jonathan Mayer and Patrick Mutchler were able to create a smaller-scale mapping by getting a handle on the app-users’ contacts and labeling the ones related to “sensitive activity” by an organization’s obvious line of business or a quick Google search.

The result: legitimate inferences about real people based on their individual calls to sensitive numbers and habitual calling patterns.

For example:

The case of religious organizations gave us an opportunity to check the precision of our inferences. Since the MetaPhone app collects a user’s religion from his or her Facebook profile, we could compare phone metadata inferences against ground truth. There were 15 participants with both a well-defined religious status on Facebook (including atheism) and phone contact with a religious organization. Using just the naïve assumption that a person’s most-called religion is their own religion, we accurately identified the religious status of 11 of the 15 (73%).

Many numbers were associated with specialized products or services, particularly within professional fields. In medicine, for example, we were able to easily categorize phone numbers by specialty practice area.

The degree of sensitivity among contacts took us aback. Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.

So much for a lack of specificity and content.

The study unequivocally concludes that, although there is room to debate the mining policy and potential legal constraints, phone metadata is “highly sensitive” and not something to discount cavalierly.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *