Policy

What the NSA Knows: Study Shows How Revealing 'Just Metadata' Can Be

|

Office of Dianne Feinstein

After the National Security Agency's routine collection of Americans' phone records came to light last summer, Sen. Dianne Feinstein (D-Calif.), who as chairwoman of the Senate Intelligence Committee already knew about the program, did not understand what the big deal was. "This is just metadata," she told reporters. "There is no content involved." One of her colleagues on the intelligence committee, Sen. Ron Wyden (D-Ore.), was less blasé, warning that "just metadata" can be very revealing. "If you know who someone called, when they called, where they called from, and how long they talked," he said in a speech the following month, "you lay bare the personal lives of law-abiding Americans to the scrutiny of government bureaucrats and outside contractors."

A recent study by Jonathan Mayer and Patrick Mutchler, computer science graduate students at Stanford, illustrates Wyden's point. Beginning last November, Mayer and Mutchler used a smartphone app called MetaPhone to collect metadata from 546 volunteers. They analyzed the information to see how much they could deduce about the people making the calls. Using publicly available directories (Yelp and Google Places), they identified specific parties called by the volunteers about one-fifth of the time (6,107 of 33,688 unique numbers). Among other things, they found that 57 percent of the subjects had made medical calls, 40 percent had called financial institutions, 30 percent had called pharmacies, 10 percent had called businesses offering legal services, and 8 percent had called religious organizations. The last sort of call allowed Mayer and Mutchler to correctly identify the subject's religion about three-quarters of the time. 

"The degree of sensitivity among contacts took us aback," Mayer writes. "Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale." Here are some examples of personal information uncovered by the study:

  • Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
  • Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
  • Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
  • In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
  • Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

"We were able to infer medical conditions, firearm ownership and more, using solely phone metadata," Mayer writes. "Phone metadata [are] unambiguously sensitive, even over a small sample and short time window." As U.S. District Judge Richard Leon observed when he ruled that the NSA's metadata collection is probably unconstitutional, "Records that once would have revealed a few scattered tiles of information about a person now reveal an entire mosaic—a vibrant and constantly updating picture of the person's life."

Jess Remington noted Mayer and Mutchler's earlier work on linking phone numbers to people or businesses.