What the NSA Knows: Study Shows How Revealing 'Just Metadata' Can Be

Jacob Sullum | 3.13.2014 1:50 PM

Nothing to hide, nothing to fear. — Office of Dianne Feinstein

After the National Security Agency's routine collection of Americans' phone records came to light last summer, Sen. Dianne Feinstein (D-Calif.), who as chairwoman of the Senate Intelligence Committee already knew about the program, did not understand what the big deal was. "This is just metadata," she told reporters. "There is no content involved." One of her colleagues on the intelligence committee, Sen. Ron Wyden (D-Ore.), was less blasé, warning that "just metadata" can be very revealing. "If you know who someone called, when they called, where they called from, and how long they talked," he said in a speech the following month, "you lay bare the personal lives of law-abiding Americans to the scrutiny of government bureaucrats and outside contractors."

A recent study by Jonathan Mayer and Patrick Mutchler, computer science graduate students at Stanford, illustrates Wyden's point. Beginning last November, Mayer and Mutchler used a smartphone app called MetaPhone to collect metadata from 546 volunteers. They analyzed the information to see how much they could deduce about the people making the calls. Using publicly available directories (Yelp and Google Places), they identified specific parties called by the volunteers about one-fifth of the time (6,107 of 33,688 unique numbers). Among other things, they found that 57 percent of the subjects had made medical calls, 40 percent had called financial institutions, 30 percent had called pharmacies, 10 percent had called businesses offering legal services, and 8 percent had called religious organizations. The last sort of call allowed Mayer and Mutchler to correctly identify the subject's religion about three-quarters of the time.

"The degree of sensitivity among contacts took us aback," Mayer writes. "Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale." Here are some examples of personal information uncovered by the study:

Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

"We were able to infer medical conditions, firearm ownership and more, using solely phone metadata," Mayer writes. "Phone metadata [are] unambiguously sensitive, even over a small sample and short time window." As U.S. District Judge Richard Leon observed when he ruled that the NSA's metadata collection is probably unconstitutional, "Records that once would have revealed a few scattered tiles of information about a person now reveal an entire mosaic—a vibrant and constantly updating picture of the person's life."

Jess Remington noted Mayer and Mutchler's earlier work on linking phone numbers to people or businesses.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Cities Funding Newspapers? What Could Possibly Go Wrong!

Hide Comments (58)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

SIV 11 years ago

#TrollFreeThursday
1. Auric Demonocles 11 years ago
  
  I'm going to engage one just to spite you.
  1. Bobarian 11 years ago
    
    You just did?
2. WTF 11 years ago
  
  What's with the sharp symbol?
  1. Wasteland Wanderer 11 years ago
    
    Everyone knows that's the pound symbol, dude.
    1. Brett L 11 years ago
      
      "I have five years experience with C-pound"
      1. UnCivilServant 11 years ago
        
        Anyone who advertises their experience in C# will not work with me. (But then again, I do manage UNIX boxes...)
        
        CE 11 years ago
        
        Musicians.
    2. pmains 11 years ago
      
      Wrong! It's the Octothorpe.
      1. UnCivilServant 11 years ago
        
        LIES! It's clearly a tic-tac-toe board.
        
        VicRattlehead 11 years ago
        
        For ants!
3. CE 11 years ago
  
  Isn't this a form of trolling?
  1. SIV 11 years ago
    
    Only when you respond.
    1. CE 11 years ago
      
      Which you just did.
4. GILMORE 11 years ago
  
  #hashtagsR4fags
5. Jordan 11 years ago
  
  I'm going to make doubly sure to respond to trolls, since you keep spamming this.
Paul. 11 years ago

Beginning last November, Mayer and Mutchler used a smartphone app called MetaPhone to collect metadata from 546 volunteers.

The NSA's been running this same study on 360 million volunteers. They found it was no big deal. The science is settled.
1. PD Scott 11 years ago
  
  Americans were found to be docile, untrustworthy but easily distracted.
2. Quixote 11 years ago
  
  Participant P sent out "Gmail confessions" in the "name" of Feinstein and Clapper. Arrest the provocateur and send him to one of our American penal colonies. Like they did with that other one in New York:
  
  http://raphaelgolbtrial.wordpress.com/
CE 11 years ago

Participant F commented on Reason message boards all day, read Lew Rockwell for a few hours, linked to a few Jezebel articles for some reason, then read the Free State Project forums. Arrest him.
1. Brett L 11 years ago
  
  I wonder whether the NSA would be more concerned about Participant C or Participant D. And now that the SoCons have learned to play the regulation game, they would be able to hassle Participant E about not paying her abortion tax.
  1. Adam330 11 years ago
    
    It's not an abortion tax- it's a Shared Responsibility for Life fee.
GILMORE 11 years ago

"In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop."

Oh, man.

Someone broke into this guy's greenhouse to steal his tomatoes and now the roof leaks?!
1. Brett L 11 years ago
  
  And it made his glaucoma worse.
2. larry hammond 11 years ago
  
  Yeah, could be that but I bet the DEA wouldn't have any problem getting a warrant and executing a no-knock raid on this home killing all present for good measure.
  1. Raston Bot 11 years ago
    
    and then the DEA would launder intelligence to hide their warrantless NSA source use parallel construction to show probable cause.
PD Scott 11 years ago

Every time I see that pic of DiFi I imagine her holding out a unnaturally shiny red apple for Snow White.
1. GILMORE 11 years ago
  
  Alt-Text = "...WHO IS THE EVIL-EST OF THEM ALL?"
2. Hugh Akston 11 years ago
  
  No no, she's obviously trying to goad Luke Skywalker into killing Darth Vader.
  1. PD Scott 11 years ago
    
    Hmm, the Emperor did make a big deal about how he was unarmed.
    
    And I know Luke basically got a Jedi GED, but shouldn't Yoda have mentioned "Remember you must, from the Emperor's hands lightning can come. Throw away your light saber not, lest electrocuted you are."
    1. UnCivilServant 11 years ago
      
      Given that the frog-Jedi gave virtually no practical advice regarding the actual tasks involved (or for much of anything), why would he?
      1. Dr. Frankenstien 11 years ago
        
        Yoda was French?
        
        But yes,
        
        O.k. I'm running off to face Darth Vader. Since you're giving me last minute advice anything else I need to know.
        
        Um, He may tell you he's your father.
      2. aix42 11 years ago
        
        One of the few redeeming qualities of the prequels was to perfectly explain why the Jedi were wiped out. They were completely incompetent head up their ass idiots. Like most bureaucracies.
        
        PD Scott 11 years ago
        
        "When 900 years old you are, increase your budget as well you will not."
        
        Brett L 11 years ago
        
        Prequels? The fan-fic things?
3. Max Power 11 years ago
  
  I imagine a robot arm lowering her hair down onto her head and then blasting makeup onto her face from a nozzle.
  1. Swiss Servator, alles klar? 11 years ago
    
    Jetsons style!
4. Francisco d'Anconia 11 years ago
  
  I keep waiting for a house to fall on her.
Lord Humungus 11 years ago

A volunteer, who we shall call Warty, made several calls to inquire about industrial chippers, a bulk quicklime provider, and to Home Depot to buy garbage bags. He also bought shares in a rope and twine company.
1. Wasteland Wanderer 11 years ago
  
  He also made two long calls to clinics specializing in researching new forms of STDs.
2. Warty 11 years ago
  
  Jesus. You can't even build strongman equipment anymore these days without people getting suspicious.
  1. Swiss Servator, alles klar? 11 years ago
    
    Try basement repairs and they are all over you!
    
    /Ghost of John Wayne Gacy
3. fish 11 years ago
  
  So nothing out of the ordinary for subject W then.
4. Paul. 11 years ago
  
  What, no duct tape?
  1. Swiss Servator, alles klar? 11 years ago
    
    "He also bought shares in a rope and twine company."
    
    He is old school when it comes to binding. That or he just uses tentacles.
kinnath 11 years ago

Get a burner phone if you're going to start a criminal enterprise; start an affair with someone other than your spouse; start a political career; or report on NSA security abuses.
1. Bobarian 11 years ago
  
  Especially the last one.
2. Paul. 11 years ago
  
  *rapidly taking notes*
Invisible Finger 11 years ago

You know, even on The Wire the metadata was the most important part of the prosecution's case. The fact that ALL content was labelled "pertinent data" wound up being beside the point.
1. Paul. 11 years ago
  
  Apropos of Kinnath's comment above, do you remember how the prosecutor got huffy with the cell phone company exec that they were essentially aiding and abetting criminal activity by selling 'burners'?
  1. Zeb 11 years ago
    
    That bit did stick out to me as well. I wanted to yell at her. But it also improves the realism.
  2. Invisible Finger 11 years ago
    
    Very much. I wasn't really sure if David Simon was being an overt statist with the scene or if he was trying to be as realistic as possible about how entitled prosecutors think they are.
    
    But the simple fact is you can buy a prepaid phone with cash and buy all the airtime with cash so the transaction can be 100% anonymous and that removes a lot of the meaning from the metadata anyway. You'd have to collect a few days' worth of location info at the least to even identify a location; even going through that trouble isn't worth it because you'd have to connect so many numbers you wouldn't get anywhere. If they're willing to move stash houses on a daily basis, they'd be willing to move authorized phone use locations just as often. By the time they sift through the data to identify a pattern, the data is already obsolete. Shit, Stringer was swapping SIM cards which confused the government brainiacs.
Jerryskids 11 years ago

Why is anybody surprised that metadata collection isn't just some minimally intrusive, minimally useful, non-important-information collecting program? Just because the NSA claims that it is? If it were, why would the NSA want it so bad?

Look at it this way - suppose some random guy comes to your house and says he has noticed you have a broken-down, junky, worthless old piece of furniture on your front porch and he would like to take it off your hands for $20. You aren't sure why the guy would pay $20 for that piece of trash cluttering up your porch so you suspect something may be up and tell him you'll have to talk to your wife about it. He then tells you to talk it over with your wife and give him a call if you decide to take his offer - and then hands you his business card which shows he's an antique dealer.

Question: Do you still think that old piece of furniture sitting on your porch is a broken-down, worthless piece of junk? Or do you think maybe the guy has a very good reason for wanting you to believe that it's a broken-down, worthless piece of junk but it really isn't?
DesigNate 11 years ago

Every time I see her smug face I hope that someone is about to throw a bucket of water on her.
Adam330 11 years ago

I'll believe that meta-data is unimportant the moment that DiFi posts all metadata from her office, home, and cell phones on the web.
BillEverman 11 years ago

While this study does make its point, I'm not sure that it's objective enough. The participants were all volunteers, and they volunteered ahead of time for this information to be collected. That means that their behavior could have been affected by the fact that they knew the information was going to be used to demonstrate the amount of information that could be gathered via metadata. For example, if I were participating, I would be strongly tempted to make several calls per day to a mosque, an STD clinic, a random pay phone in Pakistan, and the offices of Rep. Peter King.

In order to get a truly objective understanding of the revelatory nature of metadata, we should be reviewing the last few years of phone records of people who didn't expect their records to be looked at for this purpose, and who would perhaps be motivated to provide their records to prove their belief that gathering metadata isn't an invasion of privacy. I can think of no one better than the members of the Senate Intelligence Committee. After all, if you've got nothing to hide...
ConstitutionFirst 11 years ago

What part of being safe from unreasonable, warrant-less searches is so difficult to understand, sheeple?

With all due respect, this started long before 0bama got in, but wasn't he supposed to "Change" all this?

Seems to me he recognized the potential for abuse and took full advantage of it... to abuse it. There's your change... for the worse.
AmericanPrivacy 11 years ago

The US Government has turned the Internet into something it was never intended to be: a system for spying on us in our most private moments. By tapping Internet cables, undermining security standards, and getting our data from companies in secret, the National Security Agency has built the largest surveillance apparatus in history and is collecting information on most Internet users.

This is a watershed moment for our freedom to live our lives and the privacy to be who we are. With NSA surveillance programs, the US Government now has the power to arbitrarily track, target, and go after any one of us -- our friends, family, the journalists and activists we depend on -- because they don't like our ideas. In a world without privacy, anything you've written, done, or seen can be used against you, making your life a nightmare. Spying IS censorship. Now that we know, WE decide what happens next.
Americans Right to Privacy has solutions and I am anxious to share them with you. We offer secure, encrypted email, a Virtual Private Network (VPN) which secures your computer's internet connection and changes your IP address every 10 minutes to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes. Also a "Swiss Bank Account for your Data" Digital Safe! Switzerland, a country known for its strict data privacy laws, has no back door access to encryption for any government agency, not even Switzerland itself!
http://www.americansrighttoprivacy.com

Please log in to post comments

What the NSA Knows: Study Shows How Revealing 'Just Metadata' Can Be

Latest

Government Argues It's Too Much To Ask the FBI To Check the Address Before Blowing Up a Home

The U.K. Trade Deal Screws American Consumers

A New Survey Suggests Illicit Opioid Use Is Much More Common Than the Government's Numbers Indicate

Judge Orders Tufts Grad Student Rumeysa Ozturk Be Released on Bail From Immigration Detention

Georgia Man Who Spent 6 Weeks in Jail on a Kidnapping Charge Says He Was Helping a Falling Child

Recommended

Login Form