Researchers: Phone metadata surveillance reveals VERY personal info about callers

Just metadata with no content is another lie proven by Stanford computer scientists who showed how metadata reveals highly sensitive info and risks privacy.

Let's assume you know nothing about a person except for that during a three-week period, that person called "a home improvement store, locksmiths, a hydroponics dealer, and a head shop." While you still don't know that person, you certainly have insight into their private life that might allow you to infer a certain scenario. All of that sensitive information came from phone metadata surveillance.

The federal government would have you believe that the NSA's mass surveillance of phone metadata doesn't reveal sensitive personal information about citizens. When defending the NSA program, Senator Dianne Feinstein, who was recently accused of "giving hypocrisy a bad name," stressed that collection contains "just metadata" and "no content of a communication." President Obama also claimed the NSA is "not looking at content." When the judge tossed out the ACLU's legal challenge of the NSA's surveillance, he blew off the possibility of metadata inferring sensitive info as a "parade of horribles." But two Stanford grad students proved that metadata can be used to drill down into sensitive details about a person's private life.

Computer scientists Jonathan Mayer and Patrick Mutchler, both grad students at Stanford, have been studying phone metadata privacy since November 2013. 546 volunteers had Android smartphones running a MetaPhone app, which "submits device logs and social network information for analysis." The researchers "matched phone numbers against public Yelp and Google Places directories to see who was being called. From the phone numbers, it was possible to determine that 57% of the volunteers made at least one medical call. 40% made a call related to financial services. The volunteers called 33,688 unique numbers; 6,107 of those numbers, or 18%, were isolated to a particular identity."

Here's another metadata snapshot example: One study participant had "a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after."

Another participant called "multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis."

Do the examples above infer very sensitive info about the people making the calls? "A pattern of calls will, of course, reveal more than individual call records," Mayer said. "In our analysis, we identified a number of patterns that were highly indicative of sensitive activities or traits."

"Phone metadata is unambiguously sensitive, even over a small sample and short time window," stated Mayer. "We were able to infer medical conditions, firearm ownership and more, using solely phone metadata." He added, "It would be no technical challenge to scale these identifications to a larger population."

The researchers previously "used the MetaPhone dataset to spot relationships, understand call graph interconnectivity, and estimate the identifiability of phone numbers." This time, the researchers used the crowdsourced data to determine that "metadata surveillance can be used to identify information about callers including medical conditions, financial and legal connections, and even whether they own a gun."

"Many organizations have a narrow purpose, such that an individual call gives rise to sensitive inferences," the researchers explained. They found that numerous calls had "straightforward inferences" such as pharmacies, legal services, firearm sales and repair, adult establishments, marijuana dispensaries, religious organizations, political campaigns and financial services. "Many numbers were associated with specialized products or services, particularly within professional fields," they wrote before further breaking down the medical category into specialty practice areas.

The degree of sensitivity among contacts took us aback. Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.

Mayer and Mutchler concluded:

The dataset that we analyzed in this report spanned hundreds of users over several months. Phone records held by the NSA and telecoms span millions of Americans over multiple years. Reasonable minds can disagree about the policy and legal constraints that should be imposed on those databases. The science, however, is clear: phone metadata is highly sensitive.

So all those "just metadata" and "no content" assurances from the President and intelligence agency "experts" are apparently just more of the same...lies, damned lies as proven by science and the Stanford grad student's research.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2014 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline