One of the US government’s justifications for allowing security agencies to access metadata without warrants is the underlying belief that it’s not sensitive information. A new study shows that assumption is not true.
“I was somewhat surprised by how successfully we inferred sensitive details about individuals.”
To find out exactly how much personal information officials can gather by monitoring the numbers you dial and the length of your calls, computer scientists built a smartphone app that could retrieve the previous call and text message metadata—the numbers, times, and lengths of communications—from more than 800 volunteers’ smartphone logs.
In total, participants provided records of more than 250,000 calls and 1.2 million texts. The findings, reported in the Proceedings of the National Academy of Sciences, provide the first empirical data on the privacy properties of telephone metadata.
Then researchers used a combination of inexpensive automated and manual processes to illustrate both the extent of the reach—how many people would be involved in a scan of a single person—and the level of sensitive information that can be gleaned about each user.
From a small selection of the users, the researchers were able to infer, for instance, that a person who placed several calls to a cardiologist, a local drugstore and a cardiac arrhythmia monitoring device hotline likely suffers from cardiac arrhythmia.
[Would you give up privacy for a discount on car insurance?]
Another study participant likely owns an AR semiautomatic rifle, based on frequent calls to a local firearms dealer that prominently advertises AR semiautomatic rifles and to the customer support hotline of a major firearm manufacturer that produces these rifles.
“I was somewhat surprised by how successfully we inferred sensitive details about individuals,” says study coauthor Patrick Mutchler, a graduate student at Stanford University. “It feels intuitive that the businesses you call say something about yourself. But when you look at how effectively we were able to identify that a person likely had a medical condition, which we consider intensely private, that was interesting.”
You and the people you call
They also found that a large number of people could get caught up in a single surveillance sweep.
When the National Security Agency examines metadata associated with a suspect’s phone, it is allowed to examine a “two-hop” net around the suspect. Suspect A calls person B is one hop; person B calls person C is the second hop. Analysts can then comb the metadata of anyone within two hops of the suspect.
[How to hide from the internet’s surveillance machine]
By extrapolating participant data, the researchers estimated that the NSA’s current authorities could allow for surveilling roughly 25,000 individuals—and possibly more—starting from just one “seed” phone user.
Although the results are not surprising, the researchers say the raw, empirical data provide a better-informed starting point for future conversations between privacy interest groups and policymakers.
For instance, the authors point to the recent shift to reduce the metadata retrieval window from five years to 18 months. By drawing accurate and sensitive inferences about participants from roughly six months-worth of calls and texts, the study suggests that metadata are more revealing than previously thought.
Similarly, the government’s two-hop call sweep was previously three hops; that reduction was implemented to reduce the number of people caught in a sweep. Shortening the time window could reduce that number further, Mutchler says.
“If we’re going to pick a sweet spot as society, where we want the privacy vs. security tradeoff to lie, it’s important to understand the implications of the polices that we have,” Mutchler says. “In this paper, we have empirical data, which I think will help people make informed decisions.”
The National Science Foundation helped support the project.
Source: Stanford University