DOJ Tells Court To Toss Lawsuit Over NSA Spying Because 'It's Just Metadata'; Professor Ed Felten Then Explains Why They're Wrong
from the take-a-lesson dept
The ACLU’s lawsuit over the NSA’s program collecting all phone call information under Section 215 of the Patriot Act is just one of many lawsuits over the recently revealed details of the NSA’s surveillance activities, but it’s definitely one of the key ones to watch. This week there were a flurry of filings in the case from both sides, many of which are embedded below, including the ACLU’s initial motion for a preliminary injunction to get the government to cease the data collection, and various declarations in support of that. There’s also the US government’s motion to dismiss. The argument from the government is, more or less, that even if it does collect the data on private phone calls to and from the ACLU, without proof that anyone ever looked at that data, there’s no standing. Furthermore, it pulls out the old “it’s just metadata” so there’s no privacy violations there.
Both arguments are ridiculous. As the ACLU notes, the government can’t just seize your personal journal without a warrant by claiming that it won’t look at it. That’s not how it works. But the “it’s just metadata” argument is especially pernicious. As we’ve pointed out, anyone claiming “it’s just metadata” doesn’t know what metadata is, and should be asked to publish their own such data. Hell, if there’s nothing to be concerned about because it’s “just metadata,” why won’t the DOJ itself allow the metadata on how many people they spy on to be published?
However, the ACLU has gone even further, having professor Ed Felten (who was also, until recently, the FTC’s first CTO, focused in part on privacy issues) submit a wonderful declaration totally blowing apart the idea that “just metadata” isn’t a privacy violation. You should read the whole thing, but here’s a key part:
Telephony metadata can be extremely revealing, both at the level of individual calls and, especially, in the aggregate.
Although this metadata might, on first impression, seem to be little more than “information concerning the numbers dialed,” analysis of telephony metadata often reveals information that could traditionally only be obtained by examining the contents of communications. That is, metadata is often a proxy for content.
In the simplest example, certain telephone numbers are used for a single purpose, such that any contact reveals basic and often sensitive information about the caller. Examples include support hotlines for victims of domestic violence and rape, including a specific hotline for rape victims in the armed services. Similarly, numerous hotlines exist for people considering suicide, including specific services for first responders, veterans, and gay and lesbian teenagers. Hotlines exist for suffers of various forms of addiction, such as alcohol, drugs, and gambling.
Similarly, inspectors general at practically every federal agency—including the NSA— have hotlines through which misconduct, waste, and fraud can be reported, while numerous state tax agencies have dedicated hotlines for reporting tax fraud. Hotlines have also been established to report hate crimes, arson, illegal firearms and child abuse. In all these cases, the metadata alone conveys a great deal about the content of the call, even without any further information.
The phone records indicating that someone called a sexual assault hotline or a tax fraud reporting hotline will of course not reveal the exact words that were spoken during those calls, but phone records indicating a 30-minute call to one of these numbers will still reveal information that virtually everyone would consider extremely private.
In some cases, telephony metadata can reveal information that is even more sensitive than the contents of the communication. In recent years, wireless telephone carriers have partnered with non-profit organizations in order to permit wireless subscribers to donate to charities by sending a text message from their telephones. These systems require the subscriber to send a specific text message to a special number, which will then cause the wireless carrier to add that donation to the subscriber’s monthly telephone bill. For example, by sending the word HAITI to 90999, a wireless subscriber can donate $10 to the American Red Cross.
Such text message donation services have proven to be extremely popular. Today, wireless subscribers can use text messages to donate to churches, to support breast cancer research, and to support reproductive services organizations like Planned Parenthood. Similarly, after a policy change in 2012 by the Federal Election Commission, political candidates like Barack Obama and Mitt Romney were able to raise money directly via text message.
In all these cases, the most significant information—the recipient of the donation—is captured in the metadata, while the content of the message itself is less important. The metadata alone reveals the fact that the sender was donating money to their church, to Planned Parenthood, or to a particular political campaign.
Although it is difficult to summarize the sensitive information that telephony metadata about a single person can reveal, suffice it to say that it can expose an extraordinary amount about our habits and our associations. Calling patterns can reveal when we are awake and asleep; our religion, if a person regularly makes no calls on the Sabbath, or makes a large number of calls on Christmas Day; our work habits and our social aptitude; the number of friends we have; and even our civil and political affiliations.
Good stuff, though much of it has been discussed elsewhere. Felten then takes it even further, noting how a large aggregation of phone metadata can be even more revealing and privacy invading:
For instance, metadata can help identify our closest relationships. Two people in an intimate relationship may regularly call each other, often late in the evening. If those calls become less frequent or end altogether, metadata will tell us that the relationship has likely ended as well—and it will tell us when a new relationship gets underway. More generally, someone you speak to once a year is less likely to be a close friend than someone you talk to once a week.
Even our relative power and social status can be determined by calling patterns. As The Economist observed in 2010, “People at the top of the office or social pecking order often receive quick callbacks, do not worry about calling other people late at night and tend to get more calls at times when social events are most often organized (sic), such as Friday afternoons.”
At times, by placing multiple calls in context, metadata analysis can even reveal patterns and sensitive information that would not be discoverable by intercepting the content of an individual communication.
Consider the following hypothetical example: A young woman calls her gynecologist; then immediately calls her mother; then a man who, during the past few months, she had repeatedly spoken to on the telephone after 11pm; followed by a call to a family planning center that also offers abortions. A likely storyline emerges that would not be as evident by examining the record of a single telephone call.
Likewise, although metadata revealing a single telephone call to a bookie may suggest that a surveillance target is placing a bet, analysis of metadata over time could reveal that the target has a gambling problem, particularly if the call records also reveal a number of calls made to payday loan services.
With a database of telephony metadata reaching back five years, many of these kinds of patterns will emerge once the collected phone records are subjected to even the most basic analytic techniques.
He goes on to discuss how that is a major concern for the ACLU, where they are often working with whistleblowers of all kinds, including against the government. Furthermore, they often work with anonymous “John Doe” clients — but, of course, with aggregate metadata, it’s not difficult to identify just about any John Doe.
Another good read is the Declaration from Michael German, a former FBI agent and whistleblower, who now works for the ACLU, discussing how strict confidentiality is absolutely necessary for whistleblowers. Hopefully the court recognizes just how serious this is, and just how ridiculous the DOJ’s claims are as well.