Yet Another Study Shows That Metadata Reveals A Hell Of A Lot
from the where's-dianne-feinstein's-metadata? dept
With the NSA and its defenders still defending the bulk phone (and other) records collection programs as being about “just metadata,” we’ve already highlighted how metadata is incredibly revealing. Now there’s yet another study demonstrating this quite clearly. Jonathan Mayer and Patrick Mutchler, over at Stanford, did a study in which they convinced a bunch of people to run an app called MetaPhone, in which users agree to give up the metadata on their phone, voluntarily, for the sake of research. What these researchers found, of course, is that the metadata reveals an awful lot of details about one’s lives, often much more clearly than if the actual content had been collected. The researchers give a few examples where what someone is up to becomes quite obvious very, very quickly.
- Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
- Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
- Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
- In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
- Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.
We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.
There’s a lot more in the research, showing how it’s relatively easy to pick out fairly sensitive information from a bunch of participants. And, remember, these participants opted-in, knowing that the information would be shared.
Of course, as we’ve said from the beginning, there’s a pretty easy way to prove that everyone inherently knows that metadata reveals all sorts of sensitive information. Just ask any of the biggest defenders of these programs to share the metadata from their phone. They insist there’s nothing sensitive in metadata, and yet, oddly they’re unwilling to reveal their own.