Yet Another Study Shows That Metadata Reveals A Hell Of A Lot

from the where's-dianne-feinstein's-metadata? dept

With the NSA and its defenders still defending the bulk phone (and other) records collection programs as being about “just metadata,” we’ve already highlighted how metadata is incredibly revealing. Now there’s yet another study demonstrating this quite clearly. Jonathan Mayer and Patrick Mutchler, over at Stanford, did a study in which they convinced a bunch of people to run an app called MetaPhone, in which users agree to give up the metadata on their phone, voluntarily, for the sake of research. What these researchers found, of course, is that the metadata reveals an awful lot of details about one’s lives, often much more clearly than if the actual content had been collected. The researchers give a few examples where what someone is up to becomes quite obvious very, very quickly.

  • Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
  • Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
  • Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
  • In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
  • Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.

There’s a lot more in the research, showing how it’s relatively easy to pick out fairly sensitive information from a bunch of participants. And, remember, these participants opted-in, knowing that the information would be shared.

Of course, as we’ve said from the beginning, there’s a pretty easy way to prove that everyone inherently knows that metadata reveals all sorts of sensitive information. Just ask any of the biggest defenders of these programs to share the metadata from their phone. They insist there’s nothing sensitive in metadata, and yet, oddly they’re unwilling to reveal their own.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yet Another Study Shows That Metadata Reveals A Hell Of A Lot”

Subscribe: RSS Leave a comment
24 Comments
Anonymous Coward says:

Re: Re: Re:

Having acquired this metadata, the local police obtain a secret no-knock warrant and raid the place, shooting the man for “resisting arrest” and arresting everyone else in the house, only to discover that the hydroponics equipment was used for a home vegetable garden and the products from the head shop were being used to smoke tobacco legally.

Ninja (profile) says:

Re: Re: Re: Re:

Which is precisely why metadata is dangerous. Suppose the C guy contacting weapon stores was doing a research in how the trigger mechanism works so he can use it in his project for the college (true personal story)?

What about E? Is the caller pregnant? Is her sister pregnant? Or are them talking about a friend who got an unplanned pregnancy and are trying to help? What about if E herself is planning to start a family? What if it is just a school research she’s helping her son/daughter with? What if the call to her sister had nothing to do with it?

The list goes on. Metadata is just like statistics. If you torture the data enough it will tell you whatever you want.

Anonymous Coward says:

Re: Re: Re:2 Re:

so what your actually saying is they really did not get any sensitive information, just information that would require further investigation to confirm, does this not show that mata-data by itself is not definitive anything at all, as you have to ‘guess’ and ‘surmise’, or gather further information for it to be at all useful.

Guessing will simply not do.

Just Another Anonymous Troll says:

Re: Re: Re:3 Re:

Maybe the people who knew they were being spied on and volunteered to be spied on stayed away from anything sensitive. With law enforcement being how it is these days, they barely even need probable cause, which might be just a “guess”. That said, do you want people knowing who you are calling every second of every day? The point of this article is to yet again state how revealing this metadata is.

Anonymous Coward says:

Mike Masnick Should Reblog This

I know it’s not a response to the above article, but the bloggers at Volokh Conspiracy have reported that the Illinois Supreme Court just struck down a broad ban on audiorecording of conversations (part of IEA?)

http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/03/20/illinois-supreme-court-strikes-down-broad-ban-on-audiorecording-conversations/

Rikuo (profile) says:

Re: Pause for a moment and consider this ....

Yeah…but look again at what you’re saying. That is YOUR credit card provider, who is authorized by YOU to look at YOUR data and to warn you of something nasty. Your credit card provider doesn’t look at the activities of cards operated by a competitor.

Last I checked, the NSA doesn’t exactly go out of its way to ask permission from the US (and other nations’) citizenry before spying them on them “for their protection”.

Anonymous Coward says:

Re: Re: Pause for a moment and consider this ....

GP wasn’t arguing about the appropriateness of his credit card company doing that. He was stating that, without knowing anything about him other than public records plus his account history, they have repeatedly and accurately categorized activity on his card as to whether it was fraudulent. He implies that they correctly flagged some suspicious activity, in addition to correctly not flagging activity he authorized. From this, we see that the metadata about his account is accurate enough to predict whether a given new purchase is fraudulent.

Anonymous Coward says:

If metadata holds no form for power and control, the NSA wouldn’t be interested in it, or be fighting tooth and nail to keep the unconstitutional bulk spying program alive.

We keep hearing from National Security Maximalists, that it’s just “phone numbers” being collected.

For just being “phone numbers”, the Stanford research group seems to have had no problems linking phone numbers to businesses and individuals.

Not bad for civilians. Now imagine what governments can cross reference. I’ll give you a hint, everything.

Anonymous Coward says:

I call bullshit

is this what passes for ‘reporting’ now, or is masnick just trying to make some stupid joke?

“Participant B spoke at length with cardiologists at a major medical center” …

BULLSHIT, how do they know he spoke to a cardiologist, and not someone else ‘at a major medical center’??

Nor have you actually been able to draw any conclusions, but ‘makes guesses’, and it is clear these people were informed of this ‘survey’ and made calls appropriate.

As usual is this just another TD lie? and an attempt to get page hits.. I guess its not that hard to confuse the morons who hang off TD’s every word, like it is the truth !!

Niall (profile) says:

Re: I call bullshit

This story comes from somewhere else, and depending how the data was collected it may be publically deducible that the number called was a cardiologist.

If Mike was after clickbait, all he’d have to do is post an article that would have the trolls foaming in – anything about Kim Dotcom, the RIAA/MPAA, or anything partisan-sounding.

So where’s YOUR evidence for your hate-filled bile?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...