Yet Another Study Shows That Metadata Reveals A Hell Of A Lot
from the where's-dianne-feinstein's-metadata? dept
With the NSA and its defenders still defending the bulk phone (and other) records collection programs as being about “just metadata,” we’ve already highlighted how metadata is incredibly revealing. Now there’s yet another study demonstrating this quite clearly. Jonathan Mayer and Patrick Mutchler, over at Stanford, did a study in which they convinced a bunch of people to run an app called MetaPhone, in which users agree to give up the metadata on their phone, voluntarily, for the sake of research. What these researchers found, of course, is that the metadata reveals an awful lot of details about one’s lives, often much more clearly than if the actual content had been collected. The researchers give a few examples where what someone is up to becomes quite obvious very, very quickly.
- Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
- Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
- Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
- In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
- Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.
We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.
There’s a lot more in the research, showing how it’s relatively easy to pick out fairly sensitive information from a bunch of participants. And, remember, these participants opted-in, knowing that the information would be shared.
Of course, as we’ve said from the beginning, there’s a pretty easy way to prove that everyone inherently knows that metadata reveals all sorts of sensitive information. Just ask any of the biggest defenders of these programs to share the metadata from their phone. They insist there’s nothing sensitive in metadata, and yet, oddly they’re unwilling to reveal their own.
Comments on “Yet Another Study Shows That Metadata Reveals A Hell Of A Lot”
What’s a “head shop”? Because that must be the key to this; there’s nothing particularly sensitive about the other elements AFAICS.
Re: Re:
https://en.wikipedia.org/wiki/Head_shop
Given the list above, D is very likely to have converted a part of his home into a weed farm.
Re: Re: Re:
Having acquired this metadata, the local police obtain a secret no-knock warrant and raid the place, shooting the man for “resisting arrest” and arresting everyone else in the house, only to discover that the hydroponics equipment was used for a home vegetable garden and the products from the head shop were being used to smoke tobacco legally.
Re: Re: Re: Re:
I’m afraid I’m going to have to call shenanigans on the realism of that scenario, ‘obtain a warrant’?
Really?
Even a ‘secret no-knock’ warrant would probably be stretching it, I mean, why would they bother with all that hassle when there’s a house and people in dire need of shooting?
/s
Re: Re: Re: Re:
Which is precisely why metadata is dangerous. Suppose the C guy contacting weapon stores was doing a research in how the trigger mechanism works so he can use it in his project for the college (true personal story)?
What about E? Is the caller pregnant? Is her sister pregnant? Or are them talking about a friend who got an unplanned pregnancy and are trying to help? What about if E herself is planning to start a family? What if it is just a school research she’s helping her son/daughter with? What if the call to her sister had nothing to do with it?
The list goes on. Metadata is just like statistics. If you torture the data enough it will tell you whatever you want.
Re: Re: Re:2 Re:
so what your actually saying is they really did not get any sensitive information, just information that would require further investigation to confirm, does this not show that mata-data by itself is not definitive anything at all, as you have to ‘guess’ and ‘surmise’, or gather further information for it to be at all useful.
Guessing will simply not do.
Re: Re: Re:3 Re:
Depends how they abuse it – see the raid ‘scenario’ above. But just because some scenarios need more research doesn’t mean that the information available won’t be useful somewhere or to someone. After all, if your aunt has cancer, your insurance provider would love to know that if it may increase your risk…
Re: Re: Re:3 Re:
Maybe the people who knew they were being spied on and volunteered to be spied on stayed away from anything sensitive. With law enforcement being how it is these days, they barely even need probable cause, which might be just a “guess”. That said, do you want people knowing who you are calling every second of every day? The point of this article is to yet again state how revealing this metadata is.
Re: Re: Re:
Ah, that makes more sense.
Re: Re:
It’s where you can buy Cheech+chong, Harold and Kumar, and Jay and Silent Bob merchandise (especially the full range of Bluntman and Chronic gear)
Re: Re:
It’s a shop that stocks pot paraphernalia.
Re: Re:
A head shop is a place where people buy the gear and accessories needed to smoke various herbs like tabacco and cannibis. Looking at that list, you can assume he is building a locked hydroponics weed farm pretty easily.
Re: Re:
I went into a “head shop” once, but I couldn’t get any head there.
Mike Masnick Should Reblog This
I know it’s not a response to the above article, but the bloggers at Volokh Conspiracy have reported that the Illinois Supreme Court just struck down a broad ban on audiorecording of conversations (part of IEA?)
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/03/20/illinois-supreme-court-strikes-down-broad-ban-on-audiorecording-conversations/
Re: Mike Masnick Should Reblog This
The link you’re looking for is at the bottom of the page, the ‘Submit a story’ one. Much more likely to be noticed than just posting a comment in one of the articles.
http://www.techdirt.com/submitstory.php
Pause for a moment and consider this ....
You get a call from your credit card provider about a suspicious transaction. How do they deduce that? Metadata.
Dunno about the rest of you, but for me they’ve been correct in their calls for the last three-four years.
Metadata. Fear it.
Re: Pause for a moment and consider this ....
Yeah…but look again at what you’re saying. That is YOUR credit card provider, who is authorized by YOU to look at YOUR data and to warn you of something nasty. Your credit card provider doesn’t look at the activities of cards operated by a competitor.
Last I checked, the NSA doesn’t exactly go out of its way to ask permission from the US (and other nations’) citizenry before spying them on them “for their protection”.
Re: Re: Pause for a moment and consider this ....
GP wasn’t arguing about the appropriateness of his credit card company doing that. He was stating that, without knowing anything about him other than public records plus his account history, they have repeatedly and accurately categorized activity on his card as to whether it was fraudulent. He implies that they correctly flagged some suspicious activity, in addition to correctly not flagging activity he authorized. From this, we see that the metadata about his account is accurate enough to predict whether a given new purchase is fraudulent.
If metadata holds no form for power and control, the NSA wouldn’t be interested in it, or be fighting tooth and nail to keep the unconstitutional bulk spying program alive.
We keep hearing from National Security Maximalists, that it’s just “phone numbers” being collected.
For just being “phone numbers”, the Stanford research group seems to have had no problems linking phone numbers to businesses and individuals.
Not bad for civilians. Now imagine what governments can cross reference. I’ll give you a hint, everything.
I call bullshit
is this what passes for ‘reporting’ now, or is masnick just trying to make some stupid joke?
“Participant B spoke at length with cardiologists at a major medical center” …
BULLSHIT, how do they know he spoke to a cardiologist, and not someone else ‘at a major medical center’??
Nor have you actually been able to draw any conclusions, but ‘makes guesses’, and it is clear these people were informed of this ‘survey’ and made calls appropriate.
As usual is this just another TD lie? and an attempt to get page hits.. I guess its not that hard to confuse the morons who hang off TD’s every word, like it is the truth !!
Re: I call bullshit
This story comes from somewhere else, and depending how the data was collected it may be publically deducible that the number called was a cardiologist.
If Mike was after clickbait, all he’d have to do is post an article that would have the trolls foaming in – anything about Kim Dotcom, the RIAA/MPAA, or anything partisan-sounding.
So where’s YOUR evidence for your hate-filled bile?
Re: I call bullshit
“how do they know he spoke to a cardiologist, and not someone else ‘at a major medical center’?”
Perhaps because they called the cardiologist’s phone number. At major medical centers, every department (and usually every doctor) has their own phone number.
Re: I call bullshit
BULLSHIT, how do they know he spoke to a cardiologist, and not someone else ‘at a major medical center’??
Reverse phone book.
Seriously, I can type any number into a search data base and get the answer with ease.
Ya think!
Silly rabbit!
Logic 101:
If metadata did NOT reveal a ton of information, NSA would NOT bother collecting it.