Techdirt is off for Memorial Day. We'll be back with regularly scheduled posting tomorrow!Hide

Yet Another Study Shows That Metadata Reveals A Hell Of A Lot

from the where's-dianne-feinstein's-metadata? dept

With the NSA and its defenders still defending the bulk phone (and other) records collection programs as being about "just metadata," we've already highlighted how metadata is incredibly revealing. Now there's yet another study demonstrating this quite clearly. Jonathan Mayer and Patrick Mutchler, over at Stanford, did a study in which they convinced a bunch of people to run an app called MetaPhone, in which users agree to give up the metadata on their phone, voluntarily, for the sake of research. What these researchers found, of course, is that the metadata reveals an awful lot of details about one's lives, often much more clearly than if the actual content had been collected. The researchers give a few examples where what someone is up to becomes quite obvious very, very quickly.
  • Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
  • Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
  • Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
  • In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
  • Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.

There's a lot more in the research, showing how it's relatively easy to pick out fairly sensitive information from a bunch of participants. And, remember, these participants opted-in, knowing that the information would be shared.

Of course, as we've said from the beginning, there's a pretty easy way to prove that everyone inherently knows that metadata reveals all sorts of sensitive information. Just ask any of the biggest defenders of these programs to share the metadata from their phone. They insist there's nothing sensitive in metadata, and yet, oddly they're unwilling to reveal their own.

Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Mason Wheeler (profile), Mar 20th, 2014 @ 3:16pm

    In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.


    What's a "head shop"? Because that must be the key to this; there's nothing particularly sensitive about the other elements AFAICS.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Rikuo (profile), Mar 20th, 2014 @ 3:24pm

      Re:

      https://en.wikipedia.org/wiki/Head_shop

      Given the list above, D is very likely to have converted a part of his home into a weed farm.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 20th, 2014 @ 3:44pm

        Re: Re:

        Having acquired this metadata, the local police obtain a secret no-knock warrant and raid the place, shooting the man for "resisting arrest" and arresting everyone else in the house, only to discover that the hydroponics equipment was used for a home vegetable garden and the products from the head shop were being used to smoke tobacco legally.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          That One Guy (profile), Mar 20th, 2014 @ 4:02pm

          Re: Re: Re:

          I'm afraid I'm going to have to call shenanigans on the realism of that scenario, 'obtain a warrant'?

          Really?

          Even a 'secret no-knock' warrant would probably be stretching it, I mean, why would they bother with all that hassle when there's a house and people in dire need of shooting?

          /s

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          Ninja (profile), Mar 21st, 2014 @ 3:40am

          Re: Re: Re:

          Which is precisely why metadata is dangerous. Suppose the C guy contacting weapon stores was doing a research in how the trigger mechanism works so he can use it in his project for the college (true personal story)?

          What about E? Is the caller pregnant? Is her sister pregnant? Or are them talking about a friend who got an unplanned pregnancy and are trying to help? What about if E herself is planning to start a family? What if it is just a school research she's helping her son/daughter with? What if the call to her sister had nothing to do with it?

          The list goes on. Metadata is just like statistics. If you torture the data enough it will tell you whatever you want.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Mar 21st, 2014 @ 4:28am

            Re: Re: Re: Re:

            so what your actually saying is they really did not get any sensitive information, just information that would require further investigation to confirm, does this not show that mata-data by itself is not definitive anything at all, as you have to 'guess' and 'surmise', or gather further information for it to be at all useful.

            Guessing will simply not do.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              Niall (profile), Mar 21st, 2014 @ 6:12am

              Re: Re: Re: Re: Re:

              Depends how they abuse it - see the raid 'scenario' above. But just because some scenarios need more research doesn't mean that the information available won't be useful somewhere or to someone. After all, if your aunt has cancer, your insurance provider would love to know that if it may increase your risk...

               

              reply to this | link to this | view in chronology ]

            •  
              identicon
              Just Another Anonymous Troll, Mar 21st, 2014 @ 6:55am

              Re: Re: Re: Re: Re:

              Maybe the people who knew they were being spied on and volunteered to be spied on stayed away from anything sensitive. With law enforcement being how it is these days, they barely even need probable cause, which might be just a "guess". That said, do you want people knowing who you are calling every second of every day? The point of this article is to yet again state how revealing this metadata is.

               

              reply to this | link to this | view in chronology ]

      •  
        icon
        Mason Wheeler (profile), Mar 20th, 2014 @ 3:44pm

        Re: Re:

        Ah, that makes more sense.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Andrew Norton (profile), Mar 20th, 2014 @ 3:34pm

      Re:

      It's where you can buy Cheech+chong, Harold and Kumar, and Jay and Silent Bob merchandise (especially the full range of Bluntman and Chronic gear)

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 21st, 2014 @ 10:36am

      Re:

      It's a shop that stocks pot paraphernalia.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Winterbourne, Mar 21st, 2014 @ 10:58am

      Re:

      A head shop is a place where people buy the gear and accessories needed to smoke various herbs like tabacco and cannibis. Looking at that list, you can assume he is building a locked hydroponics weed farm pretty easily.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous, Mar 22nd, 2014 @ 7:33pm

      Re:

      I went into a "head shop" once, but I couldn't get any head there.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 20th, 2014 @ 3:16pm

    Mike Masnick Should Reblog This

    I know it's not a response to the above article, but the bloggers at Volokh Conspiracy have reported that the Illinois Supreme Court just struck down a broad ban on audiorecording of conversations (part of IEA?)

    http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/03/20/illinois-supreme-court-strik es-down-broad-ban-on-audiorecording-conversations/

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 20th, 2014 @ 4:23pm

    Pause for a moment and consider this ....

    You get a call from your credit card provider about a suspicious transaction. How do they deduce that? Metadata.

    Dunno about the rest of you, but for me they've been correct in their calls for the last three-four years.

    Metadata. Fear it.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Rikuo (profile), Mar 20th, 2014 @ 4:49pm

      Re: Pause for a moment and consider this ....

      Yeah...but look again at what you're saying. That is YOUR credit card provider, who is authorized by YOU to look at YOUR data and to warn you of something nasty. Your credit card provider doesn't look at the activities of cards operated by a competitor.

      Last I checked, the NSA doesn't exactly go out of its way to ask permission from the US (and other nations') citizenry before spying them on them "for their protection".

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 20th, 2014 @ 8:19pm

        Re: Re: Pause for a moment and consider this ....

        GP wasn't arguing about the appropriateness of his credit card company doing that. He was stating that, without knowing anything about him other than public records plus his account history, they have repeatedly and accurately categorized activity on his card as to whether it was fraudulent. He implies that they correctly flagged some suspicious activity, in addition to correctly not flagging activity he authorized. From this, we see that the metadata about his account is accurate enough to predict whether a given new purchase is fraudulent.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 21st, 2014 @ 2:24am

    If metadata holds no form for power and control, the NSA wouldn't be interested in it, or be fighting tooth and nail to keep the unconstitutional bulk spying program alive.

    We keep hearing from National Security Maximalists, that it's just "phone numbers" being collected.

    For just being "phone numbers", the Stanford research group seems to have had no problems linking phone numbers to businesses and individuals.

    Not bad for civilians. Now imagine what governments can cross reference. I'll give you a hint, everything.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 21st, 2014 @ 4:25am

    I call bullshit

    is this what passes for 'reporting' now, or is masnick just trying to make some stupid joke?

    "Participant B spoke at length with cardiologists at a major medical center" ...

    BULLSHIT, how do they know he spoke to a cardiologist, and not someone else 'at a major medical center'??

    Nor have you actually been able to draw any conclusions, but 'makes guesses', and it is clear these people were informed of this 'survey' and made calls appropriate.

    As usual is this just another TD lie? and an attempt to get page hits.. I guess its not that hard to confuse the morons who hang off TD's every word, like it is the truth !!

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Niall (profile), Mar 21st, 2014 @ 6:16am

      Re: I call bullshit

      This story comes from somewhere else, and depending how the data was collected it may be publically deducible that the number called was a cardiologist.

      If Mike was after clickbait, all he'd have to do is post an article that would have the trolls foaming in - anything about Kim Dotcom, the RIAA/MPAA, or anything partisan-sounding.

      So where's YOUR evidence for your hate-filled bile?

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Mar 21st, 2014 @ 6:45am

      Re: I call bullshit

      "how do they know he spoke to a cardiologist, and not someone else 'at a major medical center'?"

      Perhaps because they called the cardiologist's phone number. At major medical centers, every department (and usually every doctor) has their own phone number.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      silverscarcat (profile), Mar 21st, 2014 @ 10:33am

      Re: I call bullshit

      BULLSHIT, how do they know he spoke to a cardiologist, and not someone else 'at a major medical center'??

      Reverse phone book.

      Seriously, I can type any number into a search data base and get the answer with ease.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    GEMont, Mar 21st, 2014 @ 10:58am

    Ya think!

    Silly rabbit!

    Logic 101:

    If metadata did NOT reveal a ton of information, NSA would NOT bother collecting it.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.