YAHOO NEWS
Why Your Metadata Is Your Every Move
Elspeth Reeve June 12, 2013
The metadata that the National Security Agency collects on all calls in the U.S. is not just what's on a phone bill, as the program's supporters have claimed. Your phone bill lists some of the same things the NSA's collecting — numbers dialed, length of all — but does not list the geolocation of each of your calls. It is that final piece of data — where you made your calls — that tells the government everything about your life. "Nobody's listening to the content of people's phone calls," President Obama said last week. "The only thing taken, as has been correctly expressed, is not content of a conversation, but the information that is generally on your telephone bill," Sen. Dianne Feinstein said on Sunday. But it doesn't matter. The government doesn't need to listen to your calls. Because it already knows where you are, and that does matter.The metadata that the National Security Agency collects on all calls in the U.S. is not just what's on a phone bill, as the program's supporters have claimed. Your phone bill lists some of the same things the NSA's collecting — numbers dialed, length of all — but does not list the geolocation of each of your calls. It is that final piece of data — where you made your calls — that tells the government everything about your life. "Nobody's listening to the content of people's phone calls," President Obama said last week. "The only thing taken, as has been correctly expressed, is not content of a conversation, but the information that is generally on your telephone bill," Sen. Dianne Feinstein said on Sunday. But it doesn't matter. The government doesn't need to listen to your calls. Because it already knows where you are, and that does matter.The metadata that the National Security Agency collects on all calls in the U.S. is not just what's on a phone bill, as the program's supporters have claimed. Your phone bill lists some of the same things the NSA's collecting — numbers dialed, length of all — but does not list the geolocation of each of your calls. It is that final piece of data — where you made your calls — that tells the government everything about your life. "Nobody's listening to the content of people's phone calls," President Obama said last week. "The only thing taken, as has been correctly expressed, is not content of a conversation, but the information that is generally on your telephone bill," Sen. Dianne Feinstein said on Sunday. But it doesn't matter. The government doesn't need to listen to your calls. Because it already knows where you are, and that does matter.
In a paper published in Nature's Scientific Reports last year, MIT researchers found that with cell phone call metadata from 1.5 million anonymous people, they could identify a person easily with just four phone calls. As Foreign Policy's Joshua Keating explains, they didn't need names, addresses, or phone numbers. They only used time of the call and the closest cell tower.
"We use the analogy of the fingerprint," said [MIT professor
And it's not just that metadata easily identifies us. Where we go and who we talk to tells a story. Mathematician and former Sun Microsystems engineer Susan Landau explained to The New Yorker's Jane Mayer. "If you can track [metadata], you know exactly what is happening—you don’t need the content." As a New York Times editorial explains, metadata can reveal "political leanings and associations, medical issues, sexual orientation, habits of religious worship, and even marital infidelities." Have you ever called in sick — from the beach? The NSA would know. Just check your daily metadata.
Or think, for example, of cell phone metadata showing a senator and her intern were both in the same hotel in the middle of the night. That is exactly how a rogue NSA agent used it once, according to former NSA director Michael Hayen. As The Daily Beast's Eli Lake reports, "Hayden said he remembered a collector who was fired for trying to snoop on his ex-wife overseas." So when Fox News' Brit Hume says, "I don't think there have been any abuses, frankly," he is wrong. The former head of the NSA says so.
In the cancelled sci-fi Fox show Fringe, evil genetically-modified humans from the year 2609 travel back to our time to oppress normal humans and rule our not-yet-polluted-beyond-all-hope Earth. In one episode, the bad guys eavesdrop on human rebels' cell phone calls with an elaborate device that measures the imprint sound waves left on glass. This was dumb. The bad guys did not need technology from 600 years in the future to figure out who or where the rebels were. They did not even need to eavesdrop. They just needed the metadata collected on all of us by the NSA.
It goes without saying that the NSA is not staffed by cruel humanoids who time-traveled from the future. However, the agency's surveillance power is so amazing that writers on a cheesy sci-fi shows failed to anticipate it. And, a week after The Guardian revealed the program, some politicians who are supposed to be in charge of oversight of the program still fail to grasp it. As one of the other NSA whistleblowers, Thomas Drake, writes in The Guardian today: "The problem is that in the digital space, metadata becomes the index for content. And content is gold for determining intent.."
--
Top photo by Fire At Will via Flickr. Bottom photo via Fox. Inset diagrams via Nature: (A) Trace of an anonymized mobile phone user during a day. The dots represent the times and locations where the user made or received a call. Every time the user has such an interaction, the closest antenna that routes the call is recorded. (B) The same user's trace as recorded in a mobility database. The user's interaction times are here recorded with a precision of one hour. (C) The same individual's trace when we lower the resolution of our dataset through spatial and temporal aggregation. The user's interaction are recorded with a precision of two hours.
A Guardian guide to your
metadata
Metadata is information generated as you use technology, and its use has been the subject of controversy since NSA's secret surveillance program was revealed. Examples include the date and time you called somebody or the location from which you last accessed your email. The data collected generally does not contain personal or content-specific details, but rather transactional information about the user, the device and activities taking place. In some cases you can limit the information that is collected – by turning off location services on your cell phone for instance – but many times you cannot. Below, explore some of the data collected through activities you do every day. On Thursday, June 13 The Guardian's data editor James Ball will answer your questions about the NSA data collection program in the US from 3pm-4pm EST | 8pm-9pm BST
What metadata looks like
Below is a tweet from @GuardianUS (right) and a truncated version of its metadata (left). Accessing metadata is often possible through services offered by the provider and can be retrieved in a structured format that could include raw text, XML, or in this example, JSON. An easy way to see some of your own metadata is by looking at your browser's history which provides information about what websites you visited and when
What you can tell using metadata:
A case study of the Petraeus scandal
1. To communicate, Paula Broadwell and David Petraeus shared an anonymous email account
2. Instead of sending emails, both would login to the account, edit and save drafts
3. Broadwell logged in from various hotels' public Wi-Fi, leaving a trail of metadata that included times and locations
4. The FBI crossed-referenced hotel guests with login times and locations leading to the identification of Broadwell
THE NEW YORKER
June 6, 2013
What’s the Matter with Metadata?
Dianne Feinstein, a Democrat from liberal Northern California and the chairman of the Senate Select Committee on Intelligence, assured the public earlier today that the government’s secret snooping into the phone records of Americans was perfectly fine, because the information it obtained was only “meta,” meaning it excluded the actual content of the phone conversations, providing merely records, from a Verizon subsidiary, of who called whom when and from where. In addition, she said in a prepared statement, the “names of subscribers” were not included automatically in the metadata (though the numbers, surely, could be used to identify them). “Our courts have consistently recognized that there is no reasonable expectation of privacy in this type of metadata information and thus no search warrant is required to obtain it,” she said, adding that “any subsequent effort to obtain the content of an American’s communications would require a specific order from the FISA court.”
She said she understands privacy—“that’s why this is carefully done”—and noted that eleven special federal judges, the Foreign Intelligence Surveillance Court, which meets in secret, had authorized the vast intelligence collection. A White House official made the same points to reporters, saying, “The order reprinted overnight does not allow the government to listen in on anyone’s telephone calls” and was subject to “a robust legal regime.” The gist of the defense was that, in contrast to what took place under the Bush Administration, this form of secret domestic surveillance was legitimate because Congress had authorized it, and the judicial branch had ratified it, and the actual words spoken by one American to another were still private. So how bad could it be?
The answer, according to the mathematician and former Sun Microsystems engineer Susan Landau, whom I interviewed while reporting on the plight of the former N.S.A. whistleblower Thomas Drake and who is also the author of “Surveillance or Security?,” is that it’s worse than many might think.
“The public doesn’t understand,” she told me, speaking about so-called metadata. “It’s much more intrusive than content.” She explained that the government can learn immense amounts of proprietary information by studying “who you call, and who they call. If you can track that, you know exactly what is happening—you don’t need the content.”
For example, she said, in the world of business, a pattern of phone calls from key executives can reveal impending corporate takeovers. Personal phone calls can also reveal sensitive medical information: “You can see a call to a gynecologist, and then a call to an oncologist, and then a call to close family members.” And information from cell-phone towers can reveal the caller’s location. Metadata, she pointed out, can be so revelatory about whom reporters talk to in order to get sensitive stories that it can make more traditional tools in leak investigations, like search warrants and subpoenas, look quaint. “You can see the sources,” she said. When the F.B.I. obtains such records from news agencies, the Attorney General is required to sign off on each invasion of privacy. When the N.S.A. sweeps up millions of records a minute, it’s unclear if any such brakes are applied.
Metadata, Landau noted, can also reveal sensitive political information, showing, for instance, if opposition leaders are meeting, who is involved, where they gather, and for how long. Such data can reveal, too, who is romantically involved with whom, by tracking the locations of cell phones at night.
For the law-enforcement community, particularly the parts focussed on locating terrorists, metadata has led to breakthroughs. Khalid Sheikh Mohammed, the master planner of the September 11, 2001, attacks on New York and Washington, “got picked up by his cell phone,” Landau said. Many other criminal suspects have given themselves away through their metadata trails. In fact, Landau told me, metadata and other new surveillance tools have helped cut the average amount of time it takes the U.S. Marshals to capture a fugitive from forty-two days to two.
But with each technological breakthrough comes a break-in to realms previously thought private. “It’s really valuable for law enforcement, but we have to update the wiretap laws,” Landau said.
It was exactly these concerns that motivated the mathematician William Binney, a former N.S.A. official who spoke to me for the Drake story, to retire rather than keep working for an agency he suspected had begun to violate Americans’ fundamental privacy rights. After 9/11, Binney told me, as I reported in the piece, General Michael Hayden, who was then director of the N.S.A., “reassured everyone that the N.S.A. didn’t put out dragnets, and that was true. It had no need—it was getting every fish in the sea.”
Binney, who considered himself a conservative, feared that the N.S.A.’s data-mining program was so extensive that it could help “create an Orwellian state.”
As he told me at the time, wiretap surveillance requires trained human operators, but data mining is an automated process, which means that the entire country can be watched. Conceivably, the government could “monitor the Tea Party, or reporters, whatever group or organization you want to target,” he said. “It’s exactly what the Founding Fathers never wanted.”
Illustration by Matthew Hollister.
Read more of our coverage of government surveillance programs.
“The public doesn’t understand,” she told me, speaking about so-called metadata. “It’s much more intrusive than content.” She explained that the government can learn immense amounts of proprietary information by studying “who you call, and who they call. If you can track that, you know exactly what is happening—you don’t need the content.”
For example, she said, in the world of business, a pattern of phone calls from key executives can reveal impending corporate takeovers. Personal phone calls can also reveal sensitive medical information: “You can see a call to a gynecologist, and then a call to an oncologist, and then a call to close family members.” And information from cell-phone towers can reveal the caller’s location. Metadata, she pointed out, can be so revelatory about whom reporters talk to in order to get sensitive stories that it can make more traditional tools in leak investigations, like search warrants and subpoenas, look quaint. “You can see the sources,” she said. When the F.B.I. obtains such records from news agencies, the Attorney General is required to sign off on each invasion of privacy. When the N.S.A. sweeps up millions of records a minute, it’s unclear if any such brakes are applied.
Metadata, Landau noted, can also reveal sensitive political information, showing, for instance, if opposition leaders are meeting, who is involved, where they gather, and for how long. Such data can reveal, too, who is romantically involved with whom, by tracking the locations of cell phones at night.
For the law-enforcement community, particularly the parts focussed on locating terrorists, metadata has led to breakthroughs. Khalid Sheikh Mohammed, the master planner of the September 11, 2001, attacks on New York and Washington, “got picked up by his cell phone,” Landau said. Many other criminal suspects have given themselves away through their metadata trails. In fact, Landau told me, metadata and other new surveillance tools have helped cut the average amount of time it takes the U.S. Marshals to capture a fugitive from forty-two days to two.
But with each technological breakthrough comes a break-in to realms previously thought private. “It’s really valuable for law enforcement, but we have to update the wiretap laws,” Landau said.
It was exactly these concerns that motivated the mathematician William Binney, a former N.S.A. official who spoke to me for the Drake story, to retire rather than keep working for an agency he suspected had begun to violate Americans’ fundamental privacy rights. After 9/11, Binney told me, as I reported in the piece, General Michael Hayden, who was then director of the N.S.A., “reassured everyone that the N.S.A. didn’t put out dragnets, and that was true. It had no need—it was getting every fish in the sea.”
Binney, who considered himself a conservative, feared that the N.S.A.’s data-mining program was so extensive that it could help “create an Orwellian state.”
As he told me at the time, wiretap surveillance requires trained human operators, but data mining is an automated process, which means that the entire country can be watched. Conceivably, the government could “monitor the Tea Party, or reporters, whatever group or organization you want to target,” he said. “It’s exactly what the Founding Fathers never wanted.”
Illustration by Matthew Hollister.
Read more of our coverage of government surveillance programs.
No comments:
Post a Comment