Article Lead Image

Metadata and the right to be let alone

A legal and technological history of the concept of metadata and your right to keep it private.

 

Joe Kloc

Tech

Posted on Oct 4, 2013   Updated on Jun 1, 2021, 4:59 am CDT

Following revelations on Wednesday that the National Security Agency collected the phone location data from Americans between 2010 and 2011, concerns over the bulk collection of telephony metadata—the who, what, and where of calls—have again moved to the forefront of the debate over U.S. domestic surveillance.

In the past few weeks, new information about the legal justifications of bulk metadata has further informed the debate over the central issue concerning much the the NSA’s controversial spy practices: their constitutionality.

Broadly described, the Fourth Amendment protects Americans’ right to privacy (though the word is never explicitly used). Here’s the text:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

When the Fourth Amendment was penned, none of the founders could have conceived of any form of electronic surveillance. And when the issue was finally raised in 1928, the court initially ruled wiretapping did not violate citizens’ right to privacy. In the dissenting opinion to that case, one of the judges cautioned the court: “The progress of science in furnishing the Government with means of espionage is not likely to stop with wire-tapping. Ways may some day be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home.”

It wasn’t until 1967, in Katz v. United States, that the Supreme Court heeded the judges warning and ruled that electronic surveillance was in fact a violation of Americans’ right to privacy. “What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection,” the court ruled. “But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.” In other words, the Fourth Amendment didn’t protect objects per se; it protected information.

Note the time difference between the original ruling that electronic communication was not protected and the eventual decision that it was: 42 years. In other words, it took the law more than four decades to catch up with the government’s domestic surveillance capabilities. This illustrates one of the more puzzling difficulties for both sides of the debate over NSA surveillance: Surveillance technology evolves much faster than the laws that restrict it.

As we now know from recently declassified documents released in late September about the NSA’s legal justification for its bulk telephony data collection program, metadata is a quintessential example of that problem.

According to the documents, the NSA based its decision to collect bulk metadata of every American citizen on a 1979 court ruling, Smith v. Maryland, in which the court found that a suspect did not have a reasonable expectation of privacy when it came to his telephone records. “We doubt that people in general entertain any expectation of privacy in the numbers they dial,” the ruling explained, and “all subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial.”

A bit of context here. In 1979, there was no technology through which the NSA could continually sweep up the bulk telephony data of every American citizen. Nor was there such a thing as location data contained in every cellular phone. Nor, for that matter, were there cellular phones. So the question becomes, is it possible to justify such mass surveillance when the law backing that justification was made before such surveillance was conceivable? Or, to put it another way, is metadata today the same thing as metadata in 1979?

According to testimony given before the Senate Judiciary Committee on Wednesday by Princeton’s Edward Felten—professor of computer science and public affairs and director of the university’s Center for Information Technology Policy—metadata is simply not the same as it once was. “It is no longer safe to assume that this ‘summary’ or ‘non-content’ information is less revealing or less sensitive than the content it describes,” he wrote. For example, even if you exclude the GPS tracking data from phones that the NSA apparently absorbed from 2010 to 2011, there is still enough information to determine a caller’s rough geographical location.

But setting aside the more robust individual datasets produced by each call, the broader point Felten made is that the sheer volume of metadata we now produce—with the ubiquity of cellular phones—and the sophisticated computers and analysis techniques we now have to process it, the nature of metadata has changed. “Those advances have radically increased our ability to collect, store, and analyze personal communications, including metadata,” Felten wrote.

In other words, technology has so improved our ability to generate, transmit, collect, store, analyze, and interpret metadata, that we can no longer think of it as anonymous. “Sophisticated computing tools permit the analysis of large datasets to identify embedded patterns and relationships, including personal details, habits, and behaviors.” Felten wrote. “As a result, individual pieces of data that previously carried less potential to expose private information may now, in the aggregate, reveal sensitive details about our everyday lives—details that we had no intent or expectation of sharing.”

That last point is an important one. It might have been true that Americans’ didn’t have a reasonable expectation of privacy when it came to their individual call logs back in 1979. But, an emergent property of the bulk collection of those logs—and the technologies that facilitate such collection—is that we inevitably disclose information about ourselves that we would normally assume to be private. This is often misunderstood in the metadata debate. The dragnet approach to surveillance doesn’t ensure our privacy; it is the very thing that undermines it. In doing so, it runs the risk of violating what a dissenting judge in the 1928 ruling called the most important right of all: “the right to be let alone.”

Photo by Quinn Dombrowski/Flickr

Share this article
*First Published: Oct 4, 2013, 9:39 am CDT