- Is that Rosa Parks in random Twitter user’s baby photo? Tuesday 8:24 PM
- Syracuse students say white supremacist manifesto was AirDropped to them Tuesday 7:44 PM
- Florida woman gets prison time for throwing slushie at Matt Gaetz Tuesday 6:28 PM
- Marie Kondo’s online store slammed for selling clutter-worthy products Tuesday 5:34 PM
- People are rallying against toxic masculinity on International Men’s Day Tuesday 4:42 PM
- Reddit wants to stop its pro-Trump forum from outing the alleged whistleblower Tuesday 3:38 PM
- White woman calls cops on man who said he was visiting aunt with his kids Tuesday 3:12 PM
- ‘The Stranded’ is a flawed yet addictive blend of ‘Degrassi’ and ‘Lost’ Tuesday 2:45 PM
- The ‘gonna tell my kids’ meme is revisionist history at its most absurd Tuesday 2:24 PM
- Redditor asks former burglars to give home security tips Tuesday 2:18 PM
- Facebook-Breitbart partnership under fire in wake of new Stephen Miller emails Tuesday 2:00 PM
- John Krasinski under fire after praising the CIA Tuesday 1:46 PM
- Conservatives melt down after Chick-fil-A says it will stop donating to anti-LGBTQ orgs Tuesday 1:33 PM
- ‘Honey Boy’ is an experimental look at channeling trauma Tuesday 1:28 PM
- Disney+ now allows users to resume and restart content Tuesday 11:42 AM
Contrary to the claims of America’s top spies, the details of your phone calls and text messages—including when they took place and whom they involved—are no less revealing than the actual contents of those communications.
In a study published online Monday in the journal Proceedings of the National Academy of Sciences, Stanford University researchers demonstrated how they used publicly available sources—like Google searches and the paid background-check service Intelius—to identify “the overwhelming majority” of their 823 volunteers based only on their anonymized call and SMS metadata.
Using data collected through a special Android app, the Stanford researchers determined that they could easily identify people based on their call and message logs.
The results cast doubt on claims by senior intelligence officials that telephone and Internet “metadata”—information about communications, but not the content of those communications—should be subjected to a lower privacy threshold because it is less sensitive.
Contrary to those claims, the researchers wrote, “telephone metadata is densely interconnected, susceptible to reidentification, and enables highly sensitive inferences.”
Patrick Mutchler, a Ph.D candidate at Stanford and one of the study’s co-authors, said in an email that this conclusion “muddies the distinction between metadata and content and calls into question the legal distinctions between the two kinds of data.”
Alan Butler, a senior counsel at the Electronic Privacy Information Center, said in an email that the study offered “tremendous insight into the sensitivity of call records and other metadata” and bolstered civil-liberties advocates’ case for applying stronger warrant protections to this type of data.
“EPIC has consistently argued that these records should be protected under the Fourth Amendment and that certain types of [metadata] records (including location data and Web URLs) should only be obtained pursuant to a warrant,” Butler said.
Metadata is a major component of several U.S. mass-surveillance programs. The National Security Agency uses it to search for people who communicate with terrorism suspects in the hope of discovering extremist cells. Under current rules, the agency can collect metadata on people “two hops” out from a terrorism suspect, meaning anyone who talked to anyone who talked to the suspect.
One of the most controversial operations that former NSA contractor Edward Snowden exposed was a bulk phone records collection program, conducted under Section 215 of the USA Patriot Act, that required phone companies to periodically send the NSA vast swaths of customer metadata.
Responding to widespread public outrage, Congress ended that program in mid-2015 by passing the USA Freedom Act, the most substantial surveillance-reform law since the sweeping post-9/11 expansion of the intelligence bureaucracy. Now, when the NSA wants to obtain someone’s call metadata, the agency must request it from the phone companies.
But other bulk metadata programs remain active, and senior officials have defended them by arguing that metadata is not as sensitive as the contents of the communications themselves. Publicly, they argue that they collect two substantively distinct categories of data: “personally identifiable information” (PII), which includes communications linked to people’s identities, and non-PII, which is anonymized.
The Stanford researchers sharply rejected that framing in their study, writing that “the policy distinction between PII and non-PII is not based on sound science.”
“We’ve had several years of national conversation about metadata and even seen new legislation passed without public science on the topic to inform citizens,” Mutchler said. “More information can only help the conversation.”
Some officials have hinted at metadata’s true value. “We kill people based on metadata,” former NSA and CIA Director Michael Hayden said in May 2014.
In their report, the Stanford researchers argued that the ease with which they were able to identify people based on their metadata pointed to the need to rethink its sensitivity.
“Our results lend strong support to the view that telephone metadata is extraordinarily sensitive, especially when paired with a broad array of readily available information,” they wrote. “Over a large sample of telephone subscribers, over a lengthy period, it is inevitable that some individuals will expose deeply sensitive information. It follows that large-scale metadata surveillance programs, like the NSA’s, will necessarily expose highly confidential information about ordinary citizens.”
Amie Stepanovich, U.S. policy manager at the digital-rights group Access Now, said in an email that the new research highlighted the danger of downplaying metadata’s sensitivity.
The study, she wrote, “irrefutably demonstrates the need for our legal system to adapt in order to meaningfully protect users’ expectations of privacy.”
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.