“When it comes to your telephone calls, no one is listening to them. That’s not what program is about – they are not looking at names.” – President Barack Obama on PRISM
In wake of the recent revelations that are parts of the National Security Agency’s massive domestic surveillance programs, the argument of national security versus privacy has been cast back into its deserved limelight. As more is revealed on the surveillance tactics used by the NSA and other government entities, people are becoming more wary of the massive dragnet that is at hand.
When the initial leak came out of the NSA from whistleblower Edward Snowden, we learned that the agency worked with telecommunication companies like Verizon (and later on it was revealed that other major players like Sprint, and AT&T are also involved), many politicians and their cheerleaders were quick to defend the idea that the data collection is necessary for the sake of national security. Many Senate members, including Dianne Feinstein (D-Calif) chimed in, defending the program and claiming its lack of intrusiveness:
“This is just metadata. There is no content involved. In other words, no content of a communication … The records can only be accessed under heightened standards.” – Sen. Dianne Feinstein
There is a severe problem with this logic, and it lies in either the misunderstanding or blatant downplaying of metadata collection. Allow me to present an example of how metadata matters when it comes to exposing personal data:
Imagine you come across a miniSD card where you work. You put it in your computer to see if there is anything on it that might indicate who it belongs to. When you open the folder, all you find is a few blurry images that look as if they were taken by accident. No faces, no recognizable locations, just blurred surroundings. As you are viewing the images in a folder on almost any operating system, in something as simple as opening up the properties of the files (right click on those pictures), there is still a way to find out who they might belong to. This is thanks to, you guessed it, a form of metadata. Exif data in photos can include (but isn’t limited to) the date that the image was taken, the time the image was taken, the make and model of the camera or phone that it was taken with, and if the images were taken with a phone that had geolocation tracking enabled, the EXACT coordinates of where the image was taken. With a bit of work and altruism, you’ll have the miniSD back on its rightful owner’s cubicle in no time.
Basically, a complete lack of content in the photo doesn’t matter in terms of understanding the context of the picture if there is enough metadata included within it. The same can be said about telephony metadata. The Electronic Frontier Foundation created the following rebuttal against the misrepresentation of telephony metadata while also conveying the collection of metadata’s invasive potential:
What they are trying to say is that disclosure of metadata—the details about phone calls, without the actual voice—isn’t a big deal, not something for Americans to get upset about if the government knows. Let’s take a closer look at what they are saying:
- They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.
- They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion.
- They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood’s number later that day. But nobody knows what you spoke about.
As you can see, metadata tells quite a story. As much as NSA officials have claimed that they have only recorded the numbers dialed without using any tools within their secretive programs to initially identify their owners, there is a plethora of free reverse phone look-ups that exist on the internet, free for anyone to use. What stops an NSA worker like Snowden (or someone with more malicious motives involving U.S. citizens & their data) from using outside sources with metadata they have found from the surveillance programs they oversee? Is this a far-fetched idea? I imagine it could easily happen.
So how bad could it be?
The answer, according to the mathematician and former Sun Microsystems engineer Susan Landau, whom I interviewed while reporting on the plight of the former N.S.A. whistleblower Thomas Drake and who is also the author of “Surveillance or Security?,” is that it’s worse than many might think.
“The public doesn’t understand,” she told me, speaking about so-called metadata. “It’s much more intrusive than content.” She explained that the government can learn immense amounts of proprietary information by studying “who you call, and who they call. If you can track that, you know exactly what is happening—you don’t need the content.”
Metadata, Landau noted, can also reveal sensitive political information, showing, for instance, if opposition leaders are meeting, who is involved, where they gather, and for how long. Such data can reveal, too, who is romantically involved with whom, by tracking the locations of cell phones at night.
If you would like a more visual grasp on the concepts of different forms of metadata and what they reveal about the user, The Guardian has published an interactive graphic that explains further in a neat format.
In the past few days we have heard the same song sung from NSA officials, senators, members of Congress, and even the President; a chorus of “metadata is no big deal, its not content!” But if we gain a collective understanding of how much info can be derived from metadata, you might hear a different tune from the American public… “who needs content?” As more is revealed on these programs and their legal processes, expect the debate to ensue. However, it remains very important for journalists and the public to question the claims and justifications presented by officials in hope to gain a clearer and more honest explanation of what personal information we are being stripped in the name of national security, and if it is worth it
___ UPDATE (6/20)___
In a new 21-page legal filing (PDF) for a separate Florida-based federal criminal case, the government seemed to indicate that its routine collection of metadata by the National Security Agency does not include cell-site location information (CSLI). The dragnet of collected metadata referenced by the government was described in a recently-leaked FISC order requiring Verizon to give up millions of such records daily. However, it’s certain that the government has the ability to acquire such location information for specific targets over specific periods of time.
More to follow as it’s reported.