Metadata

You know the world has taken a very strange turn indeed when politicians in Washington start talking about "metadata." (For a reasonable description of what exactly metadata is, see the Wikipedia article on it.)

By applying the label "metadata" to information collected about individuals, Washington apparatchiks are attempting to convince you that this information is of little significance. The New Yorker quotes, for example, Senator Dianne Feinstein:

[Feinstein] assured the public earlier today that the government’s secret snooping into the phone records of Americans was perfectly fine, because the information it obtained was only “meta,” meaning it excluded the actual content of the phone conversations, providing merely records, from a Verizon subsidiary, of who called whom when and from where. In addition, she said in a prepared statement, the “names of subscribers” were not included automatically in the metadata (though the numbers, surely, could be used to identify them). “Our courts have consistently recognized that there is no reasonable expectation of privacy in this type of metadata information and thus no search warrant is required to obtain it,” she said.

The affidavit recently filed to obtain a search warrant against Fox correspondent James Rosen shows exactly how significant this so-called "harmless metadata" can be and precisely how it can be used. The affidavit states:

Telephone call records demonstrate that earlier on the same day, multiple telephone communications occurred between multiple phone numbers associated with Mr. Kim and [Mr. Rosen.] Specifically:
• at or around 10:15 a.m, an approximate 34 second call was made from [Rosen's] DoS desk telephone to Mr. Kim's desk telephone;
• [there follow 3 similar descriptions, listing the source and destination phones and the times and durations of the phone calls]
Thereafter, telephone records for Mr Kim's office phone reveal that at or around the same time as Mr Kim's user profile was viewing the TS/SCI Intelligence Report two telephone calls were placed from his desk phone to [Rosen].
...
In the hour following those calls, the FBI's investigation has revealed evidence that Mr. Kim met face-to-face with [Rosen] outside the DoS. Specifically, DoS security badge access records demonstrate that Mr. Kim and [Rosen] departed the DoS building ... at nearly the same time, they were absent from the building for nearly 25 minutes, and then they returned to the building at nearly the same time. Specifically, the security badge access records indicate:
• Mr. Kim departed DoS at or around 12:02 p.m. followed shortly thereafter by Rosen at 12:03 p.m. and;
• [there follows a description of the time of their returns.]

Aside: could the fact that Kim and Rosen both departed the building around 12 noon merely indicate that they, along with many others in the building, were going out to lunch?

So, three sources of "metadata" were accessed and related to each other:

• records describing the time and duration of phone calls between specific phones;
• records describing the time and duration of Mr. Kim's login to the TS/SCI system;
• records describing the times of exit from and entry back into the DoS building.

From these three sources of "mere" metadata, a fairly complete picture of the activities of the two individuals could be reconstructed.

It is one thing when this kind of monitoring is performed on individuals with security clearances. It would be quite another thing if this kind of monitoring were performed on ordinary citizens. But, the fact that the government now possesses all your telephone metadata (a complete record of all the calls you have made to any other individual), all your email metadata (a complete record of all the emails you have sent to or received from any other individual), all your credit card transactions, and who knows what other data, makes it quite possible that the government could construct this kind of timeline of your various activities.

The New Yorker continues:

The answer, according to the mathematician and former Sun Microsystems engineer Susan Landau, ... the author of Surveillance or Security?, is that it’s worse than many might think.

“The public doesn’t understand,” she told me, speaking about so-called metadata. “It’s much more intrusive than content.” She explained that the government can learn immense amounts of proprietary information by studying “who you call, and who they call. If you can track that, you know exactly what is happening—you don’t need the content.”

For example, she said, in the world of business, a pattern of phone calls from key executives can reveal impending corporate takeovers. Personal phone calls can also reveal sensitive medical information: “You can see a call to a gynecologist, and then a call to an oncologist, and then a call to close family members.” And information from cell-phone towers can reveal the caller’s location. Metadata, she pointed out, can be so revelatory about whom reporters talk to in order to get sensitive stories that it can make more traditional tools in leak investigations, like search warrants and subpoenas, look quaint. “You can see the sources,” she said. When the F.B.I. obtains such records from news agencies, the Attorney General is required to sign off on each invasion of privacy. When the N.S.A. sweeps up millions of records a minute, it’s unclear if any such brakes are applied.

In sum, then, the fact that the government claims that it is only collecting "metadata" does not by any means assure that the privacy of an individual has not been invaded or that the collected data is not being used for some pernicious purpose. We need much more analysis into what data sources are being collected, how the various sources of data are being integrated, and how the resulting pictures of individual activity are being used.