Yet Another Study Shows That Metadata Reveals A Hell Of A Lot

from the where's-dianne-feinstein's-metadata? dept

With the NSA and its defenders still defending the bulk phone (and other) records collection programs as being about "just metadata," we've already highlighted how metadata is incredibly revealing. Now there's yet another study demonstrating this quite clearly. Jonathan Mayer and Patrick Mutchler, over at Stanford, did a study in which they convinced a bunch of people to run an app called MetaPhone, in which users agree to give up the metadata on their phone, voluntarily, for the sake of research. What these researchers found, of course, is that the metadata reveals an awful lot of details about one's lives, often much more clearly than if the actual content had been collected. The researchers give a few examples where what someone is up to becomes quite obvious very, very quickly.
  • Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
  • Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
  • Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
  • In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
  • Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.

We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.

There's a lot more in the research, showing how it's relatively easy to pick out fairly sensitive information from a bunch of participants. And, remember, these participants opted-in, knowing that the information would be shared.

Of course, as we've said from the beginning, there's a pretty easy way to prove that everyone inherently knows that metadata reveals all sorts of sensitive information. Just ask any of the biggest defenders of these programs to share the metadata from their phone. They insist there's nothing sensitive in metadata, and yet, oddly they're unwilling to reveal their own.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: metadata, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Mason Wheeler (profile), 20 Mar 2014 @ 3:16pm

    In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.


    What's a "head shop"? Because that must be the key to this; there's nothing particularly sensitive about the other elements AFAICS.

    link to this | view in chronology ]

    • icon
      Rikuo (profile), 20 Mar 2014 @ 3:24pm

      Re:

      https://en.wikipedia.org/wiki/Head_shop

      Given the list above, D is very likely to have converted a part of his home into a weed farm.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Mar 2014 @ 3:44pm

        Re: Re:

        Having acquired this metadata, the local police obtain a secret no-knock warrant and raid the place, shooting the man for "resisting arrest" and arresting everyone else in the house, only to discover that the hydroponics equipment was used for a home vegetable garden and the products from the head shop were being used to smoke tobacco legally.

        link to this | view in chronology ]

        • icon
          That One Guy (profile), 20 Mar 2014 @ 4:02pm

          Re: Re: Re:

          I'm afraid I'm going to have to call shenanigans on the realism of that scenario, 'obtain a warrant'?

          Really?

          Even a 'secret no-knock' warrant would probably be stretching it, I mean, why would they bother with all that hassle when there's a house and people in dire need of shooting?

          /s

          link to this | view in chronology ]

        • icon
          Ninja (profile), 21 Mar 2014 @ 3:40am

          Re: Re: Re:

          Which is precisely why metadata is dangerous. Suppose the C guy contacting weapon stores was doing a research in how the trigger mechanism works so he can use it in his project for the college (true personal story)?

          What about E? Is the caller pregnant? Is her sister pregnant? Or are them talking about a friend who got an unplanned pregnancy and are trying to help? What about if E herself is planning to start a family? What if it is just a school research she's helping her son/daughter with? What if the call to her sister had nothing to do with it?

          The list goes on. Metadata is just like statistics. If you torture the data enough it will tell you whatever you want.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 21 Mar 2014 @ 4:28am

            Re: Re: Re: Re:

            so what your actually saying is they really did not get any sensitive information, just information that would require further investigation to confirm, does this not show that mata-data by itself is not definitive anything at all, as you have to 'guess' and 'surmise', or gather further information for it to be at all useful.

            Guessing will simply not do.

            link to this | view in chronology ]

            • icon
              Niall (profile), 21 Mar 2014 @ 6:12am

              Re: Re: Re: Re: Re:

              Depends how they abuse it - see the raid 'scenario' above. But just because some scenarios need more research doesn't mean that the information available won't be useful somewhere or to someone. After all, if your aunt has cancer, your insurance provider would love to know that if it may increase your risk...

              link to this | view in chronology ]

            • identicon
              Just Another Anonymous Troll, 21 Mar 2014 @ 6:55am

              Re: Re: Re: Re: Re:

              Maybe the people who knew they were being spied on and volunteered to be spied on stayed away from anything sensitive. With law enforcement being how it is these days, they barely even need probable cause, which might be just a "guess". That said, do you want people knowing who you are calling every second of every day? The point of this article is to yet again state how revealing this metadata is.

              link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 20 Mar 2014 @ 3:44pm

        Re: Re:

        Ah, that makes more sense.

        link to this | view in chronology ]

    • icon
      Andrew Norton (profile), 20 Mar 2014 @ 3:34pm

      Re:

      It's where you can buy Cheech+chong, Harold and Kumar, and Jay and Silent Bob merchandise (especially the full range of Bluntman and Chronic gear)

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Mar 2014 @ 10:36am

      Re:

      It's a shop that stocks pot paraphernalia.

      link to this | view in chronology ]

    • identicon
      Winterbourne, 21 Mar 2014 @ 10:58am

      Re:

      A head shop is a place where people buy the gear and accessories needed to smoke various herbs like tabacco and cannibis. Looking at that list, you can assume he is building a locked hydroponics weed farm pretty easily.

      link to this | view in chronology ]

    • identicon
      Anonymous, 22 Mar 2014 @ 7:33pm

      Re:

      I went into a "head shop" once, but I couldn't get any head there.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Mar 2014 @ 3:16pm

    Mike Masnick Should Reblog This

    I know it's not a response to the above article, but the bloggers at Volokh Conspiracy have reported that the Illinois Supreme Court just struck down a broad ban on audiorecording of conversations (part of IEA?)

    http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/03/20/illinois-supreme-court-strik es-down-broad-ban-on-audiorecording-conversations/

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Mar 2014 @ 4:23pm

    Pause for a moment and consider this ....

    You get a call from your credit card provider about a suspicious transaction. How do they deduce that? Metadata.

    Dunno about the rest of you, but for me they've been correct in their calls for the last three-four years.

    Metadata. Fear it.

    link to this | view in chronology ]

    • icon
      Rikuo (profile), 20 Mar 2014 @ 4:49pm

      Re: Pause for a moment and consider this ....

      Yeah...but look again at what you're saying. That is YOUR credit card provider, who is authorized by YOU to look at YOUR data and to warn you of something nasty. Your credit card provider doesn't look at the activities of cards operated by a competitor.

      Last I checked, the NSA doesn't exactly go out of its way to ask permission from the US (and other nations') citizenry before spying them on them "for their protection".

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Mar 2014 @ 8:19pm

        Re: Re: Pause for a moment and consider this ....

        GP wasn't arguing about the appropriateness of his credit card company doing that. He was stating that, without knowing anything about him other than public records plus his account history, they have repeatedly and accurately categorized activity on his card as to whether it was fraudulent. He implies that they correctly flagged some suspicious activity, in addition to correctly not flagging activity he authorized. From this, we see that the metadata about his account is accurate enough to predict whether a given new purchase is fraudulent.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2014 @ 2:24am

    If metadata holds no form for power and control, the NSA wouldn't be interested in it, or be fighting tooth and nail to keep the unconstitutional bulk spying program alive.

    We keep hearing from National Security Maximalists, that it's just "phone numbers" being collected.

    For just being "phone numbers", the Stanford research group seems to have had no problems linking phone numbers to businesses and individuals.

    Not bad for civilians. Now imagine what governments can cross reference. I'll give you a hint, everything.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2014 @ 4:25am

    I call bullshit

    is this what passes for 'reporting' now, or is masnick just trying to make some stupid joke?

    "Participant B spoke at length with cardiologists at a major medical center" ...

    BULLSHIT, how do they know he spoke to a cardiologist, and not someone else 'at a major medical center'??

    Nor have you actually been able to draw any conclusions, but 'makes guesses', and it is clear these people were informed of this 'survey' and made calls appropriate.

    As usual is this just another TD lie? and an attempt to get page hits.. I guess its not that hard to confuse the morons who hang off TD's every word, like it is the truth !!

    link to this | view in chronology ]

    • icon
      Niall (profile), 21 Mar 2014 @ 6:16am

      Re: I call bullshit

      This story comes from somewhere else, and depending how the data was collected it may be publically deducible that the number called was a cardiologist.

      If Mike was after clickbait, all he'd have to do is post an article that would have the trolls foaming in - anything about Kim Dotcom, the RIAA/MPAA, or anything partisan-sounding.

      So where's YOUR evidence for your hate-filled bile?

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 21 Mar 2014 @ 6:45am

      Re: I call bullshit

      "how do they know he spoke to a cardiologist, and not someone else 'at a major medical center'?"

      Perhaps because they called the cardiologist's phone number. At major medical centers, every department (and usually every doctor) has their own phone number.

      link to this | view in chronology ]

    • icon
      silverscarcat (profile), 21 Mar 2014 @ 10:33am

      Re: I call bullshit

      BULLSHIT, how do they know he spoke to a cardiologist, and not someone else 'at a major medical center'??

      Reverse phone book.

      Seriously, I can type any number into a search data base and get the answer with ease.

      link to this | view in chronology ]

  • icon
    GEMont (profile), 21 Mar 2014 @ 10:58am

    Ya think!

    Silly rabbit!

    Logic 101:

    If metadata did NOT reveal a ton of information, NSA would NOT bother collecting it.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.