A study conducted by the NSA confirms that telephone metadata from phone logs reveals individuals’ Personal Information to government surveillance agencies.
It has been argued in the past that the mass collection of phone records by government surveillance agencies poses a significant threat to privacy rights. Now, however, a new study confirms what privacy advocates have been arguing for years. This is according to US researchers who used basic phone logs and were able to identify individuals and access their confidential information.
All of these personal details were derived from anonymous “metadata” found on individuals’ calls and texts. The two scientists at Stanford University who conducted the research were able to figure out individuals’ names, where they lived and association information.
But that’s not all they found.
They also uncovered details such as gun ownership, medical and disability information and activities involving recreational drugs.When the results were paired with public information already available on services such as Yelp, Google and Facebook, a much bigger, more detailed picture of a given individual’s life can be seen.
Former general counsel at the US National Security Agency (NSA), Stewart Baker has said that, “metadata absolutely tells you everything about somebody’s life.”
“For the study, the researchers signed up 823 people who agreed to have metadata collected from their phones through an Android app. The app also received information from their Facebook accounts, which the scientists used to check the accuracy of their results. In all, the researchers gathered metadata on more than 250,000 calls and over 1.2m texts.” read an article published by the The Guardian.
“Analysts who logged into the NSA’s metadata gathering system were initially allowed to examine data up to three hops away from an individual. A call from the target individual’s phone to another number was one hop. From that phone to another was two hops. And so on. The records available to analysts stretched back for five years. The collection window has now been restricted to two hops and 18 months at most.”
Alarmingly, the Stanford study revealed that given just one phone number to start with, the NSA program would have access to telephone metadata for tens of millions of people. With restrictions in place, however, the number plummets–but still indicates that armed with just one phone number, it is possible to retrieve metadata on 25,000 people.
Patrick Mutchler, a computer security researcher at Stanford, writing in the journal Proceedings of the National Academy of Sciences, goes over some key points:
- A wealth of personal information was disclosed, some of it sensitive, about people who took part in the study.
- “Through automatic and manual searches, they identified 82% of people’s names.”
- This same technique revealed the names of businesses those individuals had contacted.
- When plotted on a map, clusters of local businesses appeared, which the scientists predicted would be located near the given individuals’ home addresses.
- “In this way, they named the city people lived in 57% of the time, and were nearly 90% accurate in placing people within 50 miles of their home.”
The scientists were eventually able to determine relationships based on analyzing individuals’ call patterns. Following that, they “gathered details on calls made to and from a list of organisations, including hospitals, pharmacies, religious groups, legal services, firearms retailers and repair firms, marijuana dispensaries, and sex establishments. From these, they pieced together some extraordinary vignettes from people’s lives.”
Mutchler hopes these findings will give legislators pause in regard to to authorizing mass surveillance programs: “Large-scale metadata surveillance programs, like the NSA’s, will necessarily expose highly confidential information about ordinary citizens,” he wrote. Mutchler went on to write: “To strike an appropriate balance between national security and civil liberties, future policymaking must be informed by input from relevant sciences.”
Similarly, Ross Anderson, professor of security engineering at Cambridge University argues that the study presents data that discussions can now be based on, saying: “With the right analytics running over nation-scale comms data you can infer huge amounts of sensitive information on everyone. We always suspected that of course, but here’s the data.”
Source:https://securityaffairs.co/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.