Identifying People from Their Metadata

Jonathan Mayer, Patrick Mutchler, and John C. Mitchell, "Evaluating the privacy properties of telephone metadata":

Abstract: Since 2013, a stream of disclosures has prompted reconsideration of surveillance law and policy. One of the most controversial principles, both in the United States and abroad, is that communications metadata receives substantially less protection than communications content. Several nations currently collect telephone metadata in bulk, including on their own citizens. In this paper, we attempt to shed light on the privacy properties of telephone metadata. Using a crowdsourcing methodology, we demonstrate that telephone metadata is densely interconnected, can trivially be reidentified, and can be used to draw sensitive inferences.

New research, but not a new result. There have been several similar studies over the years. This one uses only anonymized call and SMS metadata to identify people who volunteered for the study.

Four assorted news articles.

Posted on May 19, 2016 at 6:10 AM • 15 Comments

Comments

Rolf WeberMay 19, 2016 10:17 AM

I think few people will deny the results of this study, that metadata can be very telling.

But the point is, there is not only the technical possibility, there is also the law. So even if we realize that the metadata can be abused, we can anyway reasonably decide that democratic governments should have the data, because we trust that it will only be used lawfully, and we think that the data will help to prevent and investigate crimes. Nothing else we already do today for example with the police, we give them guns and jails, and we trust that they use it only lawfully -- and we trust that those who abuse their power are punished.

Denny SeidelmanMay 19, 2016 11:29 AM

Unfortunately this discussion is already obsolete. The USA and the UK are making great progress in their plans to "collect it all." Data AND metadata. Thanks to Snowden we know that a couple of years ago the US was capable of storing 3 days of full data (a complete mirror of the internet), unless an analyst placed a request on a selector, in which case the data would be held indefinitely. This 3 day capacity has probably increased by now.

ISPs in the USA and Europe (not to mention countries where there is no democracy) are under immense pressure to cooperate with unlawful bulk surveillance programs. They do not have a choice. If, say, Bluffdale, fails, all they have to do is go straight to the ISP.

Going dark? Going dark my ass. I don't understand how anyone can be so negligent to keep posting personal information or even browse the web without anonymization these days.

AnselmMay 19, 2016 11:48 AM

we can anyway reasonably decide that democratic governments should have the data, because we trust that it will only be used lawfully, and we think that the data will help to prevent and investigate crimes

There is an important principle which dictates that only as much data should be collected as absolutely necessary to fulfil a given task (“data economy”). Collecting everyone's metadata all the time in order to “prevent and investigate crime” violates this principle since only a small percentage of the population is actually criminal, so the vast majority of the data will merely describe the lawful day-to-day doings of innocent people which even democratic governments have no business prying into.

It is illegal for a cop to be corrupt but there are bent cops all the same. Similarly, it is safe to assume that if a massive metadata database exists then criminal elements will find a way to get at its content – by cracking, social engineering, bribery, extortion, you name it –, and that will actually enable crime rather than prevent it. This is on top of all the “legal” but iffy uses people will find for this data that are nothing to do with crime prevention or investigation. For example, why shouldn't the government make some money on the side by allowing companies or political parties to mine the data for advertising purposes? All under very strict control, of course, but all that database infrastructure must be paid for somehow …

Comrade MajorMay 19, 2016 12:09 PM

There is two aspects of surveillance: psychological and technical.
Psychological aspect is well studied - people don't like to be watched etc.
Technical is not studied good enough (at this moment).

Snowden changed the world. World will never be same.

At this moment we should embrace counter-surveillance (contrintel) principles, not luddism.

Operative realm is supreme to crypto/math.

BobMay 19, 2016 3:48 PM

we can anyway reasonably decide that democratic governments should have the data, because we trust that it will only be used lawfully, and we think that the data will help to prevent and investigate crimes

No. You can because you'd happily forge your own chains in exchange for promises that they're "only for the bad guys."

ToxMay 19, 2016 5:10 PM

People should stop using old telephone system,
and use these on their phone(non-root, cant-root is OK).

1. NoRoot Firewall (sigo.mobi) OR AFWall+
2. Orbot
3. qTox

https://tox.chat/ Official
https://github.com/tux3/qTox For portable version(better than installer)

If @schneier have some time to spare, why don't you analyze security
as a "pro"?

"lawfully" lolMay 19, 2016 6:02 PM

Has anyone thought about doing what's right...

instead of just how to bend laws to reason anything as lawful that they want?

Lezter AlienMay 19, 2016 9:48 PM

Y'all wouldn't mind us "borrowing" yours and Canadians net connections while you all sleep, just so we can avoid local meta data bulk collection and gain access to reasonable download speeds we can exploit to then save data to 3rd party servers just incase we might want download some of this data at a later date if needed.

Apparently 1GB connections will never be needed here, but having access to fast speeds elsewhere might be handy for trickle downloading software like new AV or Firewall versions over a month or so without bringing the household internet to a crawl.

At least platforms like bittorent allow us access to free software updates most people take for granted elsewhere in the world, at least untill we fall even more behind as you all move forward without us.

DroneMay 19, 2016 10:31 PM

Is there something new here? I didn't think so; glad you agree... BTW, how much did this "non-study" cost us taxpayers?

Darren Chaker May 20, 2016 2:27 AM

I love technology and privacy, but will chime in on a different theme. Specifically, if all of mass surveillance deals with protecting lives, why not start with something which kills 1,300 people a day? "Cigarette smoking is responsible for more than 480,000 deaths per year in the United States, including nearly 42,000 deaths resulting from secondhand smoke exposure. This is about one in five deaths annually, or 1,300 deaths every day." http://www.cdc.gov/tobacco/data_statistics/fact_sheets/fast_facts/ (No offense to smokers)

In lieu of doing so, there's a witch hunt on encryption and an effort on mass surveillance. If American lives were so important, go after the #1 mass killer, who not only often kills the primary target (the smoker), but also those around them (second hand smokers) not a fraction of those. Years later may be it's a terror organization who truly owns the tobacco industry!

I wrote an article about how to implement basic security to stay on top of security and privacy - encrypt phone, use strong PWs, full disc encryption, VPN, etc. see, http://darrenchaker.us/privacy-darren-chaker

The purpose is to save lives. I would hope there is a pecking order to do so. But do not believe it is being implemented. By using the terror card, Government is allowed what it pleases in the name of saving a few people a year, when 1,300 die every day. I do not like that rationale. However, the fact remains, you cannot truly control those you govern unless you know all of its secrets and lies.

BillMay 20, 2016 7:54 AM

@Darren: And after smoking, let's tackle drunk driving. Both of these kill way more in a year than perished in all terrorist attacks on US soil.

These tragedies just don't get the media attention because the deaths don't all happen in one incident and they have been happening for years.

TatütataMay 21, 2016 8:36 AM

There's a scene in the film "All the President's men" where Carl Bernstein sits in the park with a contact from the phone company. (C&P?)

While he's eating his sandwiches, the Bellhead says: Carl, if [Attorney General] John Mitchell wanted your phone records, you'd be running around yelling "invasion of privacy".

How quaint! Metadata was considered sensitive and confidential -- at least when it concerned the rich or powerful...

In the original Godfather at least one murder is committed on the basis of metadata. Button man Paulie Gatto gets his bullets in the head on the basis of phone records suggesting contacts between him and the Sollozzo/Tattaglia clan. (That's the source of the famous "leave the gun, take the cannoli" in the film version).

In reality, I don't see how New York Telephone would have maintained detailed message accounting for local calls back in the 1940s. A clandestine pen-and-ink recorder on Paulie's line?

rMay 26, 2016 1:40 PM

@darren,

Currently reading through your list, you recommend cccleaner but not the open source and cross platform BleachBit?

Maybe it needs a more colorful interface and a one-click button granted... But it's a powerhouse.

I like glary utilities too as shareware (not endorsing it).

It's one of the programs available to Windows users through ninite.com

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.