Don’t Let the NSA Tell You Metadata is Harmless
We have a pretty good idea of how the story goes. The NSA has been spying on us for a long time—so long that we’re still not 100% sure when it started. Then, Edward Snowden surfaced and revealed the extent of the organization’s surveillance program. During his time with the NSA, he collected thousands of documents that describe just what the agency is doing. Then, he doled out part of his collection to several respected reporters before fleeing to Hong Kong.
One of the first news stories that broke revealed the NSA collects mobile call records from every American. At first, the NSA tried to claim none of it was true. Then, they claimed that it wasn’t as bad as Snowden revealed. Until, finally, they admitted to collecting “only metadata.” In other words, they keep trying to pass off their policies as harmless.
While our phone metadata doesn’t actually reveal every word spoken during a phone conversation between two parties, it does include information like the date, time, who’s involved and, of course, the duration of the call. The NSA publically announced this using the phrase “only metadata,” as if it isn’t still a grievous beach of privacy. So, then, let’s ask the question: Why would the NSA want it in the first place?
Many people accepted this answer—that it’s “only metadata”—and were mollified, continuing on with their lives like everything had been addressed and sufficiently explained away. Unfortunately, that’s simply not the case.
Collecting metadata is spying. There’s no two ways about it. What the NSA is doing is putting every American under surveillance. On the surface, it may look like they’re “only” collecting basic information, but the truth is this still gives them just about everything they could ever want or need. As the former General Counsel of the NSA, Stewart Baker, said: “Metadata absolutely tells you everything about somebody’s life. If you have enough metadata you don’t really need content.”
Later, Michael Hayden, former director of the NSA and the CIA, said: “We kill people based on metadata.”
Let that sink in for a moment. The agency can carry out an assassination with the information they collect from metadata. If that doesn’t sound like surveillance to you, I don’t know what does.
What is Metadata?
The best way to describe metadata is to say that collecting it is essentially the act of data mining someone’s habits. To provide a few examples: All of the websites you visit in your browser—including the specific web searches you do through Google—are one form of metadata. All of the places you go when you run daily errands, and the names of these places, would be considered another form of metadata. Who you visit, hang out with, and talk to, would be yet another form of metadata. Altogether, this information could tell any stranger looking at it a great deal about who you are, even if they don’t know precisely what you talked about while you were there. It can reveal things like the people you associate with, what coffee shops and stores you like to frequent, whether you’re always on time or late, or even what kind of strange porn you like to watch.
Are you starting to get the picture? Bonus points if you’re feeling rightfully indignant someone—anyone—is collecting information like this about you.
Believe it or not, it’s not just NSA doing it. Services like Facebook, Google, and many others have been doing it for quite a long time too. The problem is they’re not doing it to the same extent as the NSA. In fact, one thing Snowden revealed later is that the NSA demanded even more information from companies like Facebook and Google, and thanks to their executive clout, probably got a fair bit of it. Recently it also came to light that the NSA had demanded that Apple provide them with special backdoor access to their systems, so the NSA could jump in at any time and collect whatever data they wanted.
Thankfully, Apple held the line and denied their requests. And if there’s one living CEO that I’m inclined to believe, it’s Tim Cook.
What Could They Have Possibly Collected?
Some folks are still going to look at this and say: “So what? What could the NSA have possibly collected on me or anyone I know?” The answer to that question is: everything.
An experiment from Stanford University involved the examination of mobile metadata from more than 500 volunteers over several months. The idea is to discern what kind of information you can learn about a person from “only metadata.” What the researchers found surprised not just them, but the volunteers as well.
One of the participants—let’s call her ‘Sally’—had a long morning call with her sister, and days later made a series of calls to a Planned Parenthood center. Two weeks later, she made a few more calls to that center and finally another just a month later.
What can you gather from that information about Sally? Possibly that she had an abortion. If you had been collecting her metadata longer, you might have even been able to find out who the father was, what she’s doing now, if she’s had more than one abortion, and much more.
If you don’t think that’s scary, let’s take a look at another participant.
Let’s call this man ‘Bob.’ Bob called several contacts that, separately, might not look like much, but together provide a clear picture of what he’s doing. In a span of about three weeks, Bob contacted a head shop, a home improvement store, locksmiths, and a hydroponics dealer.
Clearly, Bob has plans to grow marijuana in his home. Over time, more information, like his address, how much money he’s making, and what kind of purchases he’s made, could land Bob in a world of trouble. Imagine if someone unscrupulous found this information and decided to rob him?
Now, you might be thinking that Bob is breaking the law, and so deserves whatever he gets. You can believe that if you want to, but let’s take a look at another participant.
Let’s call this last one ‘Frank.’ While being monitored, Frank called cardiologists at a major medical center and spoke to them for a long time. Then, he contacted a medical lab and received calls from a local pharmacy. He also called a hotline dedicated to helping those using a special cardiac arrhythmia monitoring device.
Long story short, Frank had a recent heart attack and he’s trying to improve his health. What if Frank didn’t want anyone to know about his health problems? Sure, things happen and information gets out—especially if a family member posts a Get Well Soon greeting via social media or something—but what if Frank didn’t want anyone else to know this information? What if Frank wanted the knowledge about his heart attack to remain private between him, his significant other, and his physician? It’s pretty much too late now, isn’t it? There’s no putting the genie back in the bottle, as the saying goes.
And that’s exactly the point. American citizens shouldn’t need a reason to want their privacy; it should simply be assumed that we have the right to keep private matters, well, private. What we have instead is a system whereby, at any given time, your metadata can reveal a hell of a lot about you. People can learn some very personal, private and, at times, incriminating information just by looking at “only metadata.” You can’t push the problem away any more by adopting the sentiment that if you have nothing to hide it doesn’t matter.
We all need our privacy for different reasons—and if our leaders had actually read the Constitution they claim to uphold, they’d understand why we’re making a fuss.
Image Credit: EFF.org/NSA