New study shows NSA phone metadata can reveal EVERYTHING about your life

Giuseppe Macri Tech Editor
Font Size:

New research published by Stanford Univeristy Wednesday reveal phone and Internet metadata collected by the NSA can expose far more information about an individual than the agency admits, including, “medical conditions, financial and legal connections, and even whether they own a gun.”

Two of the school’s computer science graduate students were able to uncover the sensitive personal details of individuals from phone data details, like the numbers of callers and recipients, the location of callers, phone serial numbers and the length of conversations — all of which are data the signals intelligence agency collects in bulk both domestically and internationally.

Of the 33,688 unique numbers called by the study’s 546 study volunteers, students were able to positively identify a specific individual in 18 percent of those calls. They were also able to discern 57 percent made at least one medical call and 40 percent made a financial services call.

Computer scientists Jonathan Mayer and Patrick Mutchler, the doctoral students that authored the study, say metadata are “extremely sensitive and revealing,” and “can yield a wealth of detail about family, political, professional, religious and sexual associations.”

“It would be no technical challenge to scale these identifications to a larger population,” Mayer told Stanford News, referencing similar metadata analysis the NSA is almost certainly already engaged in.

The two began by asking, “Is it easy to draw sensitive inferences from phone metadata? How often do people conduct sensitive matters by phone? We turned to our crowdsourced MetaPhone dataset for empirical answers.” At the outset, they didn’t expect to find much.

“We were wrong,” Mayer said. “Phone metadata is unambiguously sensitive, even over a small sample and short time window. We were able to infer medical conditions, firearm ownership and more, using solely phone metadata,” he said.

Using an Android application to crowdsource the data of “sensitive” calls made by volunteers, the students then analyzed the individual call results and established patterns to show how much detail could be drawn from phone metadata.

“A pattern of calls will, of course, reveal more than individual call records,” Mayer said. “In our analysis, we identified a number of patterns that were highly indicative of sensitive activities or traits.”

In an example cited by the Stanford report, one volunteer called multiple neurology offices, a specialty pharmacy, a management service for rare medical conditions and a pharmaceutical hotline for multiple sclerosis. A second called a home improvement retailer, locksmiths, plant hydroponics seller and a head shop — slightly more indicative of questionable legal activity.

Since the leaks detailing the classified mass surveillance programs began last summer, intelligence agency heads and even President Obama have repeatedly asserted the data is examined for content, not identity. While ongoing leaks have brought that claim into question, the fact that identities, along with sensitive personal information, can easily be discerned with metadata is an advancing, precise reality.

Follow Giuseppe on Twitter