The National Security Agency used the Patriot Act to justify its large-scale telephone metadata collection program until the relevant sections expired last year. But the NSA and other government agencies can still access and collect metadata in various ways. Now, a new study from Stanford University is reasserting the problems this poses for individual privacy.
The study, published Monday in the Proceedings of the National Academy of Sciences, used a custom smartphone app to collect the telephone metadata (phone numbers called, duration of calls, etc.) of 823 participants. The app logged 251,788 calls and 1,234,231 text messages. All told, these communications involved 62,229 unique phone numbers.
The researchers analyzed the metadata using some automated techniques and some manual work. They found that they could establish personal details about the study participants fairly easily by sorting the data in different ways and with “limited resources—far below those available to a large business or intelligence agency.” Depending on what numbers people were calling/texting, how long they were on the calls, and who they called or texted next, the researchers could figure out things like people’s medical conditions, romantic relationship statuses, and identities.
Telephone metadata has been used relatively freely by government agencies on the assumption that it is anonymized and meaningless without context. Director of National Intelligence James Clapper said in 2013 that the agency’s bulk metadata collection program “does not allow the Government to listen in on anyone’s phone calls. The information acquired does not include the content of any communications or the identity of any subscriber.” But the study results reflect what privacy advocates have been saying for years: Collecting telephone metadata can erode individual privacy.
“Telephone metadata is densely interconnected, susceptible to re-identification, and enables highly sensitive inferences,” the researchers wrote. “The results of our study are unambiguous: there are significant privacy impacts associated with telephone metadata surveillance.”
The researchers are far from the first people to reach these conclusions, but their qualitative approach serves as a valuable reminder.