The National Security Agency's mass surveillance of telephone metadata could yield detailed information about the private lives of individuals far beyond what the federal government claims, according to new Stanford research.
Stanford computer science student and CISAC cybersecurity fellow Jonathan Mayer and a fellow CS student, Patrick Mutchler, were able to acquire detailed information about people's lives just from telephone metadata: the phone number of the caller and recipient, the particular serial number of the phones involved, the time and duration of calls and possibly the location of each person when the call occurred.
The researchers did not do any illegal snooping – they worked with the phone records of 546 volunteers, matching phone numbers against the public Yelp and Google Places directories to see who was being called.
From the phone numbers, it was possible to determine that 57 percent of the volunteers made at least one medical call. Forty percent made a call related to financial services.
The volunteers called 33,688 unique numbers; 6,107 of those numbers, or 18 percent, were isolated to a particular identity.
The metadata issue has taken on urgency in the wake of last summer's revelations about surveillance of American citizens by the NSA. Privacy experts have questioned the federal government's assertions on the subject.
President Obama has said, "They are not looking at people's names, and they're not looking at content."
Federal judges have split on the legality of the NSA's telephone metadata program.
Jonathan Mayer talks to Hari Sreenivasan on PBS Newshour in this video:
Computer scientists such as Mayer say metadata are extremely sensitive and revealing.
They contend their research shows that metadata from phone calls can yield a wealth of detail about family, political, professional, religious and sexual associations.
"It would be no technical challenge to scale these identifications to a larger population," said Mayer.
At the outset, Mayer said, they asked, "Is it easy to draw sensitive inferences from phone metadata? How often do people conduct sensitive matters by phone? We turned to our crowdsourced MetaPhone dataset for empirical answers."
They crowdsourced the data using an Android application and conducted an analysis of individual calls made by the volunteers to sensitive numbers, connecting the patterns of calls to emphasize the detail available in telephone metadata, Mayer said.
"A pattern of calls will, of course, reveal more than individual call records," he said. "In our analysis, we identified a number of patterns that were highly indicative of sensitive activities or traits."
For example, one participant called several local neurology groups, a specialty pharmacy, a rare-condition management service, and a pharmaceutical hotline used for multiple sclerosis.
Another contacted a home improvement store, locksmiths, a hydroponics dealer and a head shop.
The researchers initially shared the same hypothesis as their computer science colleagues, Mayer said. They did not anticipate finding much evidence one way or the other.
"We were wrong. Phone metadata is unambiguously sensitive, even over a small sample and short time window. We were able to infer medical conditions, firearm ownership and more, using solely phone metadata," he said.
All three branches of the federal government are now considering curbs on access to telephone metadata, Mayer noted. Consumer privacy concerns are also salient as the Federal Communications Commission assesses telecom data sharing practices, he added.