If you’re not concerned about government surveillance of your phone because the National Security Agency (NSA) only collects metadata, think again.
A study from Stanford University shows that connecting “anonymous” metadata to compromising personal information is trivially easy.
Documents leaked in June by former NSA contractor Edward Snowden revealed that the organization was collecting metadata about calls placed to and from Verizon telephone lines. Although this revelation was potentially troubling, metadata collection is, in theory, not cause for concern.
The metadata about your phone calls does not reveal your name or identity, or the content of your conversations, but it does track the numbers you call, how long the calls last, and which other companies have your phone number in their directories.
Although the specific documents leaked in June concerned Verizon landlines, the NSA has since admitted that it collects metadata about mobile telephone calls and text messages as well.
Sen. Dianne Feinstein (D-Calif.), who heads the Senate Intelligence Committee, has said that collecting metadata is “not surveillance.” Because the information, by itself, cannot identify individuals, Feinstein and the NSA hold that it is practically harmless for the government to collect it.
A research team operating out of Stanford University disagrees, and hopes to prove its point with a new Android app called MetaPhone. By accessing your phone number and your Facebook page, this app does what any NSA program could do: It acquires your metadata, then correlates it with your social-media information to see how much it can learn about you.
“Phone metadata is inherently revealing,” wrote Jonathan Mayer and Patrick Mutchler, the app’s designers, on a Stanford Law School blog. By using MetaPhone, you can submit your information to a Stanford research project so that Mayer and Mutchler can determine how easy it is for organizations to glean personal information from your supposedly non-revealing metadata.
When Tom’s Guide tried the app, we found that the results supported Stanford’s assertion: Dozens of different organizations had the phone number we tried on file. The NSA — or worse, a cybercriminal — would be able to find our name, our geographic location, our bank, our medical facilities and even our eating habits with just a simple cross-check online.