December 28, 2013 weblog
Experiment shows connecting names with phone metadata is easy
(Phys.org) —What kind of telephone activity does the NSA collect on people? Metadata. How harmful is it to your privacy health? Nada. It is only metadata. That has been the line drawn in the sand by government supporters of NSA activities in monitoring calls. Now a Stanford study by two researchers at Stanford has its own message: Individuals can be easily identified through phone numbers. Connecting metadata with individual names is not just easy; they found it was "trivial." Jonathan Mayer along with Patrick Mutchler, the researchers, earlier this week on the blog Web Policy, which covers technology, policy, and law, posted their findings under the headline, "MetaPhone: The NSA's Got Your Number."
They described their experiment to find out just how easy it might be through an Android app called MetaPhone, which garnered 5,000 phone numbers. MetaPhone is defined by the researchers as a "crowdsourced study of phone metadata." In November, as a project of the Stanford Security Lab, the two posted a notice, "We're studying the National Security Agency, and we need your help." They referred to the NSA's confirmation that it collects American phone records, and with little privacy impact. Nonetheless, they noted, "Phone metadata is inherently revealing. We want to rigorously prove it—for the public, for Congress, and for the courts." In turn they said they sought to crowdsource the data for their study. to measure what can be inferred from phone records."Participation takes just a few minutes," they said. "You're eligible if you're in the United States, use an Android smartphone, and have a Facebook account."
The results of their MetaPhone trial and other research steps are in. "We randomly sampled 5,000 numbers from our crowdsourced MetaPhone dataset and queried the Yelp, Google Places, and Facebook directories," they reported.
Querying those three sources, they matched 1,356 (27.1%) of the numbers—378 hits (7.6%) on Yelp, 684 (13.7%) on Google Places, and 618 (12.3%) on Facebook.
Then they took a next step with a random sample of 100 numbers from the dataset, to run Google searches on each. That effort did not even take an hour, where they were able to associate an individual or a business with 60 of the 100 numbers.
Finally, they proceeded to run the numbers using Intelius. "Between Intelius, Google search, and our three initial sources, we associated a name with 91 of the 100 numbers."
The authors commented, "If a few academic researchers can get this far this quickly, it's difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers."
Mayer is a PhD student in computer science at Stanford , where he received his J.D. in 2013,
Reacting to the report, Gregory Ferenstein in TechCrunch, said, "People may disagree about whether or not government agencies should have private information, but let's not pretend they can't learn anything they want from what information they have."
Meanwhile, a federal judge ruled on Friday that the National Security Agency's collection of telephone records is lawful. Federal Judge William Pauley said there was no evidence that the Government has used any of the bulk metadata for any purpose other than investigating and disrupting terrorist attacks.
© 2013 Phys.org