Your Cell Phone Knows Everything About You

by Jonah Shepp

NSA MYSTIC records 100 percent of a country's phone call content, stores for 30 days, clippings get stored longer http://t.co/EstmNKi5ZS
— Margot Kaminski (@MargotKaminski) March 18, 2014

Mystic aside, the NSA claims that collecting your phone metadata doesn’t violate your privacy because it doesn’t tell them much about you. Well, researchers at Stanford have been studying that claim since November, and even they were surprised at how staggeringly false it turned out to be:

We did not anticipate finding much evidence one way or the other, however, since the MetaPhone participant population is small and participants only provide a few months of phone activity on average. We were wrong. … The degree of sensitivity among contacts took us aback. Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.

The study’s implications are pretty major:

“This is striking,” Fred Cate, a law professor at Indiana University, told Ars by e-mail. “It highlights three key points.

First, that the key part of the NSA’s argument—we weren’t collecting sensitive information so what is the bother?—is factually wrong. Second, that the NSA and the FISA Court failed to think this through; after all, it only takes a little common sense to realize that sweeping up all numbers called will inevitably reveal sensitive information. Of course the record of every call made and received is going to implicate privacy. And third, it lays bare the fallacy of the Supreme Court’s mind-numbingly broad wording of the third-party doctrine in an age of big data: just because I reveal data for one purpose—to make a phone call—does not mean that I have no legitimate interest in that information, especially when combined with other data points about me.”

Derek Mead adds:

Remember, these inferences are solely based on phone metadata, which includes phone numbers and call time. Phone metadata is an extremely powerful tool—the NSA wouldn’t be so dedicated to collecting it if it wasn’t—and it’s absolutely, unequivocally isn’t anonymous. As the researchers write, it’s “unambiguously sensitive, even in a small population and over a short time window.” I asked [Stanford’s Jonathan] Mayer if there was anything he’s seen that people could do to limit the usability of their metadata. The answer was pretty simple: Unless you stop making calls, there’s nothing you can do.