Skip to Content
Author's profile photo Derek Klobucher

The Devil is in the Metadata for Intelligence Surveillance Programs

NSA surveillance and Chinese hacking have driven cyber-security awareness to unprecedented highs over the past year. And U.S. President Barack Obama has been fighting foreign cyber-attackers for longer than that.

Metadata Surveillance 01-13-2014-A.jpg
Metadata may seem harmless, but it can reveal more about your life than you know.

Now he’s looking at reforms in the National Security Agency. Obama could announce changes in how the intelligence agency collects telephone and other data as early as this week, according to The Wall Street Journal on Thursday.

“Rather than eliminate or curtail major intelligence programs, Obama is expected to pledge more transparency, plus some outside advocacy in the process,” White House correspondent Alexis Simendinger stated Thursday. “[Obama] said the government, if it had possessed the metadata phone collection program a dozen years ago, could have tied a cellphone used by a 9/11 plotter in Germany to a 9/11 accomplice contacted in San Diego and saved lives.”

Did you catch that about the metadata? It’s the detail that’s been such a devil lately.

Defended from Both Sides

Metadata may seem harmless because it isn’t content — it’s just data about data, such as the time of a call, its duration or the IP addresses related to an e-mail message. Metadata is what the NSA has been evaluating, and legislators on both sides of the political aisle have defended this activity.

“The NSA only collects the type of information found on a telephone bill: phone numbers of calls placed and received, the time of the calls and duration,” Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) wrote in October. And House Intelligence Committee Chairman Mike Rogers (R-Mich.) told ABC, “The National Security Agency does not listen to Americans’ phone calls and it is not reading Americans’ e-mails — none of these programs allow that.”

Intelligence officials may not even need the contents of phone calls and e-mail messages to do their jobs. Metadata might be enough — or too much.

The Big Reveal

“Metadata surveillance exposes the content of our lives in a way that wiretapping can’t,” the ACLU of Massachusetts stated this month. “When you think about the FBI and NSA collecting your metadata in bulk, as they are currently, think of it as unknown numbers of people having access to information about you so sensitive that they can divine some insight about your life of which you aren’t even conscious yourself.”

Metadata Surveillance 01-13-2014-B.jpg
“Something significantly changed my communication pattern,” Immersion co-creator Deepak Jagdish said, after his colleague pointed out a curious pattern in his e-mail’s metadata.

That’s true, but a program developed at MIT can help make you conscious of some such insights. Immersion can graphically represent your life using only the To, From, Cc and timestamp metadata fields — not the content — from your Web-based e-mail account. And it can look as far back as you’ve had the account.

“Clearly something happened in the second half of 2010 — something significantly changed my communication pattern,” Immersion co-creator Deepak Jagdish said during a TEDx Talk, pointing to a dip in the graph generated only by timestamps from his own e-mail messages over a five-year period. “That was a time when an important personal relationship had ended for me, following which my circle of friends changed.”

Immersion can also use e-mail metadata to track how your relationships with individuals and groups have evolved. Intelligence agencies can draw similar conclusions with metadata, and they don’t need a warrant or your consent.

Between a Rock and a Hard Place

“If the attacks of Sept. 11, 2001 taught us anything, it’s that we must connect the dots,” Foundation for Defense of Democracies President Clifford D. May stated this month. “But before we can connect the dots, we must collect the dots.”

This clearly puts the Obama Administration in a tough spot, crammed between protecting citizens from attack and guarding their right to privacy.

“We should also be mindful that any third party who has access to our data — be it the company that holds the data or government agencies — they can learn plenty about us from it,” Immersion co-creator Daniel Smilkov said during the same TEDx Talk as Jagdish. “With ownership of data comes power, and this is power that we should treat very responsibly.”

Follow Derek on Twitter: @DKlobucher

Related Media:

The Future of Global Cyber-Security is in the Cloud

Balancing Danger and Opportunity in the New World of Cyber Domain

Obama’s Five-Point Plan to Fight Cyber-Crime

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.