Back in June, President Obama assured us that that NSA was "not looking into content" of millions of mobile phone calls; instead, the agency was simply collecting metadata.
That statement seemed to imply that we could all rest easy. After all, sensitive information resides solely in what's said on the phone, not in a call's metadata, right?
Turns out, it's not that simple. As a new study by researchers at Stanford University illustrates, metadata is plenty sensitive; analyzed correctly, it can reveal intimate, personal and shockingly specific things about a person.
The detailed information the study dug up about participants based solely on their phone records surprised the researchers themselves. "We did not anticipate finding much evidence one way or the other," Jonathan Mayer, one of the study's authors, wrote in a blog post. "We were wrong. We found that phone metadata is unambiguously sensitive, even in a small population and over a short time window. We were able to infer medical conditions, firearm ownership, and more, using solely phone metadata."
To conduct the study, 546 volunteers installed an app called 'MetaPhone' on their mobile phones; the app passed information,including who they called as well as the public information on their Facebook profiles, to Mayer and his co-author Patrick Mutchler.
"The degree of sensitivity among contacts took us aback," Mayer wrote.
In the span of three weeks, one participant "contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop."
Another "communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis."
And finally, one female volunteer "had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after."
Viewing these highly personal life events as a series of phone calls is chilling. And as all three examples illustrate, connecting the dots provided by the callers' metadata was far from difficult.
In many cases, a single phone call was highly predictive of sensitive information. Over the course of the three-month study, 30 percent of volunteers contacted a pharmacy, 10 percent dialed-up a recruiting service, and six percent called a sexual/reproductive health facility.
"Reasonable minds can disagree about the policy and legal constraints that should be imposed on those databases," Mayer concluded. "The science, however, is clear: phone metadata is highly sensitive."
Related: Startups Mine 'Big Data' Too