Risk
6/19/2013
11:53 AM
Connect Directly
RSS
E-Mail
50%
50%

What Prism Knows: 8 Metadata Facts

Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques.

One of the biggest worries triggered by Edward Snowden's National Security Agency (NSA) leaks concerns the scale of data being collected by the intelligence agency.

Government officials have said that while various NSA programs capture different types of data, including metadata relating to phone numbers and call duration, that information is used only to investigate foreigners, unless the FBI first convinces a judge to issue a warrant based on probable cause.

Still, the NSA appears to be collecting records on millions of innocent Americans, and then storing the information until it may be needed at a later date. The agency's supporters, including President Barack Obama, have said that the program makes the country more secure without compromising privacy. According to news reports, advanced search algorithms are used to ensure that information is accessed -- again, without a court order -- only on people who appear to be foreigners.

On the flip side, Center for Democracy and Technology (CDT) president and CEO Leslie Harris said, "There is no algorithm exception to the 4th Amendment," referring to the Constitution's prohibitions on unreasonable searches.

[ Is Edward Snowden a hero or a traitor -- or somewhere in between? Read NSA Prism Whistleblower Snowden Deserves A Medal. ]

Is either side fully right or wrong? Here are eight facts relating to the U.S. government's capture and use of metadata:

1. What Can Metadata Do?

For starters, Bruce Schneier, chief security technology officer of BT, said the metadata in question is more accurately known as "traffic analysis". Nomenclature aside, traffic analysis offers powerful possibilities for identifying whoever's behind the communications. A recently published Nature study found that human mobility traces are highly unique. Based on data collected by researchers on 1.5 million people over a 15-month period, given just four data points -- involving location and time -- they could uniquely identify 95% of the individuals, and by picking two random points, correctly identify half of the people being tracked.

2. Should Intelligence Agencies Be Allowed to Collect Everything?

What are the intelligence ramifications of the Nature study? "When paired with emerging 'big data' analytics techniques, metadata can ultimately prove to be more valuable, and potentially even more illuminating, than the 'data' itself," said CDT researcher Aubra Anthony in a blog post. "Right now, the government's interpretation of Patriot [Act] Section 215 doesn't seem properly limited to protect the privacy of innocent Americans. In fact, the collection of this metadata seems unlimited in scope and duration."

3. Obama: Collection Doesn't Equal Access

Many people have balked at having details related to every call they make recorded. But according to Obama, who's defended the NSA's programs, the data is rarely used. "If you're a U.S. person, then NSA is not listening to your phone calls and it's not targeting your emails unless it's getting an individualized court order," Obama told Charlie Rose in an interview broadcast Monday night on PBS.

Furthermore, Obama said, such a court order would result only if the FBI could demonstrate probable cause to a judge. "[It's] the same way it's always been, the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause."

4. Obama: This Program Doesn't Track Location Data

While a little location and time data could quickly allow investigators to create positive matches, according to President Obama, the NSA's phone-record interception program doesn't capture location data. "There are two programs that were revealed by Mr. Snowden, allegedly. ... Program number one, called the 2015 Program, what that does is it gets data from the service providers like a Verizon in bulk, and basically you have call pairs," Obama explained. "You have my telephone number connecting with your telephone number. There are no names. There is no content in that database. All it is, is the number pairs, when those calls took place, how long they took place. So that database is sitting there."

Given a "reasonable, articulable suspicion that this might involve foreign terrorist activity related to Al-Qaeda and some other international terrorist actors" -- perhaps from the CIA or New York Police Department -- then the NSA, with a court order, will perform narrow queries on the database to see if the phone number has been recorded, and if so, what other numbers it was used to contact. At that point, Obama explained, a related report will be generated and passed to the FBI.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/26/2013 | 3:05:36 AM
re: What Prism Knows: 8 Metadata Facts
The major problem with Mr. Lewis' point is that if we had a benevolent government that we could trust, this would be an entirely different kettle of fish. Problem is, in 2013, there's a serious divide in the American political spectrum and programs like these can be abused for political gains. One needs only look at the fallout surrounding the IRS scandal to rest assured of that and the point hat Marlinspike brings up not only echoes that but amplifies it.

People need to remember that there is an entire cottage industry out there based solely on the collection and aggregation of your personal data and the resale of that data to organizations for any use they deem fit - whether it be advertising (a benign use) or something more sinister.

The really major issue that I have with these programs is that public knowledge of these collection efforts leads to interest from organizations that don't have the best interests of the American people at heart.

Imagine what happens if a group like Anonymous or an enemy power gains access to all of your personal data. Would you ever feel safe again? And given that the number of attacks is escalating on a year over year basis as well... it's just a matter of time. Identity theft may well be the tip of the iceberg...

Andrew Hornback
InformationWeek Contributor
Truthsmith
50%
50%
Truthsmith,
User Rank: Apprentice
6/21/2013 | 5:24:36 PM
re: What Prism Knows: 8 Metadata Facts
The argument by Lewis: if it safeguards people's political liberties, then
capturing metadata is a useful technique. "The essential political
rights are freedom of expression and assembly, freedom from arbitrary
detention, and the right to petition the government for a redress of
grievances," Lewis said. "If these four rights are protected, surveillance is immaterial in its effect on civil liberties.

He points to four essential "political liberties" as if they are the ones that count, as if they are the only ones that count. Note that he left out another very important one, the one that is DIRECTLY violated by the NSA practices:

Amendment 4: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The NSA's massive metadata collection is absolutely UNREASONABLE SEARCH. We all know that. Blabbing on about these other four "rights" reminds me of the rich young ruler that obeyed four commandments, but he failed on the biggest one, because he loved his riches more than God.
MikeSMJ
50%
50%
MikeSMJ,
User Rank: Apprentice
6/19/2013 | 9:22:40 PM
re: What Prism Knows: 8 Metadata Facts
As Bruce Schneier pointed out, the metadata can be more important, and more useful in investigations, than the data. In fact, with "Big Data" research techniques, the metadata can be used to find "key individuals" and clusters of individuals for any community of interest.

That is, the same techniques that are used to identify "potential" terrorists can be used to identify gun control activists, or women's rights activists, or (let's keep this balanced) "states rights" activists.

Once any organization - particularly a government - has this kind of power available, it becomes next to impossible to prevent its use for other purposes than the original intent. There is nothing to prevent the government from deciding that these interest groups are somehow a "danger to the society", and restricting their "freedom of expression and assembly, freedom from
arbitrary detention, and the right to petition the government for a
redress of grievances." Under the circumstances, I believe that
James A. Lewis is being naive to assert that this kind of invasion of privacy is not dangerous.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.