11:53 AM

What Prism Knows: 8 Metadata Facts

Data traffic analysis could provide "megadata" intelligence agencies can use to cross-reference information using big data techniques.

One of the biggest worries triggered by Edward Snowden's National Security Agency (NSA) leaks concerns the scale of data being collected by the intelligence agency.

Government officials have said that while various NSA programs capture different types of data, including metadata relating to phone numbers and call duration, that information is used only to investigate foreigners, unless the FBI first convinces a judge to issue a warrant based on probable cause.

Still, the NSA appears to be collecting records on millions of innocent Americans, and then storing the information until it may be needed at a later date. The agency's supporters, including President Barack Obama, have said that the program makes the country more secure without compromising privacy. According to news reports, advanced search algorithms are used to ensure that information is accessed -- again, without a court order -- only on people who appear to be foreigners.

On the flip side, Center for Democracy and Technology (CDT) president and CEO Leslie Harris said, "There is no algorithm exception to the 4th Amendment," referring to the Constitution's prohibitions on unreasonable searches.

[ Is Edward Snowden a hero or a traitor -- or somewhere in between? Read NSA Prism Whistleblower Snowden Deserves A Medal. ]

Is either side fully right or wrong? Here are eight facts relating to the U.S. government's capture and use of metadata:

1. What Can Metadata Do?

For starters, Bruce Schneier, chief security technology officer of BT, said the metadata in question is more accurately known as "traffic analysis". Nomenclature aside, traffic analysis offers powerful possibilities for identifying whoever's behind the communications. A recently published Nature study found that human mobility traces are highly unique. Based on data collected by researchers on 1.5 million people over a 15-month period, given just four data points -- involving location and time -- they could uniquely identify 95% of the individuals, and by picking two random points, correctly identify half of the people being tracked.

2. Should Intelligence Agencies Be Allowed to Collect Everything?

What are the intelligence ramifications of the Nature study? "When paired with emerging 'big data' analytics techniques, metadata can ultimately prove to be more valuable, and potentially even more illuminating, than the 'data' itself," said CDT researcher Aubra Anthony in a blog post. "Right now, the government's interpretation of Patriot [Act] Section 215 doesn't seem properly limited to protect the privacy of innocent Americans. In fact, the collection of this metadata seems unlimited in scope and duration."

3. Obama: Collection Doesn't Equal Access

Many people have balked at having details related to every call they make recorded. But according to Obama, who's defended the NSA's programs, the data is rarely used. "If you're a U.S. person, then NSA is not listening to your phone calls and it's not targeting your emails unless it's getting an individualized court order," Obama told Charlie Rose in an interview broadcast Monday night on PBS.

Furthermore, Obama said, such a court order would result only if the FBI could demonstrate probable cause to a judge. "[It's] the same way it's always been, the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause."

4. Obama: This Program Doesn't Track Location Data

While a little location and time data could quickly allow investigators to create positive matches, according to President Obama, the NSA's phone-record interception program doesn't capture location data. "There are two programs that were revealed by Mr. Snowden, allegedly. ... Program number one, called the 2015 Program, what that does is it gets data from the service providers like a Verizon in bulk, and basically you have call pairs," Obama explained. "You have my telephone number connecting with your telephone number. There are no names. There is no content in that database. All it is, is the number pairs, when those calls took place, how long they took place. So that database is sitting there."

Given a "reasonable, articulable suspicion that this might involve foreign terrorist activity related to Al-Qaeda and some other international terrorist actors" -- perhaps from the CIA or New York Police Department -- then the NSA, with a court order, will perform narrow queries on the database to see if the phone number has been recorded, and if so, what other numbers it was used to contact. At that point, Obama explained, a related report will be generated and passed to the FBI.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
6/26/2013 | 3:05:36 AM
re: What Prism Knows: 8 Metadata Facts
The major problem with Mr. Lewis' point is that if we had a benevolent government that we could trust, this would be an entirely different kettle of fish. Problem is, in 2013, there's a serious divide in the American political spectrum and programs like these can be abused for political gains. One needs only look at the fallout surrounding the IRS scandal to rest assured of that and the point hat Marlinspike brings up not only echoes that but amplifies it.

People need to remember that there is an entire cottage industry out there based solely on the collection and aggregation of your personal data and the resale of that data to organizations for any use they deem fit - whether it be advertising (a benign use) or something more sinister.

The really major issue that I have with these programs is that public knowledge of these collection efforts leads to interest from organizations that don't have the best interests of the American people at heart.

Imagine what happens if a group like Anonymous or an enemy power gains access to all of your personal data. Would you ever feel safe again? And given that the number of attacks is escalating on a year over year basis as well... it's just a matter of time. Identity theft may well be the tip of the iceberg...

Andrew Hornback
InformationWeek Contributor
User Rank: Apprentice
6/21/2013 | 5:24:36 PM
re: What Prism Knows: 8 Metadata Facts
The argument by Lewis: if it safeguards people's political liberties, then
capturing metadata is a useful technique. "The essential political
rights are freedom of expression and assembly, freedom from arbitrary
detention, and the right to petition the government for a redress of
grievances," Lewis said. "If these four rights are protected, surveillance is immaterial in its effect on civil liberties.

He points to four essential "political liberties" as if they are the ones that count, as if they are the only ones that count. Note that he left out another very important one, the one that is DIRECTLY violated by the NSA practices:

Amendment 4: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The NSA's massive metadata collection is absolutely UNREASONABLE SEARCH. We all know that. Blabbing on about these other four "rights" reminds me of the rich young ruler that obeyed four commandments, but he failed on the biggest one, because he loved his riches more than God.
User Rank: Apprentice
6/19/2013 | 9:22:40 PM
re: What Prism Knows: 8 Metadata Facts
As Bruce Schneier pointed out, the metadata can be more important, and more useful in investigations, than the data. In fact, with "Big Data" research techniques, the metadata can be used to find "key individuals" and clusters of individuals for any community of interest.

That is, the same techniques that are used to identify "potential" terrorists can be used to identify gun control activists, or women's rights activists, or (let's keep this balanced) "states rights" activists.

Once any organization - particularly a government - has this kind of power available, it becomes next to impossible to prevent its use for other purposes than the original intent. There is nothing to prevent the government from deciding that these interest groups are somehow a "danger to the society", and restricting their "freedom of expression and assembly, freedom from
arbitrary detention, and the right to petition the government for a
redress of grievances." Under the circumstances, I believe that
James A. Lewis is being naive to assert that this kind of invasion of privacy is not dangerous.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.