Published on Friday, June 7, 2013 by Reuters
Why the U.S. Government Wants Your Metadata
by Ben Wizner and Jay Stanley
In the wake of The Guardian’s remarkable revelation Wednesday that the National Security Agency is collecting phone records from millions of Americans, defenders of this dragnet surveillance program are insisting that the intelligence agency isn’t eavesdropping on the calls – it’s just scooping up “metadata.” The implication is that civil liberties complaints about Orwellian surveillance tactics are overblown.
nsaBut any suggestion that Americans have nothing to worry about from this dragnet collection of communications metadata is wrong. Even without intercepting the content of communications, the government can use metadata to learn our most intimate secrets – anything from whether we have a drinking problem to whether we’re gay or straight. The suggestion that metadata is “no big deal” – a view that, regrettably, is still reflected in the law – is entirely out of step with the reality of modern communications.
So what exactly is metadata? Simply, if the “data” of a communication is the content of an email or phone call, this is data about the data – the identities of the sender and recipient, and the time, date, duration and location of a communication. This information can be extraordinarily sensitive. A Massachusetts Institute of Technology study a few years back found that reviewing people’s social networking contacts alone was sufficient to determine their sexual orientation. Consider, metadata from email communications was sufficient to identify the mistress of then-CIA Director David Petraeus and then drive him out of office.
The “who,” “when” and “how frequently” of communications are often more revealing than what is said or written. Calls between a reporter and a government whistleblower, for example, may reveal a relationship that can be incriminating all on its own.
Repeated calls to Alcoholics Anonymous, hotlines for gay teens, abortion clinics or a gambling bookie may tell you all you need to know about a person’s problems. If a politician were revealed to have repeatedly called a phone sex hotline after 2:00 a.m., no one would need to know what was said on the call before drawing conclusions. In addition sophisticated data-mining technologies have compounded the privacy implications by allowing the government to analyze terabytes of metadata and reveal far more details about a person’s life than ever before.
As technology advances, the distinction between data and metadata can be hard to distinguish. If a Website’s content is data, is the Website’s address metadata? The government has argued it is.
But like the list of books we check out of a library, the sites we “visit” online are really a list of things we’ve read. Not only do URLs often contain content – such as search terms embedded within them – but the very fact that we’ve visited a page with a URL such as “www.webmd.com/depression” can be every bit as revealing as the content of an email message.
oasswirdFor this reason, law enforcement and intelligence agencies have long appreciated the value of metadata, and the outdated view that metadata surveillance is far less invasive than eavesdropping has allowed those agencies to use powerful surveillance tools with relatively little judicial oversight.
They can do this because, decades ago, long before the Internet altered all aspects of modern communication, the Supreme Court ruled that when we voluntarily divulge personal information to any third party, we waive our privacy rights and lose all Fourth Amendment protection over that information.
That decision would make sense if it was about, for example, why we can’t reasonably expect something to remain private when we loudly boast about it in a bar. But the court extended that logic to phone calls. The argument was that since we “share” the phone numbers we dial with the phone company – which needs that information to connect the call – we can’t claim any constitutional protection when the government asks for that data.
After the Supreme Court took this wrong turn in the 1970s, Congress compounded in the 1980s by codifying a lesser standard of protection for metadata. But neither the court nor Congress could have foreseen that NSA supercomputers would one day be able to mine that metadata to construct comprehensive pictures of our lives.
So we shouldn’t be comforted when government officials reassure us that they’re not listening to our communications – they’re merely harvesting and mining our metadata. In a digital world, metadata can be used to construct nuanced portraits of our social relationships and interactions.
It’s long past time for Congress to update our surveillance and privacy laws to ensure that before the government can go digging through our digital lives, it needs to demonstrate to a judge that it has good reason to believe we’ve done something wrong.
© 2013 Reuters
Ben Wizner is the Director of ACLU’s Speech, Privacy & Technology Project, which is dedicated to protecting and expanding the First Amendment freedoms of expression, association, and inquiry
Jay Stanley is Senior Policy Analyst with the ACLU’s Speech, Privacy and Technology Project, where he researches, writes and speaks about technology-related privacy and civil liberties issues and their future. He is the Editor of the ACLU’s “Free Future” blog and has authored and co-authored a variety of influential ACLU reports on privacy and technology topics.