Skip to content

Naked Security

Computer Security News, Advice and Research
  • sophos.com
  • Free Tools
  • Intercept X
Award-winning computer security news
  • Twitter
  • Facebook
  • Google+
  • LinkedIn
  • Feed

Basic phone logs can reveal intimate details, study finds

17 May 2016 0 Law & order, Privacy

Post navigation

Previous: Gunfight at the iOS corral as Apple releases 9.3.2 but bans jailbreak detector app
Next: Apple’s big security update – but some iPad Pro users say they’ve been “bricked”
by Lisa Vaas
  • 0Share on Facebook
  • Share on Twitter
  • Share on Google+
  • Share on LinkedIn
  • Share on Reddit

Following Edward Snowden’s revelations about surveillance, officials have downplayed its programs as being concerned not with the actual content of email or phone calls, but “just” with collecting metadata, as if metadata didn’t reveal just about as much about us as does the content itself.

Metadata, when it comes to phone communications, includes who we call or text, who they contact (that’s called a “hop”), when we call or text, and the duration of each call or length of each message.

Since the surveillance revelations, there have been various studies about how much can be gleaned about us from metadata. The answer: a lot.

Now, researchers at Stanford University in the US have done another study, and their findings confirm that basic, supposedly anonymous phone logs can be used to glean people’s names, where they live, their partners’ names, and intimate personal details.

A sample of the researchers’ vignettes show the type of things they managed to infer:

  • Somebody’s planning to grow weed. Within less than 3 weeks, the subject made calls to a hardware outlet, locksmiths, a hydroponics store, and a head shop.
  • Somebody’s got heart problems. The evidence included a long call from the cardiology group at a regional medical center, brief calls with a medical laboratory, several short calls from a local drugstore, and brief calls to a self-reporting hotline for a cardiac arrhythmia monitoring device.
  • Somebody’s pregnant. Early one morning, the subject was on the phone with her sister for a long time. Two days later, she called a nearby Planned Parenthood clinic several times. Two weeks later, she placed more brief calls to Planned Parenthood, and she placed another short call a month after.

The study involved 823 participants who volunteered to have their metadata collected via an Android app on their phones. The researchers also required participants to have a Facebook account, so as to verify that they were over the age of 18, as well as to verify the accuracy of their results.

Using the default Android API (application program interface), the app collected call and text metadata logs that showed when the call or text was made, whether messages were incoming or outgoing, the other phone number on the call or text message, and the duration of the call or length (in characters) of the text message.

From Facebook, the researchers collected personal information to be used as “ground truth” data for their prediction algorithms. That included gender, relationship status, political leanings, religious affiliation, occupation, current city, check-ins, and interests.

20% off award-winning computer security
Easy-to-use malware, app, and web protection

Using the crowdsourced telephone logs and social network information, the researchers said that they found telephone metadata to be “densely interconnected, susceptible to reidentification, and [that it] enables highly sensitive inferences.”

As such, it kicks the stool out from under the US government’s laissez-faire approach to protecting metadata, they said. Whereas disclosure of content requires law enforcement or intelligence agencies to comply with “extensive substantive and procedural safeguards,” telephone calling records can be had with a mere subpoena: basically, a formal letter from an investigative agency.

The National Security Agency (NSA) had been collecting phone records of millions of Americans until the program was brought to a close by the November 2015 passage of the USA Freedom Act.

The records were supposed to be purged three months later. But that doesn’t mean the data’s actually gone anywhere.

As the Washington Post noted in November, civil litigation brought over the surveillance program may have meant that some or all of the records would have been retained for discovery purposes.

At any rate, the Stanford study has confirmed what the NSA has known for a while: metadata is a treasure trove about individuals’ private lives.

Stewart Baker, NSA former general counsel, in the aftermath of Snowden’s revelations:

Metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.

General Michael Hayden, former director of the NSA and the CIA, called Baker’s comment “absolutely correct.” Not only correct, but an understatement, given his assertion that

We kill people based on metadata.

Patrick Mutchler, a computer security researcher at Stanford, told the Guardian that while the intelligence agencies get it, the public’s largely in the dark about the power of metadata.

The Stanford study is the evidence needed to prove how powerful metadata is, he said:

Now we have hard evidence we can point to that didn’t exist in the past.

Follow @NakedSecurity

Follow @LisaVaas

  • metadata
  • NSA
  • phone metadata
  • Stanford University
  • study
  • surveillance

Free tools

Sophos Home

Sophos Home
for Windows and Mac

XG Firewall Home Edition

XG Firewall
Home Edition

Mobile Security for Android

Mobile Security
for Android

Virus Removal Tool

Virus Removal Tool

Antivirus for Linux

Antivirus
for Linux

Post navigation

Previous: Gunfight at the iOS corral as Apple releases 9.3.2 but bans jailbreak detector app
Next: Apple’s big security update – but some iPad Pro users say they’ve been “bricked”

About the author

Lisa Vaas

Lisa Vaas

Lisa has been writing about technology, careers, science and health since 1995. She rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash and joined the freelancer economy. Alongside Naked Security Lisa has written for CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output.

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. ( Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

w
Cancel

Connecting to %s

Recommended reads

Mar18
by Paul Ducklin
3

What your encrypted data says about you

Sep16
by Lisa Vaas
12

Just how much information can be squeezed from one week of your metadata?

Aug27
by Lee Munson
18

Social media users don’t like discussing Snowden and surveillance online

Jan17
by Lee Munson
10

NSA sweeps up hundreds of millions of text messages daily

Sep19
by Lisa Vaas
13

US secret court publishes rationale for why spying on everybody is OK

Aug01
by Lisa Vaas
26

Newly exposed NSA tool, XKeyscore, sees ‘nearly everything we do online’

SOPHOS

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal

Network Protection

  • XG Firewall
  • UTM
  • Secure Wi-Fi
  • Secure Web Gateway
  • Secure Email Gateway

Enduser Protection

  • Enduser Protection Bundles
  • Endpoint Antivirus
  • Sophos Cloud
  • Mobile Control
  • SafeGuard Encryption
  • Learn More

Server Protection

  • Virtualization Security
  • Server Security
  • SharePoint Security
  • Network Storage Antivirus
  • PureMessage
  • Twitter
  • Facebook
  • Google+
  • LinkedIn
  • Feed
© 1997 - 2018 Sophos Ltd. All rights reserved. Powered by WordPress.com VIP