Skip to main content

Uh oh! Connecting your phone metadata to your real name is surprisingly easy

Why does the NSA need your phone records

Since the first round of NSA programs leaked by Edward Snowden hit the press in June, the Obama administration and the spy agency have maintained that its practice of collecting the phone metadata of every phone call in the United States is not a violation of privacy.

“What [one NSA program] does is it gets data from the service providers – like a Verizon – in bulk,” President Obama explained to PBS News’ Charlie Rose in a June interview. “And basically you have call pairs. You have my telephone number connecting with your telephone number. There are no names, there’s no content in that database. All it is, is the number pairs, when those calls took place, how long they took place.”

True though that may be, researchers at Stanford University have proven that the same metadata that Obama paints as unrevealing can be easily linked to callers’ names – doing so is as simple as performing a Google search.

The study, conducted by researchers at the Stanford Security Lab, used phone call metatdata collected through a specially developed Android app called MetaPhone, through which users voluntarily gave the researchers access to their call records. As researcher Patrick Mutchler explains in a blog post about the study, the team randomly pulled 5,000 numbers from the MetaPhone data pool, then searched them through Google Places, Yelp, and Facebook directories.

“With little marginal effort and just those three sources – all free and public – we matched 1,356 (27.1 percent) of the numbers,” wrote Mutchler. “Specifically, there were 378 hits (7.6 percent) on Yelp, 684 (13.7 percent) on Google Places, and 618 (12.3 percent) on Facebook.”

Presuming the NSA has more money and manpower to put into this kind of search analysis, the team then reduced the number of random phone numbers to 100 and spent less than an hour searching them through Google. Of those numbers, the team was able to link 60. “When we add in our three initial sources, we were up to 73,” Mutchler explains.

The team then used a relatively inexpensive data broker service, Intelius, to take their search one step further. That effort brought the total up to 91 phone numbers linked to real names.

“If a few academic researchers can get this far this quickly, it’s difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers,” wrote Mutchler.

While metadata does not expose the contents of calls or other communications, experts believe it can be used to derive far more information about people than reading an email or listening in on a phone call can. It is for this reason, among others, that a federal judge recently decided that the NSA’s bulk telephone metadata collection is likely unconstitutional.

For those of you interested in helping further Stanford’s study of metadata, you can download an updated version of MetaPhone here.

(via Threat Post)

Editors' Recommendations