Why the government wants your metadata
In the wake of The Guardianâ€™s remarkable revelation Wednesday that the National Security Agency is collecting phone records from millions of Americans, defenders of this dragnet surveillance program are insisting that the intelligence agency isnâ€™t eavesdropping on the calls â€“ itâ€™s just scooping up â€śmetadata.â€ť The implication is that civil liberties complaints about Orwellian surveillance tactics are overblown.
But any suggestion that Americans have nothing to worry about from this dragnet collection of communications metadata is wrong. Even without intercepting the content of communications, the government can use metadata to learn our most intimate secrets â€“ anything from whether we have a drinking problem to whether weâ€™re gay or straight. The suggestion that metadata is â€śno big dealâ€ť â€“ a view that, regrettably, is still reflected in the law â€“ is entirely out of step with the reality of modern communications.
So what exactly is metadata? Simply, if the â€śdataâ€ť of a communication is the content of an email or phone call, this is data about the data â€“ the identities of the sender and recipient, and the time, date, duration and location of a communication. This information can be extraordinarily sensitive. A Massachusetts Institute of Technology study a few years back found that reviewing peopleâ€™s social networking contacts alone was sufficient to determine their sexual orientation. Consider, metadata from email communications was sufficient to identify the mistress of then-CIA Director David Petraeus and then Â drive him out of office.
The â€śwho,â€ť â€śwhenâ€ť and â€śhow frequentlyâ€ť of communications are often more revealing than what is said or written. Calls between a reporter and a government whistleblower, for example, may reveal a relationship that can be incriminating all on its own.
Repeated calls to Alcoholics Anonymous, hotlines for gay teens, abortion clinics or a gambling bookie may tell you all you need to know about a personâ€™s problems. If a politician were revealed to have repeatedly called a phone sex hotline after 2:00 a.m., no one would need to know what was said on the call before drawing conclusions. In addition sophisticated data-mining technologies have compounded the privacy implications by allowing the government to analyze terabytes of metadata and reveal far more details about a personâ€™s life than ever before.
As technology advances, the distinction between data and metadata can be hard to distinguish. If a Websiteâ€™s content is data, is the Websiteâ€™s address metadata? The government has argued it is.
But like the list of books we check out of a library, the sites we â€śvisitâ€ť online are really a list of things weâ€™ve read. Not only do URLs often contain content â€“ such as search terms embedded within them â€“ but the very fact that weâ€™ve visited a page with a URL such as â€śwww.webmd.com/depressionâ€ť can be every bit as revealing as the content of an email message.
For this reason, law enforcement and intelligence agencies have long appreciated the value of metadata, and the outdated view that metadata surveillance is far less invasive than eavesdropping has allowed those agencies to use powerful surveillance tools with relatively little judicial oversight.
They can do this because, decades ago, long before the Internet altered all aspects of modern communication, the Supreme Court ruled that when we voluntarily divulge personal information to any third party, we waive our privacy rights and lose all Fourth Amendment protection over that information.
That decision would make sense if it was about, for example, why we canâ€™t reasonably expect something to remain private when we loudly boast about it in a bar.Â But the court extended that logic to phone calls. The argument was that since we â€śshareâ€ť the phone numbers we dial with the phone company â€“ which needs that information to connect the call â€“ we canâ€™t claim any constitutional protection when the government asks for that data.
After the Supreme Court took this wrong turn in the 1970s, Congress compounded in the 1980s by codifying a lesser standard of protection for metadata. But neither the court nor Congress could have foreseen that NSA supercomputers would one day be able to mine that metadata to construct comprehensive pictures of our lives.
So we shouldnâ€™t be comforted when government officials reassure us that theyâ€™re not listening to our communications â€“ theyâ€™re merely harvesting and mining our metadata.Â In a digital world, metadata can be used to construct nuanced portraits of our social relationships and interactions.
Itâ€™s long past time for Congress to update our surveillance and privacy laws to ensure that before the government can go digging through our digital lives, it needs to demonstrate to a judge that it has good reason to believe weâ€™ve done something wrong.
PHOTO (Insert A): An undated aerial handout photo shows the National Security Agency headquarters building in Fort Meade, Maryland. REUTERS/NSA/Handout via Reuters
PHOTO (Insert B): Commander U.S. Forces in Afghanistan General David Petraeus shakes hands with author Paula Broadwell in this ISAF handout photo posted July 13, 2011.Â REUTERS/ISAF/Handout
PHOTO (Insert C): A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin, May 21, 2013.Â REUTERS/Pawel Kopczynski