Worse Than You Thought: NSA Telephone Metadata May Not Be Anonymous

nsa-phone-metadataSince the first of many leaked documents showed that the NSA has been gathering phone records en masse as part of its anti-terrorism program, there’s been an ongoing fight over just what these records reveal. To supporters, the metadata collection is a limited system that’s rarely queried and doesn’t contain enough information to be considered an invasive search: the NSA has said it doesn’t collect either the content of calls or the names attached to phone numbers. removing names from a database doesn’t effectively mean much.

Last month, Patrick Mutchler and Jonathan Mayer released an Android app called MetaPhone that allowed them to pull phone records — with permission — from users’ phones. In an ongoing series, they’re now showing what can be gleaned from that information: most recently, how easy it is to correlate numbers with names. First, they simply pulled 5,000 numbers from their MetaPhone dataset and checked them against Facebook, Yelp, and Google Places; these three services let them match 27.1 percent of the numbers with a name or business. From there, they looked at a smaller set of 100 numbers, approximating what might happen if a team of analysts manually searched through metadata. A Google search of each number pulled up an individual or business name for 60 of the 100 in under an hour; running the numbers through the Intelius public records database identified 74 of them. By combining the results of all searches, Mutchler and Mayer could identify 91 of the numbers — and, as they rightly point out, they have access to much less information than the NSA, though 100 numbers is a tiny, nonrepresentative fragment of the full database.

The NSA’s counter has consistently been that even if these technological capabilities exist, they haven’t been misused, making privacy fears mostly theoretical. Nonetheless, the agency is increasingly being pushed towards dismantling its in-house phone record database.

Back to top