Metadata And The Law: What Your Smartphone Really Says About You

Can the NSA Really Send a Drone to Bomb Your Phone?

Metadata related to lawful interception has been in the news a bit lately. You may have seen last week the Australian Federal Police (AFP) called for more access to electronic metadata as a Senate committee evaluates Australian mass surveillance laws.

Philip Branch is a Senior Lecturer in Telecommunications at Swinburne University of Technology. This post originally appeared on The Conversation.

Probably most people understand that lawful interception (wiretapping or phonetapping) has moved beyond connecting alligator clips to a phone line, but “metadata” might be a bit of a mystery.

If you have ever wondered why you need to provide identifying information such as a driver’s licence when you purchase a new phone, “metadata” is a big part of the answer.

So What Is Metadata?

Metadata is information about communication, rather than the content of the communication itself.

We are all familiar with metadata. It consists of such things as telephone numbers, email addresses, webpage addresses and the like. It is what we see when we look at our telephone bill.

The reason it is in the news now is that modern telecommunications has caused an explosion in new forms of metadata.

When telecommunications mainly consisted of voice and perhaps short message service (SMS) the actual content of the communications was rarely collected. Capturing, recording, storing and listening to voice conversations was expensive and, at least during the early stages of an investigation, probably of limited value.

What was useful though was information about the call – information as to who was talking to whom and how often, enabled investigators to construct a model of the relationships between those of interest.

Maybe at a later stage conversations would be recorded, but usually intercepts requested by the authorities delivered information about the call, rather than the call itself – in other words, the “metadata”.

Mobile Metadata

Even before smartphones and the internet, metadata from the mobile phone system was surprisingly rich. Metadata could provide information as to whether the call was forwarded and where it was forwarded to, whether or not it was answered, and so on.

Such information is invaluable in building up a model of relationships. But not only did the phone network provide information about the participants to a call, it could also provide approximate information about where the call was made.

Since mobile phones are connected to the network via nearby base stations usually located only a few kilometres away, metadata reporting which basestation the handset is attached to gives location information accurate to a few kilometres.

Also, since the phone is connected to a basestation whenever it is switched on, the phone can provide continuous location information regardless as to whether or not calls are made.

This was the situation with the widely used 2G mobile phone networks which were deployed in Australia during the early 90s and which are still in use. However, telecommunications has moved on a great deal in the past few decades with many more possibilities for investigators.

All the metadata available in the 2G network is available along with much more, but of particular importance is that the way mobile devices are used has changed. Most obviously, mobile devices are used to access internet services.

Enter Mobile Internet...

Mobile internet has been both a blessing and a curse for investigators. Smartphones are used for many more purposes than voice only telephones.

Generally, people use a smartphone much more than they used older types of telephones. Consequently, many new forms of metadata have become available. Email addresses, websites visited, files downloaded all present many new opportunities for investigators to gather metadata.

Not only is material downloaded, but a considerable amount of material is also uploaded.

Pictures, videos, social media updates all provide metadata that could be of use in an investigation. For example, images captured on a smartphone will, unless steps are taken to remove it, contain GPS location information accurate to within a few metres.

Other metadata that might be of interest includes when the image was created, who created it and the device it was created on. Metadata might even be added, perhaps unwittingly, when people tag images with comments.

The proliferation of metadata options has caused problems for investigators too. Any online service that enables communication can be used to thwart interception. For example, most online games contain some messaging feature, and there is no reason why this cannot be used as a way of exchanging messages.

Webmail drafts are another example. In this approach people who wish to communicate do so by sharing an email address from a webmail provider and write drafts of emails which are saved and read by participants, but are never sent. The metadata of interest here is not just the email address, but the identities of those who accessed it.

Integrating metadata from potentially multiple sources is also a challenge. A draft webmail communication as described might involve metadata from the telephone company, an internet service provider (ISP) and the webmail provider.

Because there are so many new possibilities and difficulties regarding metadata the whole area of lawful interception and surveillance has come under frequent review the past decade. There was a proposal last year by the Australian government – since shelved – that all ISPs should store for two years all communications that contained potentially useful metadata.

There are many issues to consider, from both law enforcement and privacy perspectives. No doubt we will hear a lot more about metadata in the next few years.


Comments

    It is a huge invasion of privacy as well as a significant shift away from the fundamental principle of law in a democracy of being presumed innocent until proven guilty, and not being investigated by law enforcement agencies unless a) there were reasonable grounds for suspicion, and b) a warrant.

    But we are all now, in effect, guilty until proven innocent because the intelligence agencies now have that same information about us without having had to demonstrate reasonable suspicion or obtain a warrant. They have completely by-passed the normal legal protection we had. And they are now attempting to restrict the freedom of the press as well to prevent us finding out about it.

    Our western governments led by the USA have slid a long way down that one-way slippery slope that leads to totalitarian rule and abandonment of democracy. The terrifying thing about it is that there is no real justification, apart from feeble and unverified claims of prevention of terrorism. Worse still, no western government has even felt the need to 'prove' justification, they are so sure of the general apathy and disbelief of the population that will allow them to get away with it.

    They are taking us for fools, because that is exactly how we are behaving - we are doing very little to stop them. But one day we will reach the tipping point, where a significantly large enough group of people will force a government to stop the spying and to wind back the clock to restore human rights and freedoms.

      But one day we will reach the tipping point, where a significantly large enough group of people will force a government to stop the spying and to wind back the clock to restore human rights and freedoms.

      We will? I thought we were going to care about it to an extent, but not so much that it becomes an issue every few years when we have to vote for who will do the best job at 'stopping the boats' and 'running the economy' (whatever that involves).

        I am amazed by the underwealming response by the public to our democratic governments (Inc US & UK) as they introduce more invasive measures, and I believe apathy will ensure these are all in place before anything can be done about them.

        The strategy seems to be a relentless rebranding of similar policies if they fail, and release them in secrecy.
        It's not paranoia, it's the obvious trend as governments are increasingly less capable of managing growing populations, lose touch with the people, and continue to work with corporate sponsored agendas.

    "There was a proposal last year by the Australian government – since shelved – that all ISPs should store for two years all communications that contained potentially useful metadata"

    Err check again lads - Abbott's NSC have given it the green light, and the govenment are taking it to parliament later in the year -

    http://www.heraldsun.com.au/business/breaking-news/mandatory-data-retention-scheme-inches-closer-to-reality/story-fnn9c0hb-1227013855548

Join the discussion!

Trending Stories Right Now