When the NSA's phone tracking was revealed, the agency was quick to point out that it's not listening to phone conversations. But the agency is tracking who you call, when, and for how long — your metadata. Claims that metadata is anonymous have never been fully comforting, especially now: Stanford researchers say connecting an individual's name to phone metadata isn't just easy, it's "trivial."
Jonathan Mayer and Patrick Mutchler collected 5,000 phone numbers from volunteers using an Android app they designed for the research project. In a preliminary, low-effort sweep of public information on Yelp, Google Places, and Facebook, the two researchers were able to match 27% of numbers with an individual name. When they dug a little deeper — Googling 100 phone numbers individually — they matched 60 numbers in just one hour. Adding in the previous sources boosted that to 73.
Then, to simulate the data crunching capabilities of an organisation as huge as the NSA, Mayer and Mutchler ran the 100 phone numbers through Intelius, "a cheap consumer-oriented service" offering reverse phone number lookup and public records searches. This, combined with the prior two search methods, led to a grand total of 91 out of 100 numbers matched with an individual or business.
Recall that the NSA has defended itself by saying it only compels phone companies to turn over phone numbers, not names. Of course, there's a workaround that allows the FBI to issue a National Security Letter, a document requiring no judicial oversight, compelling companies to disclose names. Even if that wasn't the case, if two academics running a quick-and-dirty experiment on a shoestring budget can identify phone numbers with 91% accuracy, it's not hard to believe that an organisation with the NSA's largesse could close that 9% gap. [Web Policy Blog via The Atlantic]
Image: Shutterstock / bikeriderlondon