Researchers Connect 91% of Numbers With Names In Metadata Probe 84
Trailrunner7 writes "One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency's collection of phone metadata is that the information it's collecting, such as phone numbers and length of call, can't be tied to the callers' names. However, some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort. The Stanford researchers recently started a program called Metaphone that gathers data from volunteers with Android phones. They collect data such as recent phone calls and text messages and social network information. The goal of the project, which is the work of the Stanford Security Lab, is to draw some lines connecting metadata and surveillance. As part of the project, the researchers decided to select a random set of 5,000 numbers from their data and see whether they could connect any of them to subscriber names using just freely available Web tools. The result: They found names for 27 percent of the numbers using just Google, Yelp, Facebook and Google Places. Using some other online tools, they connected 91 of 100 numbers with names."
Re:This is god. (Score:5, Funny)
Please clarify:
1. We are bastards. We need to get raped by a horse.
-or- 2. We are having sex with bastards. The bastards need to get raped by a horse.
Re: (Score:3)
... and now it's linked to Noël Coward!
Metadata was never an excuse for surveillance (Score:1)
Data is data: aka valuable information. And as we in the IT world know, a little metadata goes a long way.
Metaphone (disambiguation) (Score:2)
Re: (Score:3)
Combine that with the Levenshtein distance [wikipedia.org] you can get some good results.
No shit (Score:4, Informative)
Re: (Score:3)
I never heard about that program. How do you know about it? Did you work on that program or something?
If they haven't been adding public phone book data to their databases then they'd have to be awfully incompetent - that data is commercially available and (relatively) cheap to purchase.
Re:No shit (Score:5, Informative)
Phone numbers are listed in things like telephone books. NSA (and other intelligence agencies; let's not forget about the rest of them) have been ingesting telephone directories, business cards, public records, FB pages, ad nauseum into massive databases for many years so that a new name/number/address/email etc can be matched to known correlates.
Even metadata consisting only of Cell numbers are available to the NSA because they have access to all the carriers records [aclu.org] as well.
Even a "Burner" [gigaom.com] phone is traceable in the US.
There is no such thing as "metadata", and there hasn't been for a long time.
Re: (Score:2)
Cloning, hardware changes did not offer any protection from total telco surveillance.
That same tech is now cheap and global.
Re: (Score:2)
Not only that, but *obviously* they have the ability to associate a number with someone at some point - if not, then what is the point in collecting and analysing anything? Metadata doesn't allow you to see the *content* of a call, but obviously it has to give you some information or you wouldn't bother with it.
Re: (Score:3)
Well, the working claim was that in order to associate a name with the number, that had to get a warrant and ask the provider who owns the number. Of course this ignores things like a crisscross directory that allows you to look up names from numbers and street addresses but i don't think they expected the public to think that far.
What this research does is shows how they do not need a warrant or special information from the service providers. It shows how availible most this information is and how it is re
crisscross directory (Score:2)
Re: (Score:2)
Wow - that makes me part of the 1%? I learned about those directories even before I had internet access. Admittedly, I didn't have ready access to such a directory until after I had internet, but I was very much aware that one could use a phone number to find an address, along with the name of the person who paid for the phone number.
Re: (Score:3)
Phone numbers are listed in things like telephone books.
Of course. Before I read the summary, I never heard anyone claim that numbers cannot be connected to names, and it certainly wasn't a "key tenet" justifying NSA spying. In fact, being able to trace suspicious calls back to an identifiable person is the whole point.
Re: (Score:2)
cell numbers are in phone books? not in my neighborhood
Re: (Score:3)
Hmmm. Not exactly in the phone book - but you've got me wondering. Is there, or is there not, a directory somewhere that might enable Average Joe, the campus activist, to look people up? It's pretty sure that the NSA can look you up any time they like. Gotta leave for work in a few minutes, but I'm leaving this tab open as a reminder to see what I can see when I get home . . . .
OOOOOHHHHHH!!!!!! The very top hit on my first Google search!
http://www.nationalcellulardirectory.com/ [nationalce...ectory.com]
So there is a directory
Re: (Score:2)
funny, they require email address AND CELL NUMBER to register!
Re: (Score:2)
LOL, isn't THAT special? You can't register unless you give them the information to add you to the database! What a hoot. I'm not going to bother even supplying a fake number with a throwaway email. But, at least we know that there are one or more directories, apparently fishing for the information needed to grow.
Re: (Score:2)
When it's discovered that the NSA was installing apps on phones that collected calls+texts+social media you might then have a point. Please, take a step back and try finding out who owns the phone when all you have is a pile of "this one called that one" data...
Already been done.
Since before 2009, NSA can even figure out who owns burner phones. Its all done thru metadata [gigaom.com].
Re: (Score:1)
When it's discovered that the NSA was installing apps on phones that collected calls+texts+social media you might then have a point.
The users are installing the apps (Facebook, etc.). The companies who run the apps are cooperating with NSA. If you haven't "discovered" that by now, well I'm not sure there's much hope left for you.
Wha'? (Score:4, Informative)
One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency's collection of phone metadata is that the information it's collecting, such as phone numbers and length of call, can't be tied to the callers' names.
I don't believe I've heard anyone, in the government or not, make that claim. What possible good would metadata be to them if they couldn't associate it with an individual?
What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.
Re:Wha'? (Score:5, Interesting)
Re: (Score:2)
Cite?
Re: (Score:2)
You might as well watch the 60 Minutes [cbsnews.com] segment. The metadata discussion, and a demonstration of the analysis, is near the beginning and in the transcript.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:1)
It was openly discussed and even demo'd on 60 minutes. Do you still want to stick with that "keep thing squiet and away from the masses" statement?
In any event, the NSA merely collects the data. Other agencies like the FBI will request information about the connections. So a phone number is provided to the NSA and the NSA gives them a set of phone numbers associated with the target number. It's up to the requesting agency to track down names and other details.
Re:Wha'? (Score:5, Informative)
Re: (Score:3)
It is demonstrated in the 60 Minutes [cbsnews.com] segment near the beginning.
Re: (Score:1)
yes, but they do have to know which of those numbers belong to a bad guy, which means that they must have a mapping phone->person.
furthermore, if they know who are the bad guys, why not only tap his phone (which could even be done with a regular court order, no need for secret laws) and any other phone he talks to? why do they have to tap millions of other calls that have no connection in the graph?
I think that is exactly what people are mad about, because they are going against the "innocent until prove
Re: (Score:2)
Based on the 60 Minutes [cbsnews.com] segment, if NSA sees something suspicious involving a US number it alerts the FBI of the number. The FBI would then investigate and identify who was involved.
I suggest watching it, it clarifies things.
Re: (Score:1)
Your statement makes no sense whatsoever.
Re: (Score:3)
I don't believe I've heard anyone, in the government or not, make that claim. What possible good would metadata be to them if they couldn't associate it with an individual?
What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.
They show how it is done and discuss it in the 60 Minutes [cbsnews.com] segment. It is pretty close to the start after a brief discussion with General Alexander. You can read the transcript and watch the video.
Briefly, they can chain together the calls from someone that they identify as a terrorist and see where it leads. How many calls, where they go.
If they run into a US number that looks suspicious they can alert the FBI to start an investigation based off from the phone number. It would be up to the FBI to identi
Re: (Score:2)
Once before an open US court, ideas like collection of phone metadata become legally difficult.
http://www.freedomwatchusa.org/federal-judge-rules-against-nsa [freedomwatchusa.org]
http://rt.com/usa/at&t-phone-surveillance-dea-325/ [rt.com] Hemisphere was also interesting reading
Re: (Score:2)
What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.
It is still garbage. Like Bruce says, metadata is surveillance [schneier.com]:
Re: (Score:2)
In the past you had to join a political party, be near a protest, have your car licence plate seen near a protest, be found to be writing letters on political topics...have the wrong friends, family, reading the wrong material...
Now your entire digital life awaits US domestic storage, indexing, sorting and cross referencing. The next step will be dom
This is my shocked face (Score:4, Insightful)
Re: (Score:2)
1) "We tap data, but it's anonymous and we can't do anything with it". That's unbelievable, because their mission is to spy, and tapping useless data is not in their own interest.
2) "We did overreach". That's believable, because otherwise, they would be copping the blame for something they didn't do, which is not in their own self intere
Re: (Score:2)
This is excellent news for me. Now I have some hard evidence for my Mom:
Mom: "You never call me.
Me: "Yes I do . . . just ask the NSA.
Re: (Score:1)
The NSA never said they don't have the ability, they just said that they don't do it. The leave it to the requesting agency to look into.
Re: (Score:2)
Also, phone numbers are trivial to remember and trivial to use public search tools on. There's nothing preventing someone who works with the metadata from remembering a handful of numbers, then going home and doing things with them on their own time.
Back in the day.. (Score:1)
Back in the day they had these things called "reverse lookup phonebooks" which could connect numbers to names at least 90% of the time, probably more. Of course nobody uses paper anymore.
More recently -- like, maybe two decades ago -- there was a company that sold such listings on CD-ROM.
Somehow I don't imagine that there's nobody doing that as a web-based service these days, and am shocked that the researchers didn't get a better hit rate. Maybe they didn't want to spend any money. (RTFM? This is Slash
With what accuracy (Score:4, Insightful)
Just because you've connected 123.233.266.41 with "Bob Smith", doesn't mean you've actually connected to the right person. We've already seen cases where RIAA supoena's to ISP's have gotten the addresses of grandmothers who can barely use email much less file-sharing... so how do we know there "connections" are accurate.
Re: (Score:2)
Yes, they can find the account name on the "metadata" just like they find the account name on the ISP account that had the lease on the IP address. If anyone even hints that the account name on the latter proves that they used the IP address to do something there would he hundreds of derogatory postings on /. telling them they're ignorant, stupid, a m
Re: (Score:2)
> But when the NSA says they can't tie a phone number to a specific caller, they're liars and evil.
Hey, can I borrow your cell phone?
Re: (Score:1)
Not quite what I meant. Basically, they can probably do it within XX% accurate, where on a really good day that XX% might be in the 90's... but that still means that some poor bastard in that region between 1-10% could be misidentified and end up on a terrorist watch list with a bag over his head and a secret trial...
Re: (Score:2)
Say, someone has a phone number and it regularly calls another phone number or set of numbers. You have metadata that validates this connectivity their social media connections, and email addresses where their real names are used. The meta data is not considered in isolation. The MPAA/RIAA hasn't been collecting meta data since the 70's like the NSA has. [wikipedia.org] They don't have the huge data-centers the NSA does. And, you don't have to prove 100% absolutely that the phone number belongs to someone without a sha
Re: (Score:3)
Just because you've connected 123.233.266.41 with "Bob Smith", doesn't mean you've actually connected to the right person. We've already seen cases where RIAA supoena's to ISP's have gotten the addresses of grandmothers who can barely use email much less file-sharing... so how do we know there "connections" are accurate.
You don't know for sure, but you can get a high degree of probability by cross referencing other things, like connection time, who was contacted, etc. I have a bit of experience in that regard.
About 10 years ago I used to be part of a server admin community for an FPS game. We published a banlist for confirmed cheaters detected by punkbuster (in its default state it was crap, properly tuned by someone who knows what they're doing it was quite good at catching cheaters) and let people run our banlists and
In related news ... (Score:5, Insightful)
the NSA automatically identifies telemarketers, and does nothing.
Re: (Score:2)
OK, devil's advocate here:
Marketing and commerce helps the government, despite all the annoyance we the consumers get.
This resolves into revenue that the government well know they can tax at some point.
Publicly admitting to spying by doing us a public service like you describe would be great, but doesn't help them right now. Look at the NSA's name. Since what they're doing is covert anyway, they can play the "Commerce is not our jurisdiction because Security and not Commerce is part of our name."
At the same
Re: (Score:2)
Don't give them any bright ideas to justify what they're doing.
When did 91 out of 5000 become 91% (Score:2)
Please explain.
Re: (Score:2)
Joe Biden's quote of the day (Score:2)
"I don't have to listen to your phone calls to know what your doing."
"If I know every single phone call you made I am able to determine every single person you talked to I can get a pattern about your life that is very very intrusive"
Re: (Score:2)
for a lot of geeks that wouldn't hold true, we don't use our phone calls to communicate with friends
now email, chat, forums, other social networking, on the other hand...