Forgot your password?
typodupeerror
Privacy Security United States

Researchers Connect 91% of Numbers With Names In Metadata Probe 84

Posted by samzenpus
from the looking-at-the-list dept.
Trailrunner7 writes "One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency's collection of phone metadata is that the information it's collecting, such as phone numbers and length of call, can't be tied to the callers' names. However, some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort. The Stanford researchers recently started a program called Metaphone that gathers data from volunteers with Android phones. They collect data such as recent phone calls and text messages and social network information. The goal of the project, which is the work of the Stanford Security Lab, is to draw some lines connecting metadata and surveillance. As part of the project, the researchers decided to select a random set of 5,000 numbers from their data and see whether they could connect any of them to subscriber names using just freely available Web tools. The result: They found names for 27 percent of the numbers using just Google, Yelp, Facebook and Google Places. Using some other online tools, they connected 91 of 100 numbers with names."
This discussion has been archived. No new comments can be posted.

Researchers Connect 91% of Numbers With Names In Metadata Probe

Comments Filter:
  • Data is data: aka valuable information. And as we in the IT world know, a little metadata goes a long way.

  • I thought Metaphone [wikipedia.org] was a spell check algorithm [php.net] designed to improve on Soundex [wikipedia.org]
  • No shit (Score:4, Informative)

    by oodaloop (1229816) on Monday December 23, 2013 @05:03PM (#45769705)
    Phone numbers are listed in things like telephone books. NSA (and other intelligence agencies; let's not forget about the rest of them) have been ingesting telephone directories, business cards, public records, FB pages, ad nauseum into massive databases for many years so that a new name/number/address/email etc can be matched to known correlates.
    • Re:No shit (Score:5, Informative)

      by icebike (68054) on Monday December 23, 2013 @05:23PM (#45769857)

      Phone numbers are listed in things like telephone books. NSA (and other intelligence agencies; let's not forget about the rest of them) have been ingesting telephone directories, business cards, public records, FB pages, ad nauseum into massive databases for many years so that a new name/number/address/email etc can be matched to known correlates.

      Even metadata consisting only of Cell numbers are available to the NSA because they have access to all the carriers records [aclu.org] as well.

      Even a "Burner" [gigaom.com] phone is traceable in the US.

      There is no such thing as "metadata", and there hasn't been for a long time.

      • by AHuxley (892839)
        Any mobile phone is trackable due to the vast interest in keeping and tracking voice prints. Colombia in the early 1990's was the first real very 'public' use.
        Cloning, hardware changes did not offer any protection from total telco surveillance.
        That same tech is now cheap and global.
    • by ZouPrime (460611)

      Not only that, but *obviously* they have the ability to associate a number with someone at some point - if not, then what is the point in collecting and analysing anything? Metadata doesn't allow you to see the *content* of a call, but obviously it has to give you some information or you wouldn't bother with it.

      • by sumdumass (711423)

        Well, the working claim was that in order to associate a name with the number, that had to get a warrant and ask the provider who owns the number. Of course this ignores things like a crisscross directory that allows you to look up names from numbers and street addresses but i don't think they expected the public to think that far.

        What this research does is shows how they do not need a warrant or special information from the service providers. It shows how availible most this information is and how it is re

        • 99% of the public is not even aware of a what a criss-cross directory is and how it can be used or abused.
          • Wow - that makes me part of the 1%? I learned about those directories even before I had internet access. Admittedly, I didn't have ready access to such a directory until after I had internet, but I was very much aware that one could use a phone number to find an address, along with the name of the person who paid for the phone number.

    • Phone numbers are listed in things like telephone books.

      Of course. Before I read the summary, I never heard anyone claim that numbers cannot be connected to names, and it certainly wasn't a "key tenet" justifying NSA spying. In fact, being able to trace suspicious calls back to an identifiable person is the whole point.

    • by rubycodez (864176)

      cell numbers are in phone books? not in my neighborhood

      • Hmmm. Not exactly in the phone book - but you've got me wondering. Is there, or is there not, a directory somewhere that might enable Average Joe, the campus activist, to look people up? It's pretty sure that the NSA can look you up any time they like. Gotta leave for work in a few minutes, but I'm leaving this tab open as a reminder to see what I can see when I get home . . . .

        OOOOOHHHHHH!!!!!! The very top hit on my first Google search!

        http://www.nationalcellulardirectory.com/ [nationalce...ectory.com]

        So there is a directory

        • by rubycodez (864176)

          funny, they require email address AND CELL NUMBER to register!

          • LOL, isn't THAT special? You can't register unless you give them the information to add you to the database! What a hoot. I'm not going to bother even supplying a fake number with a throwaway email. But, at least we know that there are one or more directories, apparently fishing for the information needed to grow.

  • Wha'? (Score:4, Informative)

    by 93 Escort Wagon (326346) on Monday December 23, 2013 @05:04PM (#45769715)

    One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency's collection of phone metadata is that the information it's collecting, such as phone numbers and length of call, can't be tied to the callers' names.

    I don't believe I've heard anyone, in the government or not, make that claim. What possible good would metadata be to them if they couldn't associate it with an individual?

    What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.

    • Re:Wha'? (Score:5, Interesting)

      by s.petry (762400) on Monday December 23, 2013 @05:21PM (#45769845)
      Then you have not listened to much of the debate. Clapper and others in offices have stated that metadata is completely anonymous and therefor not a risk. They have also said what you note. This is a campaign of denial and deceit trying to cover all possible ground. Additionally, TV media has been pretty silent on the issues so they are trying to keep things quiet and away from the masses.
      • by timeOday (582209)

        "Clapper and others in offices have stated that metadata is completely anonymous and therefor not a risk."

        Cite?

        • You might as well watch the 60 Minutes [cbsnews.com] segment. The metadata discussion, and a demonstration of the analysis, is near the beginning and in the transcript.

        • by s.petry (762400)
          You could look up the Clapper testimony, where he claimed in front of a Congressional hearing that they did not get personal data and if they did it would be expunged/ignored (can't remember the exact verbiage). Google with this string "NSA claims metadata harmless" and you will find plenty.
          • by timeOday (582209)
            Harmless is one thing; anonymous is the point in question.
            • by s.petry (762400)
              I see, so being pedantic for no real reason, except for perhaps ego.
            • by s.petry (762400)
              To be less of a dick (pardon me) The Clapper testimony stated that they could not see personal data. That statement is exactly the definition of anonymous. Whether they used the term 'anonymous' or not is not relevant to the point. The point was that they claimed they could not see your personal data, and if they accidentally did they would remove it and not use it.
      • It was openly discussed and even demo'd on 60 minutes. Do you still want to stick with that "keep thing squiet and away from the masses" statement?

        In any event, the NSA merely collects the data. Other agencies like the FBI will request information about the connections. So a phone number is provided to the NSA and the NSA gives them a set of phone numbers associated with the target number. It's up to the requesting agency to track down names and other details.

    • Re:Wha'? (Score:5, Informative)

      by oodaloop (1229816) on Monday December 23, 2013 @05:25PM (#45769867)
      The idea behind using metadata without names is building a network diagram showing who is in contact with whom. If you have one bad guy talking to another through an intermediary, it's not necessarily important to know the name or names of all the people in between, so much as it is important to know that they are in cahoots, so to speak. That information can then be the starting point for further investigation. With massive graphs of this sort, you can start to look for important nodes, identify roles and TTPs (tactics, techniques, and procedures), and flow of information from number and direction of links. I don't support the unconstitutional searching of Americans' data, but I do understand the methodology of network analysis. (IAA Intelligence Analyst)
      • It is demonstrated in the 60 Minutes [cbsnews.com] segment near the beginning.

      • by Anonymous Coward

        yes, but they do have to know which of those numbers belong to a bad guy, which means that they must have a mapping phone->person.
        furthermore, if they know who are the bad guys, why not only tap his phone (which could even be done with a regular court order, no need for secret laws) and any other phone he talks to? why do they have to tap millions of other calls that have no connection in the graph?
        I think that is exactly what people are mad about, because they are going against the "innocent until prove

        • Based on the 60 Minutes [cbsnews.com] segment, if NSA sees something suspicious involving a US number it alerts the FBI of the number. The FBI would then investigate and identify who was involved.

          I suggest watching it, it clarifies things.

    • I don't believe I've heard anyone, in the government or not, make that claim. What possible good would metadata be to them if they couldn't associate it with an individual?

      What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.

      They show how it is done and discuss it in the 60 Minutes [cbsnews.com] segment. It is pretty close to the start after a brief discussion with General Alexander. You can read the transcript and watch the video.

      Briefly, they can chain together the calls from someone that they identify as a terrorist and see where it leads. How many calls, where they go.

      If they run into a US number that looks suspicious they can alert the FBI to start an investigation based off from the phone number. It would be up to the FBI to identi

    • by AHuxley (892839)
      Metadata provided color of law cover in the USA for the NSA to try and offer parallel construction under a vast domestic surveillance.
      Once before an open US court, ideas like collection of phone metadata become legally difficult.
      http://www.freedomwatchusa.org/federal-judge-rules-against-nsa [freedomwatchusa.org]
      http://rt.com/usa/at&t-phone-surveillance-dea-325/ [rt.com] Hemisphere was also interesting reading :)
    • What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.

      It is still garbage. Like Bruce says, metadata is surveillance [schneier.com]:

      Imagine you hired a detective to eavesdrop on someone. He might plant a bug in their office. He might tap their phone. He might open their mail. The result would be the details of that person's communications. That's the "data."

      Now imagine you hired that same detective to surveil that person. The result would be details of

      • by AHuxley (892839)
        Its great thanks to Snowden and many others that the world can now see past terms like "metadata" and understand that they are under constant domestic watch.
        In the past you had to join a political party, be near a protest, have your car licence plate seen near a protest, be found to be writing letters on political topics...have the wrong friends, family, reading the wrong material...
        Now your entire digital life awaits US domestic storage, indexing, sorting and cross referencing. The next step will be dom
  • by redmid17 (1217076) on Monday December 23, 2013 @05:05PM (#45769729)
    Goon on Stanford for confirming this, but it should have been pretty evident how easily the metadata can be used to identify people for a while now. The fact the NSA said it couldn't be used to do so should lead one to believe the opposite right off the bat.
    • This is excellent news for me. Now I have some hard evidence for my Mom:

      Mom: "You never call me.

      Me: "Yes I do . . . just ask the NSA.

    • The NSA never said they don't have the ability, they just said that they don't do it. The leave it to the requesting agency to look into.

  • by Anonymous Coward

    Back in the day they had these things called "reverse lookup phonebooks" which could connect numbers to names at least 90% of the time, probably more. Of course nobody uses paper anymore.

    More recently -- like, maybe two decades ago -- there was a company that sold such listings on CD-ROM.

    Somehow I don't imagine that there's nobody doing that as a web-based service these days, and am shocked that the researchers didn't get a better hit rate. Maybe they didn't want to spend any money. (RTFM? This is Slash

  • With what accuracy (Score:4, Insightful)

    by phorm (591458) on Monday December 23, 2013 @05:43PM (#45769967) Journal

    Just because you've connected 123.233.266.41 with "Bob Smith", doesn't mean you've actually connected to the right person. We've already seen cases where RIAA supoena's to ISP's have gotten the addresses of grandmothers who can barely use email much less file-sharing... so how do we know there "connections" are accurate.

    • by Obfuscant (592200)
      This. I'm amazed it has taken this far into the thread before someone has brought up the analogy to IP addresses and that IP addresses do not identify people.

      Yes, they can find the account name on the "metadata" just like they find the account name on the ISP account that had the lease on the IP address. If anyone even hints that the account name on the latter proves that they used the IP address to do something there would he hundreds of derogatory postings on /. telling them they're ignorant, stupid, a m

      • > But when the NSA says they can't tie a phone number to a specific caller, they're liars and evil.

        Hey, can I borrow your cell phone?

      • by phorm (591458)

        Not quite what I meant. Basically, they can probably do it within XX% accurate, where on a really good day that XX% might be in the 90's... but that still means that some poor bastard in that region between 1-10% could be misidentified and end up on a terrorist watch list with a bag over his head and a secret trial...

      • Say, someone has a phone number and it regularly calls another phone number or set of numbers. You have metadata that validates this connectivity their social media connections, and email addresses where their real names are used. The meta data is not considered in isolation. The MPAA/RIAA hasn't been collecting meta data since the 70's like the NSA has. [wikipedia.org] They don't have the huge data-centers the NSA does. And, you don't have to prove 100% absolutely that the phone number belongs to someone without a sha

    • by dpidcoe (2606549)

      Just because you've connected 123.233.266.41 with "Bob Smith", doesn't mean you've actually connected to the right person. We've already seen cases where RIAA supoena's to ISP's have gotten the addresses of grandmothers who can barely use email much less file-sharing... so how do we know there "connections" are accurate.

      You don't know for sure, but you can get a high degree of probability by cross referencing other things, like connection time, who was contacted, etc. I have a bit of experience in that regard.

      About 10 years ago I used to be part of a server admin community for an FPS game. We published a banlist for confirmed cheaters detected by punkbuster (in its default state it was crap, properly tuned by someone who knows what they're doing it was quite good at catching cheaters) and let people run our banlists and

  • by Cassini2 (956052) on Monday December 23, 2013 @05:45PM (#45769985)

    the NSA automatically identifies telemarketers, and does nothing.

    • by vlueboy (1799360)

      OK, devil's advocate here:
      Marketing and commerce helps the government, despite all the annoyance we the consumers get.
      This resolves into revenue that the government well know they can tax at some point.

      Publicly admitting to spying by doing us a public service like you describe would be great, but doesn't help them right now. Look at the NSA's name. Since what they're doing is covert anyway, they can play the "Commerce is not our jurisdiction because Security and not Commerce is part of our name."

      At the same

    • Don't give them any bright ideas to justify what they're doing.

    • by CycleMan (638982)
      I RTFA. Since a quick free automated process resolved 27% of their 5000 records, they decided to see what a little human time and money could do. They sampled 100 of the 5000, and found data for 91 of them (91%). The sample might not be fully representative of the larger set, or of data in general.
  • "I don't have to listen to your phone calls to know what your doing."

    "If I know every single phone call you made I am able to determine every single person you talked to I can get a pattern about your life that is very very intrusive"

    • by rubycodez (864176)

      for a lot of geeks that wouldn't hold true, we don't use our phone calls to communicate with friends

      now email, chat, forums, other social networking, on the other hand...

Help me, I'm a prisoner in a Fortune cookie file!

Working...