What Does It Mean When the NSA Has Your Number?
When the NSA collects telephone-calling records for millions of Americans, what are the odds your data may be swept up in the search for potential terror suspects?
Until recently, the answer came down to a practice called “three-hop analysis.” That means the government had the authority to look at the call detail records, or “telephony metadata,” of a suspected terrorist, plus the records for all of his contacts, then records for each of those contacts and lastly, the data for those associations. Think Six Degrees of Kevin Bacon.
The Edward Snowden revelations changed that. In December, a presidential review board found that in only “a very few instances, NSA makes a third hop.” One month later, President Obama announced he would limit the NSA to two jumps. The announcement was seen as a win for privacy advocates, but a closer look suggests the decision may not make such a drastic difference after all.
Two jumps alone can still net the NSA a massive trove of data. “If we assume that the average telephone number called or was called by 100 phone numbers,” noted the president’s review board, “… the query will produce a list of 10,000 phone numbers (100 x 100) that are two ‘hops’ away from the person reasonably believed to be associated with a foreign terrorist organization.”
But even that estimate may be conservative. Consider a recent study by researchers at Stanford University. Starting last November, they began gathering — with permission — the same type of telephone metadata collected in bulk by the NSA from users of a mobile phone app they developed for Android devices.
The project is a first-of-its kind analysis of the NSA’s surveillance techniques based on live telephone metadata.
The researchers entered the study expecting to find little more than a diffuse social network. After all, just two people in a sample of close to 600 participants had held a single call together.
What they found instead is that 90 percent of participants could be linked in some way, and that at least one in 10 could be connected in just two hops.
“If you step back and make some rough assumption that this maps roughly the U.S. population, that’s pretty sweeping that two hops in expectation of a single phone number could get you something like 10 percent of the entire American phone subscribers’ phone metadata,” said Jonathan Mayer, one of the project’s co-authors.
Mayer acknowledged that participants were self-selecting — they had to opt into the study, and they needed to have both an Android device and a Facebook account. But, he noted, “the issues we identified were pervasive, and their underlying causes weren’t sample-specific.”
The reason for such close connections is that even though participants were not calling one another, they were all calling — or being called by — the same small collection of high-frequency phone numbers.
For example, the most common nonparticipant phone number in the study was the number for T-Mobile’s voicemail system. The number is available to T-Mobile’s 47 million U.S. customers, and in the study it connected about one-in-five participants in two hops. Likewise, calls to or from Skype connected roughly 10 percent of participants in two hops. For calls to or from Comcast, it was 7 percent. Calls to FedEx, 4 percent.
Another surprise finding was the role played by robocallers, such as telemarketers. By their very design, these numbers are intended to contact as many individuals as possible and in the study they were responsible for connecting as many as 2.6 percent of participants in two hops.
Perhaps more troubling for critics of the government’s mass surveillance efforts are the personal details researchers were able to uncover about participants based solely on their metadata.
In one instance, researchers discovered a participant’s cardiac arrhythmia based on calls a participant made to a medical laboratory, a specialty pharmacy and the home reporting hotline for a medical device used to monitor the condition. In another case, they were able to pinpoint the type of assault rifle owned by a participant based on that person’s calls with a firearm store that specializes in the AR semiautomatic rifle, and the customer service line for a manufacturer of the AR line. Metadata from the phone calls also allowed the researchers to glean other sensitive details about their sample population, including their religious affiliation or relationship status.
Defenders of these programs have emphasized that the government is collecting “just metadata,” stressing that no one is listening in on the content of Americans’ phone calls. The study suggests, however, that metadata can be highly revealing.
To be sure, while the NSA may have access to such information, that does not mean the agency is regularly poring through Americans’ personal data. The Obama administration has stressed that under rules approved by the Foreign Intelligence Surveillance Court, just 22 people at NSA were allowed to approve searches of the agency’s database of telephone metadata. The agency told the president’s review board that in 2012, it queried the database 288 times.
Still, Mayer warned, if an average American’s data is somehow swept into an investigation into suspected terrorist activity, the privacy implications are obvious.
“You don’t need a Ph.D. in computer science to figure out what’s going on here,” said Mayer. “It’s difficult to believe an agency with the NSA’s capacity would have any difficulty drawing these sorts of inferences.”