Skip to Content

Cybersecurity & Standards, Government Surveillance

When Metadata Becomes Megadata: What the Government Can Learn

What can the government learn from the comprehensive collection of metadata?

The threat of the government collecting the so-called ‘metadata’ of our phone records might seem benign in contrast to the possibility of their listening to the phone calls themselves. Who cares if the government wants to know who you called? Or if they know you took your normal route to work this morning? If you have nothing to hide, you have nothing to fear, right?

The problem is that metadata, although it may not seem like much information compared to actual communications content, can be incredibly revealing, and our day-to-day actions can paint a far more complete picture than we might think. Without understanding the possibility for unintuitive inferences – where information that we think is hidden, or that we don’t even realize exists, can be inferred from observing our actions – we’re likely to severely underestimate how illuminating metadata can be.

While I may not think that my cell phone location records can give away that much, until I consider what can be done with those records in aggregate, I wouldn’t realize that I could be singled out from the larger crowd with only four pieces of rough cell phone location metadata. I also wouldn’t realize that knowledge of my cell phone metadata could allow the federal government to figure out private information I may only share with my closest friends, for example, whether my long-time boyfriend and I finally moved in together, or if I got that promotion at work. These insights – highly personal data produced through analysis of impersonal metadata – are exactly the kinds of revelations that can be made with information that the FBI and NSA have collected in secret under the PATRIOT Act.

To be fair, metadata analysis can lead to positive outcomes as well. Epidemiology and development efforts have benefited from it, and law enforcement officials used real-time production of metadata to help track down the Boston bombing suspects. But the ultimate answer to the question of when and how the NSA should be able to examine our private lives should be informed by an understanding that our private information – whether exposed through data or metadata – should be protected under the Fourth Amendment. When CDT’s Leslie Harris says there’s no ‘algorithm’ exception to the Fourth Amendment, she is talking about when data collection through surveillance ultimately becomes a “search” of aspects of our lives that we intend to keep private but that we cannot effectively hide without abstaining from much of social and economic interaction. This is why CDT has been working in recent years to promote the principles of the Digital Due Process coalition, including the principle that any collection of metadata, whether retrospective or prospective, individualized or bulk, should only be allowed if the government can justify that collection to a court using specific and articulable facts. That’s exactly the same standard that we’ve long pushed for Congress to insert into PATRIOT Section 215, the law that was used and is still being used to obtain all of our phone records.

When paired with emerging ‘big data’ analytics techniques, metadata can ultimately prove to be more valuable, and potentially even more illuminating, than the ‘data’ itself. Right now, the government’s interpretation of PATRIOT Section 215 doesn’t seem properly limited to protect the privacy of innocent Americans. In fact, the collection of this metadata seems unlimited in scope and duration. It would be dangerously naïve to think that metadata shouldn’t be afforded protections against such unlimited collection, and therefore we support recent Congressional efforts to introduce new limits on this unchecked power.