We now know that every day, U.S. phone companies quietly send the government a list of who called whom and when – “telephony metadata” – for every call made on their networks, because of a secret order by the Foreign Intelligence Surveillance Court. It turns out that this has been going on for seven years (and was even reported by USA Today then); the difference now is that the government – uncharacteristically for such a secret intelligence operation – quickly acknowledged the authenticity of the leaked order and the existence of the metadata collection program.

Should we be worried? At least "nobody is listening to our telephone calls” (so the president himself assured us). People breathed a sigh of relief since first learning of the surveillance because surely there’s nothing to worry about when it comes to such seemingly innocuous information – it’s just metadata, after all. Phew!

Unfortunately, metadata still leaves a lot to be concerned about. There’s more to privacy than just the sounds of our voices: Content may be what we say, but metadata is about what we actually do.

>There’s more to privacy than just the sounds of our voices.

And unlike our words, metadata doesn’t lie.

The Metadata Is the Message —————————–

With today's communications technology, is metadata really less revealing than content? Especially when we’re dealing with metadata at the scale that we now know the NSA and FBI are receiving?

Because at such a scale, people’s intuition about the relative invasiveness of content and metadata starts to fail them. Phone records can actually be more revealing than content when someone has as many records and as complete a set of them as the NSA does.

>At such a scale, people’s intuition about the relative invasiveness starts to fail them.

Voice content is hard to process. It ultimately requires at least some human analysis, and that inherently limits the scale at which it can be used, no matter how much raw material the NSA might have. Intelligence agencies are famously backlogged in translating and analyzing even high-priority intercepts. More content only makes the problem worse.

Metadata, on the other hand, is ideally suited to automated analysis by computer. Having more of it just makes it the analysis more accurate, easier, and better. So while the NSA quickly drowns in data with more voice content, it just builds up a clearer and more complete picture of us with more metadata.

But that’s not the most revealing thing about metadata, or the only reason to be concerned about the privacy implications of a massive call records database. Metadata ultimately exposes something deeper, far more than what a target is talking about.

Metadata is* *our context. And that can reveal far more about us – both individually and as groups – than the words we speak.

Matt Blaze

Matt Blaze directs the Distributed Systems Lab at the University of Pennsylvania, where he studies cryptography and secure systems. Prior to joining Penn, Blaze was a distinguished member of technical staff at AT&T Bell Labs. He can be found on Twitter at mattblaze.

Context yields insights into who we are and the implicit, hidden relationships between us. A complete set of all the calling records for an entire country is therefore a record not just of how the phone is used, but, coupled with powerful software, of our importance to each other, our interests, values, and the various roles we play.

The better understood the patterns of a particular group’s behavior, the more useful it is. This makes using metadata to identify lone-wolf Al Qaeda sympathizers (a tiny minority about whose social behavior relatively little is known) a lot harder than, say, rooting out Tea Partiers or Wall Street Occupiers, let alone the people with whom we share our beds.

It is, in effect, a National Relationship Database.

Is This Legal? Can We Opt-Out? ——————————

We might reasonably wonder how any of this could possibly be legal. Doesn't electronic surveillance require a warrant based on evidence of wrongdoing?

Yes, but a peculiarity of U.S. surveillance law gives call metadata less protection than call content. There are generally stricter requirements for wiretaps that intercept call content than for those that obtain only transactional data (the who called whom and when).

While the legal rationale for this distinction is complex, it’s important to know that it has its origins in how landline/ wired telephones worked and were used in the last century. There’s even a legal theory that while the audio of a telephone call is intended only for the person we're talking to, the numbers dialed are legally less “private” because they are given voluntarily to a third party: the phone company.

Metadata is our context. And that can reveal far more about us than the words we speak. Context yields insights into who we are and the implicit, hidden relationships between us.There's also an underlying assumption – reflected by many people’s "phew" reaction once they found out it was "just metadata" – that we don't really care as much about metadata. That it’s inherently less sensitive than content. Being listened in on seems intuitively more invasive than having our records examined. So the law lets the government obtain transactional records more easily, under a lower legal standard than what is required to wiretap call audio.

Still, it's not clear that the NSA program would be legal even under the lower standard for records. Such requests are generally supposed to be limited to those related to an investigation. But here we’re talking about everyone's records, all the time. And beyond the question of whether such a program is legal, we should be asking whether it should be legal.

With modern communications systems – smartphones, email, the web, and so on – we generate far more metadata about us now than ever before. In the 20th century, when the modern rules about call records were established by Congress and the courts, we generated far less metadata each day. The technology available for collecting and examining it was primitive. And its use was limited to specific targets and suspects.

The current rules are a reflection of the technology and politics of the 1970’s. In the aftermath of Watergate, Congress took a broad look at the role of electronic surveillance in national security and eventually created new rules to rein in abuse. But many of these rules were abruptly relaxed after 9/11, with little thought about why and how they got there in the first place.

How much privacy are we giving up – and how much security are we actually gaining?

>The instinct is to use technology to counter technology. It’s not so easy.

Individually, there’s not much we can do to opt out. As a technologist, my instinct is to use technology to counter technology. It’s not so easy. Content can be protected, somewhat inconveniently yet effectively enough, with encryption. But we leave trails of metadata everywhere, anytime we reach out to another person. And while there are techniques (such as Tor) that can defeat metadata traffic analysis under some circumstances, they don’t cover all the ways we communicate.

Meanwhile, how worrisome the metadata program is depends on how the data is actually used. The U.S. isn’t cold war East Germany, and the NSA isn’t the Stasi. But that doesn’t make us immune from the temptation to use a National Relationship Database for political or extralegal ends that have nothing to do with national security. Will President Obama abuse it? Maybe not. But we can be pretty sure President Nixon would have loved it.

Technology has changed. No one envisioned – or could have envisioned – how revealing metadata would become, or how easy it would become to collect. It’s time to rethink the rules again.

Editor: Sonal Chokshi @smc90