Since the Snowden leaks, the US government has sought to repair its public image and curtail public knowledge of its invasions of privacy. Before 2015, the US government was allowed access to five years worth of phone metadata from anyone within three hops of a suspected terrorist. In 2015, the most egregious bits of the Patriot Act were allowed to expire and the government’s phone metadata mandate was reduced to two hops and eighteen months. A new study from three Stanford researchers shows that the US government is still able to collect phone metadata on 25,000 people for every single suspected terrorist “seed.” Under the former provisions, the NSA was allowed to spy on up to 20,000,000 phones per single suspected terrorist “seed.” In essence, before 2013, the researchers estimated that the NSA had “legal authority to access telephone records for the majority of the entire US population.”

Sure, the US government has made a really big show of being privacy friendly by letting the Patriot Act’s provisions expire. The amount of scrapable metadata per suspected terrorist has dropped by orders of magnitude. However, the amount of suspected terrorists has also increased at fever pitch in the meantime. It is important to note that metadata is simultaneously becoming more and more useful as the world becomes more interconnected. The average amount of companies/apps with access to your phone’s metadata has drastically increased alongside smartphone penetration over the last several years. The terrorist database still exists and your name can be added to it without any concrete evidence. The NSA now has better pools of metadata to focus their time and efforts on and they have likely not even noticed the downsize in phone data. We are just starting to get the numbers on how phone metadata strips away our privacy – just imagine what kind of privacy our internet metadata gives away.

What information can be garnered from simple phone metadata?

The Stanford researchers analyzed metadata from the phones of 823 volunteers. In total, they had access to metadata (timestamps, duration, parties) about 250,000 calls and 1,200,000 text messages. From this data, the researchers were able to discern current city location for 57% of the volunteers. Additionally, the metadata was able to not only identify whether or not a volunteer had a significant other, but also identify what his or her phone number is. Even more damning was the researcher’s ability to pinpoint private information such as gun ownership and health conditions just from the metadata and then easily verify the inferences through public information sources.

The team at Stanford is hoping that their data, which has somewhat quantified the amount of damage caused by phone metadata surveillance, will help educate policy makers. As more and more of the data coming forward shows “bulk metadata surveillance to be an ineffective intelligence strategy,” we hope that the world and its governments will come to see the folly in unethical mass surveillance without proper checks and balances. In the meantime, be aware that all of metadata, not just your phone’s, is likely still fair game for the NSA.