Identities of cannabis grower, woman seeking an abortion and MS sufferer inferred in study that confirms danger of widespread access to metadata

This article is more than 6 years old

This article is more than 6 years old

Warnings that phone call “metadata” can betray detailed information about your life has been confirmed by research at Stanford University. Researchers there successfully identified a cannabis cultivator, multiple sclerosis sufferer and a visitor to an abortion clinic using nothing more than the timing and destination of their phone calls.

Jonathan Mayer and Patrick Mutchler, the researchers behind the finding, used data gleaned from 546 volunteers to assess the extent to which information about who they had called and when revealed personally sensitive information.

The research aimed to answer questions raised by the NSA wiretapping revelations, where it was revealed that the US intelligence agency collects metadata - but not content - of millions of phone calls on mobile networks.

No harm?

The researchers cite statements like that of President Obama, that the NSA was “not looking at content,” and ask whether the legal distinction between metadata and content is matched by harm reduction in the real world.

“Is it easy to draw sensitive inferences from phone metadata,” they ask. “How often do people conduct sensitive matters by phone, in a manner reflected by metadata?”

The volunteers providing the data installed an app called “MetaPhone” on their Android phones, which passed information about who they had called, as well as what was on their public Facebook profile, to Mayer and other researchers at the Stanford Security Laboratory.

“During our analysis, we encountered a number of patterns that were highly indicative of sensitive activities or traits,” he explains in the paper on the team’s research. “Though most MetaPhone participants consented to having their identity disclosed, we use pseudonyms in this report to protect participant privacy.”

One participant “communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.” Another “had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.”

A third, over the span of three weeks, “contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.”

“Owing to the sensitivity of these matters”, Mayer explains that the researchers elected not to contact the three participants for confirmation that their inferences were correct.

Speaking to the Guardian, Mayer cautioned that “the MetaPhone dataset is, to be sure, not statistically representative of the American population. In addition to opting in, participation requires an Android phone and a Facebook account.”

But he emphasised that the results “are strongly suggestive of the sensitivity in NSA and telecom databases.”

A further aspect of the study looked at the amount of sensitive information that can be revealed by the metadata of a single phone call. Almost a third of those in the dataset, which covered three months of calls, contacted a pharmacy, while 10% of them contacted a recruiting service.

Meanwhile 8% contacted religious institutions; of those who did and had given their religion on Facebook, almost three-quarters contacted the religious institution aligned with their faith - suggesting that that would be a strong indicator of religious alignment on its own.

“Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more,” the researchers write. “This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.”

Mayer previously discovered that Google was hacking user cookies in Apple’s Safari browser in order to show tailored adverts, for which it was fined $17m.

• The NSA/GCHQ metadata reassurances are breathtakingly cynical