Jump to content

Is metadata private?

swansont

By swansont
in Politics

 Share

Recommended Posts

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Cap'n Refsmmat
Cap'n Refsmmat

Yes.   My view of privacy (based on Daniel Solove's) is that we should not see it as hiding embarrassing or revealing information. Privacy isn't something you need only when you have something to hi

swansont
swansont

I agree — "if you have nothing to hide" is a horrible attitude, and one that is used asymmetrically by the government (e.g. they're often against filming/recording the police in the execution of their

overtone
overtone

The following is possible, without the slightest conspiracy assumption, based on nothing but what has been acknowledged in public by everyone concerned:   A case file has been opened in which metad

Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

Yes.

 

My view of privacy (based on Daniel Solove's) is that we should not see it as hiding embarrassing or revealing information. Privacy isn't something you need only when you have something to hide. Keeping your affairs private is a way to maintain your own freedom of action. The more information other people have about you, the more they can use this information to influence your decisions and behavior.

 

A simple example would be a used car salesman. Obviously, the more you know about the condition of the car, the price the salesman paid for it, and his business practices, the better you can negotiate down the price. The less you know, the more he can bluster about having a wife and four kids to feed and how terrible business is these days.

 

A metadata example might be how Target knows if you're pregnant. Target records metadata about all your purchases and transactions and purchases metadata from other providers, using this to deduce from your purchase history whether you're pregnant. From there they can send targeted advertisements and coupons to influence you into shopping at Target for all of your baby needs.

 

Metadata, then, can't be dismissed as less revealing than, say, the contents of your telephone conversations or emails. There is a surprisingly great deal that can be learned from metadata. This information can be used against you just like your sexts can.

 

We should enforce restrictions on the government use of metadata for surveillance purposes because it grants the government a great deal of power. There are potential abuses -- like the FBI's treatment of Martin Luther King, Jr., who they tried to convince to commit suicide through blackmail, or the offenses committed by the White House Plumbers -- and legitimate uses, like detecting and prosecuting crimes through surveillance of metadata. This would be an enormously powerful policing tool, akin to a general warrant, and would require enormous due process restrictions to prevent officers from just finding dirt on people they don't like.

 

Metadata has also been used by oppressive regimes to frighten dissidents into silence. If you're discovered to be corresponding with a known dissident, it doesn't matter what you said in those conversations -- the government can come and threaten to detain you as a material witness or hint that further contact will have repercussions. ("That's a nice family you have here; be a shame if anything were to happen to it...")

 

Of course, the companies collecting the data also have this power. Consider Western Union's attempts to influence the 1876 election, or imagine the prospect of Google using its knowledge about your email and search history to hint to your spouse that you may be cheating. (Of course, Google has access to more than just metadata, but it wouldn't need the contents of your mail to notice a suspicious trend. "Dear Mrs. Swansont, Your spouse has sent 343 messages to a Ms Rubidium in the past month, sometimes scheduling appointments on Google Calendar with her in empty fields...")

 

I've read suggestions to implement a proportionality principle in the 4th amendment: restrictions on surveillance and data collection should be proportionate to how much they can reveal about the subject. Metadata would rank highly.

1
Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

Yes.

 

My view of privacy (based on Daniel Solove's) is that we should not see it as hiding embarrassing or revealing information. Privacy isn't something you need only when you have something to hide. Keeping your affairs private is a way to maintain your own freedom of action. The more information other people have about you, the more they can use this information to influence your decisions and behavior.

I agree — "if you have nothing to hide" is a horrible attitude, and one that is used asymmetrically by the government (e.g. they're often against filming/recording the police in the execution of their duties in public). Which is why the question is important — is metadata private?

 

My argument is no, because unless the metadata has an identifier, there is nothing being revealed about you. What the government knows is that 555-1234 called 555-5678 and talked for 14 minutes. (Multiplied by millions of calls each day) What it doesn't know is that John Smith called Jane Jones and talked for 14 minutes. Absent that knowledge, what personal privacy intrusion is taking place?

 

The problem with this is that it's such a tissue-paper thin barrier to go from knowing a phone number to knowing a name, and if you don't trust the government to resist the temptation to do a reverse lookup and find this out, that's IMO a valid point, but it's also a separate issue. That sort of action should require a warrant based on probable cause, and the government has not shown that it can be trusted to keep its hand out of this particular cookie jar. So some sort of secret oversight is no better than "trust us". To me, that's the real issue.

 

Here's another example. Just today I got a text alert about flash floods, from the emergency broadcast system. It's a fairly new program http://www.nytimes.com/2011/05/10/us/10safety.html

 

In order to do this it must know what my phone number is and where the phone is located. So, OMG. The government is tracking me! Now, is that spying? Seems to me that anyone who says metadata is an identifier will have to answer "yes" to that. But: does any actual human in that system know who I am and where I am located? I am assuming the answer is no, which is why I don't think I am being spied upon. If the answer is yes, then I have a problem with it.

 

A metadata example might be how Target knows if you're pregnant. Target records metadata about all your purchases and transactions and purchases metadata from other providers, using this to deduce from your purchase history whether you're pregnant. From there they can send targeted advertisements and coupons to influence you into shopping at Target for all of your baby needs.

 

Metadata, then, can't be dismissed as less revealing than, say, the contents of your telephone conversations or emails. There is a surprisingly great deal that can be learned from metadata. This information can be used against you just like your sexts can.

This all presupposes that metadata is an identifier. The example about Target "knowing" a woman was pregnant was from data mining. It's not clear that any human was involved with the actual knowledge. The computer algorithm identified Jenny Ward (fictional name in the story) as being pregnant and sent her fliers with baby clothes and diaper ads, but it used an ID number, because it doesn't care about names. It's quite likely that no human at Target had that knowledge. They could, of course, if they went to the computer and matched the number to the name.

 

The article points out that "Target can buy data about your ethnicity, job history, the magazines you read, if you’ve ever declared bankruptcy or got divorced, the year you bought (or lost) your house, where you went to college, what kinds of topics you talk about online, whether you prefer certain brands of coffee, paper towels, cereal or applesauce, your political leanings, reading habits, charitable giving and the number of cars you own."

 

So, do we own this data? Is it ours? Apparently not. It belongs to the businesses that collect the data. I have no say in what they do with it and to whom they sell it. That, to me, is a scary thought, but that's been the way of things for quite a while now.

 

 

We should enforce restrictions on the government use of metadata for surveillance purposes because it grants the government a great deal of power. There are potential abuses -- like the FBI's treatment of Martin Luther King, Jr., who they tried to convince to commit suicide through blackmail, or the offenses committed by the White House Plumbers

How are those examples of metadata?

-- and legitimate uses, like detecting and prosecuting crimes through surveillance of metadata. This would be an enormously powerful policing tool, akin to a general warrant, and would require enormous due process restrictions to prevent officers from just finding dirt on people they don't like.

Which requires one to be able to get a personal identification from the metadata. If the police are abiding by the law, that requires probable cause that a crime has been committed. Again, I will point out that the mistrust that they will abide is probably the real issue.

 

 

Of course, the companies collecting the data also have this power. Consider Western Union's attempts to influence the 1876 election, or imagine the prospect of Google using its knowledge about your email and search history to hint to your spouse that you may be cheating. (Of course, Google has access to more than just metadata, but it wouldn't need the contents of your mail to notice a suspicious trend. "Dear Mrs. Swansont, Your spouse has sent 343 messages to a Ms Rubidium in the past month, sometimes scheduling appointments on Google Calendar with her in empty fields...")

This is a matter of how much we trust corporations to follow the law.

I've read suggestions to implement a proportionality principle in the 4th amendment: restrictions on surveillance and data collection should be proportionate to how much they can reveal about the subject. Metadata would rank highly.

Metadata alone, without an identifier, can reveal nothing about an individual.

1
Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

My argument is no, because unless the metadata has an identifier, there is nothing being revealed about you. What the government knows is that 555-1234 called 555-5678 and talked for 14 minutes. (Multiplied by millions of calls each day) What it doesn't know is that John Smith called Jane Jones and talked for 14 minutes. Absent that knowledge, what personal privacy intrusion is taking place?

 

The problem with this is that it's such a tissue-paper thin barrier to go from knowing a phone number to knowing a name, and if you don't trust the government to resist the temptation to do a reverse lookup and find this out, that's IMO a valid point, but it's also a separate issue. That sort of action should require a warrant based on probable cause, and the government has not shown that it can be trusted to keep its hand out of this particular cookie jar. So some sort of secret oversight is no better than "trust us". To me, that's the real issue.

In some cases the metadata is inseparable from the identity. Since the details are secret we don't know if cellular metadata includes location data, but if it does, the location data is enough to uniquely identify each person. You still don't get a name, but you know where they live, where they work, who they associate with, what events they attend, and so on. (Verizon already shares this data with other companies in some sort of anonymous aggregated form; I don't know if the aggregation is enough to render people indistinguishable.) A disgruntled NSA employee could look up his ex-girlfriend's data just by knowing her home and work addresses.

 

I do agree that use restrictions are as important as collection restrictions. Perhaps it's reasonable to allow the government to collect these phone records in case they are needed, but to require probable cause when searching and processing the data.

 

Of course, oversight in a top-secret program seems purely symbolic if the disgruntled employee's searches are secret by default. He could skip the warrant and nobody may be able to tell, or nobody could bother punishing him. I agree; the government can't be trusted on this issue yet.

 

 

Here's another example. Just today I got a text alert about flash floods, from the emergency broadcast system. It's a fairly new program http://www.nytimes.com/2011/05/10/us/10safety.html

 

In order to do this it must know what my phone number is and where the phone is located. So, OMG. The government is tracking me! Now, is that spying? Seems to me that anyone who says metadata is an identifier will have to answer "yes" to that. But: does any actual human in that system know who I am and where I am located? I am assuming the answer is no, which is why I don't think I am being spied upon. If the answer is yes, then I have a problem with it.

I believe the government doesn't have to know anything for the alert system; they just tell the cell providers to broadcast messages in a certain geographic area. But I see your point; there are some cases where it is necessary for the information to be used. But we should be very clear about what those cases are and restrict all other uses.

 

How are those examples of metadata?

They aren't, but they are examples of abuses which came from illicit surveillance.

 

Metadata alone, without an identifier, can reveal nothing about an individual.

You seem to be focusing on the issue of metadata in group surveillance -- collecting metadata from thousands of people simultaneously, without caring who they are. In that case I'll agree that the proportionality principle doesn't work. Collecting metadata about groups en masse is a different use case.

 

One solution I've seen proposed is to require group surveillance programs to have a legislated design. Allow only programs with a targeted purpose and mechanisms which are minimally invasive but achieve that purpose, and specifically legislate the allowed uses of the data. This prevents the sort of mission creep that ends up with metadata being used to send traffic tickets to speeders based off of their cell phone's GPS records.

 

Of course, in that case the NSA programs would have to be public. So this has the side effect of making top-secret minimally-overseen surveillance programs difficult to implement. I'm not sure I mind.

Link to comment
Share on other sites
overtone

overtone

Posted
Posted (edited)

My argument is no, because unless the metadata has an identifier, there is nothing being revealed about you.

What the government knows is that 555-1234 called 555-5678 and talked

for 14 minutes. (Multiplied by millions of calls each day) What it

doesn't know is that John Smith called Jane Jones and talked for 14

minutes.

You don't know what is being collected under the term "metadata". Official statements tend to imply (without clearly and definitively stating, notice) that it is nothing more than you describe there, but we have no reason to believe that and plenty of reason to infer otherwise.

 

I am willing to bet money, for example, that in the always included "other data" we will find - sometimes, occasionally - languages used, keyword presences and frequencies, speaking voice data such as pauses and inflections and word frequencies and idioms particular to individuals or ethnicities, compilations of patterns such as new phone number call frequencies and single call frequencies, callback patterns, subject frequencies and grammatical patterns related to subject , use of passwords and encription, and so forth.

 

Metadata alone, without an identifier, can reveal nothing about an individual.

Metadata is an identifier - that's why the NSA is collecting it, to identify terrorists. Anything that can identify a terrorist can identify anyone.

 

 

So, do we own this data? Is it ours? Apparently not. It belongs to the businesses that collect the data

We allow businesses to collect such data mostly because we haven't thought about it. We could quite easily forbid businesses from compiling those kinds of data bases.

 

 

If the police are abiding by the law, that requires probable cause that a crime has been committed. Again, I will point out that the mistrust

that they will abide is probably the real issue.

Mistrust of governmental use of uncurbed power is of course a central issue - nothing "probable" about it. We absolutely do not trust our government with privacy intrusions we would willingly grant only to the most intimate of our friends and family.

 

In addition, we don't like even trusted and trustworthy people watching everything we do and say. What we have here is a panopticon , and these things are inherently oppressive regardless of the virtues of their employers.

Edited by overtone
Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

You don't know what is being collected under the term "metadata". Official statements tend to imply (without clearly and definitively stating, notice) that it is nothing more than you describe there, but we have no reason to believe that and plenty of reason to infer otherwise.

 

But we do, because it was defined (albeit not completely)

 

I am willing to bet money, for example, that in the always included "other data" we will find - sometimes, occasionally - languages used, keyword presences and frequencies, speaking voice data such as pauses and inflections and word frequencies and idioms particular to individuals or ethnicities, compilations of patterns such as new phone number call frequencies and single call frequencies, callback patterns, subject frequencies and grammatical patterns related to subject , use of passwords and encription, and so forth.

 

You have no evidence of this, though, and the available evidence directly contradicts this interpretation. While your conspiracy theory is quite plausible, it's still a conspiracy theory.

 

 

Metadata is an identifier - that's why the NSA is collecting it, to identify terrorists. Anything that can identify a terrorist can identify anyone.

 

Metadata by itself does not give you a name. There is an additional step required of associating the metadata with a name. Unless you've legally changed your name to be your phone number. Then all bets are off.

 

 

We allow businesses to collect such data mostly because we haven't thought about it. We could quite easily forbid businesses from compiling those kinds of data bases.

 

I agree with the first part and disagree with the second, in the US. In the current political climate I think it would be exceedingly difficult to get congress to go against big business's interests and restrict their use of data.

 

 

 

 

Mistrust of governmental use of uncurbed power is of course a central issue - nothing "probable" about it. We absolutely do not trust our government with privacy intrusions we would willingly grant only to the most intimate of our friends and family.

 

Telling someone that one phone number called another phone number is not what I call intimate information.

 

 

In addition, we don't like even trusted and trustworthy people watching everything we do and say. What we have here is a panopticon , and these things are inherently oppressive regardless of the virtues of their employers.

 

But my point is they aren't watching us. They're watching a bunch of phones. In the first cull of the data, who is attached to the phones isn't important or known to them.

 

I believe the government doesn't have to know anything for the alert system; they just tell the cell providers to broadcast messages in a certain geographic area. But I see your point; there are some cases where it is necessary for the information to be used. But we should be very clear about what those cases are and restrict all other uses.

Just like the government doesn't have to know anything to process networking association information of a bunch of phone numbers.

Link to comment
Share on other sites
John Cuthber

John Cuthber

Posted
Posted

Hang on?

"What the government knows is that 555-1234 called 555-5678 and talked for 14 minutes. (Multiplied by millions of calls each day) What it doesn't know is that John Smith called Jane Jones and talked for 14 minutes. "

Do you not think that the government has a phone book?

Of course they know who called whom (in most cases).

 

If they don't know whose phone it is then there's no point collecting the data because someone calling their partners in crime looks pretty much like someone calling their friends.

Link to comment
Share on other sites
john5746

john5746

Posted
Posted (edited)

The way I would design such a system is to have a non-identifying ID with details, such as time, area code except the phone number and have the phone number linked in another table. This way, you could query trends in the one table, like minutes increase from one area code to another, etc. And only give access to the phone number or other detail upon request with clearance.

 

Would still need to trust that they don't abuse it and are competent. Could argue they shouldn't store phone numbers at all, just area code and then go to carrier when a trend occurs. Would make connecting the dots harder.

 

Truth is that data like this is everywhere: drug stores, shopping, insurance, credit cards, etc. We are practically in a cyber war with China and probably losing it handily. So, I don't think we can just leave the front door unlocked and feel comfortable that no one would be so stupid as to try coming in.

Edited by john5746
Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

Hang on?

"What the government knows is that 555-1234 called 555-5678 and talked for 14 minutes. (Multiplied by millions of calls each day) What it doesn't know is that John Smith called Jane Jones and talked for 14 minutes. "

Do you not think that the government has a phone book?

Of course they know who called whom (in most cases).

 

That's my point, though. You have to look up the number in the phone book. The data by themselves do not identify the person without the phone book.

 

The problem is that we don't trust them not to pick up the phone book.

 

 

 

If they don't know whose phone it is then there's no point collecting the data because someone calling their partners in crime looks pretty much like someone calling their friends.

 

The premise of the program, AFAICT, is that this is not true.

Link to comment
Share on other sites
overtone

overtone

Posted
Posted

 

That's my point, though. You have to look up the number in the phone
book. The data by themselves do not identify the person without the
phone book.

You put far too much stock in names.

 

If you know where and when people live, work, shop, eat, and hang out; if you know what they look at on the internet, the make and model and ID number and parking spots of their car, the frequency distibution of their voice and their working vocabulary, how many children they have and how old they are, their bank account numbers and passwords, their credit card numbers and passwords, their facebook page url and its passwords, their library card number, their typing patterns on the phone and keyboard, maybe even their heart rate patterns and game scores, you have identified them.

 

All that comes under the heading of "metadata" as described in public pronouncements - we don't know whether or not everything I listed there is being lifted from these phone surveillances or not. And we are not allowed to know - it's classified information.

 

 

But we do, because it was defined (albeit not completely)

No, it wasn't. If you pay careful attention to the way it's described, you'll notice that the description is of examples - not definitions. Nobody says "this is exactly and all we are compiling". They say 'stuff like this' "and other data".

 

And that is if you believe them in the first place. Why would you? How naive are you planning to be here?

 

 

You have no evidence of this, though, and the available evidence
directly contradicts this interpretation. -

We have no evidence contradicting my reasonable presumption there. We have plenty of evidence, starting with what we know of the origins of this program and the motives of its launchers and the behavior of that crowd everywhere else, continuing with our adult and educated historical perspective in which every single government ever allowed to employ this kind of surveillance has abused it, noticing that they themselves knew it was trouble and kept it secret from us for years, reasoning that the very purpose they claim to be employing it for requires that they intrude somewhat more than they claim, and ending with the obvious: why risk it?

 

 

While your conspiracy theory is quite plausible, it's still a conspiracy theory.

Uh, dude, we just found out about a conspiracy. That's what this operation is. I mean, you did - those of us yammering about the W hangover have been following this issue for many years now. Every theory anyone puts out about it is going to be a conspiracy theory.

 

 

But my point is they aren't watching us. They're watching a bunch of phones

And my point is that you don't know what they're watching - it's entirely up to them, and by them I mean the individuals with their hands on the consoles at any given moment, the tens of thousands of them with access to your phone at any moment. That was the whole point of the panopticon - the prisoner never knew who was watching, or what, or when (or schoolchild, factory worker, etc, Bentham designed a variety of those things for various situations. Telephone user would have fit right in, and looked just like this).
Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

You put far too much stock in names.

 

If you know where and when people live, work, shop, eat, and hang out; if you know what they look at on the internet, the make and model and ID number and parking spots of their car, the frequency distibution of their voice and their working vocabulary, how many children they have and how old they are, their bank account numbers and passwords, their credit card numbers and passwords, their facebook page url and its passwords, their library card number, their typing patterns on the phone and keyboard, maybe even their heart rate patterns and game scores, you have identified them.

They still don't know who the person is without a name, and none of this has anything to do with telephony data.

 

 

All that comes under the heading of "metadata" as described in public pronouncements - we don't know whether or not everything I listed there is being lifted from these phone surveillances or not. And we are not allowed to know - it's classified information.

 

 

No, it wasn't. If you pay careful attention to the way it's described, you'll notice that the description is of examples - not definitions. Nobody says "this is exactly and all we are compiling". They say 'stuff like this' "and other data".

The court order specifically excludes the substantive content of the conversations.

 

And that is if you believe them in the first place. Why would you? How naive are you planning to be here?

That's a separate issue. I didn't start the thread to discuss conspiracy theories.

Link to comment
Share on other sites
overtone

overtone

Posted
Posted

 


They still don't know who the person is without a name, and none of this has anything to do with telephony data.

They can supply a name - or more likely an ID number - to file your identity under while they track it. Most government surveillance compilations are filed by number as it is - the name is just a line on the form, or two or three - the people being watched often go by several names. And all of this is data available from your phone calls. Excuse me: "metadata".

 

The court order specifically excludes the substantive content of the conversations.

Leaving it to the thousands of agents with access to your phone to determine what "substantive" means. Everything I listed could be labeled "metadata" by me, and defended as such - we already know, for example, that the phone numbers of conference calls are compiled: that means the numbers punched into the keypad are recorded, which means the various personal identifiers of such number punching (its rate, pause pattern, common errors, etc - data that works like a fingerprint) are recorded along with all those passwords and such I mentioned.

 

 

That's a separate issue. I didn't start the thread to discuss conspiracy theories

If you start a thread about a conspiracy you just discovered, how do you plan to avoid theorizing about it?
Link to comment
Share on other sites
John Cuthber

John Cuthber

Posted
Posted (edited)

That's my point, though. You have to look up the number in the phone book. The data by themselves do not identify the person without the phone book.

 

The problem is that we don't trust them not to pick up the phone book.

It's not a matter of not trusting them (I don't, but that's not the issue).

 

The issue is that, unless they actually find out who the people are, then they don't gain anything. It would be incompetent of them not to see who is talking to whom. The police were the first group that had ever heard of who were able to do a reverse directory search (i.e. find the person from the number, rather than the other way round), and that was in the 1970s.

Why would they not do so now? They are permitted to, the have the ability to and it makes their work a lot easier because they only have to track the known crooks (and their friends) rather than the whole population.

 

That's not the same as the "forbidden" issue of recording the actual content of the call.

(Though governments do that routinely with email)

http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&language=EN

Edited by John Cuthber
Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

It's not a matter of not trusting them (I don't, but that's not the issue).

 

The issue is that, unless they actually find out who the people are, then they don't gain anything.

But equally important from a privacy standpoint is when they determine that. I'm not arguing that metadata can't be used as one part of a process to identify people. If you don't fit the pattern they're looking for in the metadata and they don't try and find out your name, has your privacy been compromised?

 

Again, this points to the issue that you trust them to follow the rules and convince a judge that they have probable cause to think the nameless people they've listed are terrorists. If they are getting your name without conforming to those protocols, then they are breaking the law.

 

It would be incompetent of them not to see who is talking to whom.

Or, maybe it would be illegal (or, in my context, a 4th amendment violation). That's one of the questions.

 

The police were the first group that had ever heard of who were able to do a reverse directory search (i.e. find the person from the number, rather than the other way round), and that was in the 1970s.

Why would they not do so now? They are permitted to, the have the ability to and it makes their work a lot easier because they only have to track the known crooks (and their friends) rather than the whole population.

In this example, you refer to known crooks. Once you have identified that a phone number belongs to a crook, because it fits some pattern that is somehow "crooked", that's when you identify the person and start listening in on the calls. If you're following the rules.

Link to comment
Share on other sites
John Cuthber

John Cuthber

Posted
Posted

I can't see how it's a breach of the 4th amendment to look up whose number it is.

The data is public domain.

They are not searching or seizing anything that belongs to you.

 

The authorities know- by what ever means, about some crooks.

They can find the 'phone numbers of those crooks- by looking them up in the phone book.

they can look at the records which belong to the phone companies and find out who those crooks are talking to.- they get the 'phone numbers .

They can look up those numbers in a reverse directory and find out to whom the initial, known, crook is talking and they can also tell for how long, and at waht time.

 

that data is of legitimate interest to the authorities for the performance of their job and, as far as I can see, it's perfectly legal.

The only dodgy bit is getting the data from the phone companies and that has been declared legal.

 

I rather doubt that criminals use of the phone is distinguishable from other people's use of it. Not least because most crooks are not 24/7 crooks. they also call their mates to go for a drink and they have to get a baby sitter or a doctor from time to time, just like the rest of us.

 

I also think that many of the crooks are essentially running a small business and their use of the phone would look like any other small business.

 

It may be possible to look at the stats and find some sort of clustering which correlates with criminality, but I'd expect any competent judge to explain to them that correlation isn't causation and not issue a warrant without supporting information.

Link to comment
Share on other sites
overtone

overtone

Posted
Posted (edited)

. If you don't fit the pattern they're looking for in the metadata and

they don't try and find out your name, has your privacy been

compromised?

The following is possible, without the slightest conspiracy assumption, based on nothing but what has been acknowledged in public by everyone concerned:

 

A case file has been opened in which metadata from my phone calls has been collected separately from each of the people using my phone (by voice frequency pattern, say, or keypunch pattern, or bank numbers, or location, or maybe just the phone numbers used although that would be incompetent - even low level drug pushers go through phone numbers like breath mints these days), compiled in a data base, and assigned an ID number. .

 

Any of several tens of thousands of people, both government employees and private contractors, can legitimately review it, or monitor its collection in real time from my phone, with the number displayed and the ID confirmed (sex, age, physical location, amount of money transferred between checking and savings, etc).

 

I cannot review it, correct errors in it, get it erased, protect it from any of the thousands I don't want to see it, even find out what's in it or who has been reviewing it, etc.

 

I regard that possibility - the mere possibility, whether or not it has happened - as compromising my privacy. This is a panopticon, an inherently authoritarian and inherently oppressive structure.

 

 

In this example, you refer to known crooks. Once you have identified that a phone number belongs to a crook, because it fits some pattern

that is somehow "crooked", that's when you identify the person and start listening in on the calls. If you're following the rules

Or you could simply bring the user in for questioning, and ask them what name they want to go by down at the station.

 

Or even, since you might easily have the evidence you need from the "metadata", go arrest them and ask them what their name is at that time.

 

Do you imagine police need to know someone's name to "identify" them?

Edited by overtone
1
Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

I can't see how it's a breach of the 4th amendment to look up whose number it is.

The data is public domain.

 

Not necessarily. Unlisted numbers exist. The information is made public because we choose to make it public.

 

They are not searching or seizing anything that belongs to you.

 

In combination with the data collection, they are.

 

The authorities know- by what ever means, about some crooks.

They can find the 'phone numbers of those crooks- by looking them up in the phone book.

they can look at the records which belong to the phone companies and find out who those crooks are talking to.- they get the 'phone numbers .

They can look up those numbers in a reverse directory and find out to whom the initial, known, crook is talking and they can also tell for how long, and at waht time.

 

that data is of legitimate interest to the authorities for the performance of their job and, as far as I can see, it's perfectly legal.

The only dodgy bit is getting the data from the phone companies and that has been declared legal.

 

It's been legal for criminal prosecutions in the US for far longer than the Patriot act.

 

I rather doubt that criminals use of the phone is distinguishable from other people's use of it. Not least because most crooks are not 24/7 crooks. they also call their mates to go for a drink and they have to get a baby sitter or a doctor from time to time, just like the rest of us.

 

I've already linked to a story that shows this to not be the case in the other thread. It doesn't matter if they are crooks 24/7. If they do one thing that law-abiding citizens tend not to (e.g. drug dealers calling pager numbers several times a day), that's what is important. You discriminate on the differences, not the similarities.

 

 

I also think that many of the crooks are essentially running a small business and their use of the phone would look like any other small business.

 

It may be possible to look at the stats and find some sort of clustering which correlates with criminality, but I'd expect any competent judge to explain to them that correlation isn't causation and not issue a warrant without supporting information.

 

You don't have to prove causality. Just that it's reasonable to have the suspicion, or that the causality is probable.

 

The following is possible, without the slightest conspiracy assumption, based on nothing but what has been acknowledged in public by everyone concerned:

 

A case file has been opened in which metadata from my phone calls has been collected separately from each of the people using my phone (by voice frequency pattern, say, or keypunch pattern, or bank numbers, or location, or maybe just the phone numbers used although that would be incompetent - even low level drug pushers go through phone numbers like breath mints these days), compiled in a data base, and assigned an ID number. .

 

Any of several tens of thousands of people, both government employees and private contractors, can legitimately review it, or monitor its collection in real time from my phone, with the number displayed and the ID confirmed (sex, age, physical location, amount of money transferred between checking and savings, etc).

 

I cannot review it, correct errors in it, get it erased, protect it from any of the thousands I don't want to see it, even find out what's in it or who has been reviewing it, etc.

 

I regard that possibility - the mere possibility, whether or not it has happened - as compromising my privacy. This is a panopticon, an inherently authoritarian and inherently oppressive structure.

 

If you have not been identified, how has your privacy been compromised?

 

 

Or you could simply bring the user in for questioning, and ask them what name they want to go by down at the station.

 

Or even, since you might easily have the evidence you need from the "metadata", go arrest them and ask them what their name is at that time.

 

And get sued for violating their civil rights, unless you want to make the case that the metadata by itself is evidence of a crime sufficient for detaining someone.

 

Do you imagine police need to know someone's name to "identify" them?

 

How else do they do it?

Link to comment
Share on other sites
overtone

overtone

Posted
Posted (edited)

And get sued for violating their civil rights, unless you want to make

the case that the metadata by itself is evidence of a crime sufficient

for detaining someone.

It's always worked before - circumstantial evidence, it's sometimescalled. Getting caught, is another term.

 

 

Do you imagine police need to know someone's name to "identify" them?

How else do they do it?

Eyewitnesses, tattoos, DNA, fingerprints, Social Security number, clothing, scars, hair, residue or artifacts of crime, bloodstains and injuries, job location and residence, age and weight and height, race, - it's a long list -

 

and of course phone logs and voice recognition.

 

 

It's been legal for criminal prosecutions in the US for far longer than the Patriot act.

Not without a warrant, specifying the location to be searched and the person or things to be seized.

 

 

If you have not been identified, how has your privacy been compromised?

I have been identified - they've assigned me an ID number, my own case file, etc. They know where I live, where I am at any time I have my phone on me (and a fair number of times I don't), my bank account numbers and passwords, even the make, model, serial number, license plate number, and location of my car if it has that modern phone stuff in it. They might have picked up my SSN, driver's license number, and physical description along the way (nothing stopping them - we know they record numbers punched into the keypad). Edited by overtone
Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

If you have not been identified, how has your privacy been compromised?

I can imagine several scenarios where the government can (ab)use its power against you based on metadata alone:

  1. I am your abusive boyfriend and I already know your phone number. Fortunately, my job at the NSA lets me know whenever you contact anyone else.
  2. One of your friends is, unknown to you, part of some dissident or terrorist group. Your cell phone records reveal you spend a great deal of time with them. You are put under surveillance or arrested as you leave their house after a Tupperware party.
  3. Metadata indicates you are part of a group the government doesn't like, and your credit records indicate you have bought round-trip tickets to the UK and back. They are marked for special security screening when you return, much like Jacob Applebaum has repeatedly experienced.
  4. Phone records indicate where you live, so an agent sits on the other side of the street with a telescope and night-vision goggles and takes pictures of you coming out of the shower. This may not be a 4th Amendment search requiring a warrant.
  5. Credit card records indicate you recently visited a sex shop and bought the PleasureMaster 4000. A snickering agent calls all of your business contacts to let them know, anonymously.
Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

I can imagine several scenarios where the government can (ab)use its power against you based on metadata alone:

I imagine there are millions of scenarios wherein the government or an individual working for thew government can break the law and abuse the information. That's an issue of oversight and trust. That's not what I'm wanting to discuss. If that's the beef against the government, then there are trust issues with giving them e.g. census information, because they might misuse it. A government abusing its power is a completely separate issue.

 

I want to know why gathering metadata, and metadata alone, is considered by some as an invasion of privacy, for reasons other than "the government might abuse its power". (I already agree with that)

 

 

 

  • One of your friends is, unknown to you, part of some dissident or terrorist group. Your cell phone records reveal you spend a great deal of time with them. You are put under surveillance or arrested as you leave their house after a Tupperware party.

 

 

That depends on whether your association constitutes probable cause that you have committed a crime. As with a comment in a previous post, if they arrest you, I don't see how an arrest can be supported. (Other than by naming you an enemy combatant and denying you your rights, which is an ultra-scary power that was conjured up well before this scenario)

 

 

  • Metadata indicates you are part of a group the government doesn't like, and your credit records indicate you have bought round-trip tickets to the UK and back. They are marked for special security screening when you return, much like Jacob Applebaum has repeatedly experienced.

 

 

Ted Kennedy was on the no-fly list. http://www.washingtonpost.com/wp-dyn/articles/A17073-2004Aug19.html

That's a whole other kettle of stinky fish. Nobody knows how the no-fly list works.

 

Credit records are not telephony metadata.

Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

Credit cards are not telephony, but they are metadata collected by the NSA:

 

NSA also obtains access to data from Internet service providers on Internet use such as data about email or website visits, several former officials said. NSA has established similar relationships with credit-card companies, three former officials said.

 

http://online.wsj.com/article/SB10001424127887324299104578529112289298922.html



Ted Kennedy was on the no-fly list. http://www.washingtonpost.com/wp-dyn/articles/A17073-2004Aug19.html
That's a whole other kettle of stinky fish. Nobody knows how the no-fly list works.

I don't believe the harassment of Applebaum and others is a result of the no-fly list; they're only detained when entering the country from overseas, as fourth amendment search and seizure rights are waived at border inspections, and hence the government can confiscate and inspect their laptops and phones. This is AFAIK legal, or at least not sufficiently illegal to cause a lawsuit yet.

Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

I want to know why gathering metadata, and metadata alone, is considered by some as an invasion of privacy, for reasons other than "the government might abuse its power". (I already agree with that)

My view is that privacy is about power, so abuses of power are inextricably linked to invasions of privacy. If you're thinking of privacy in the "nothing to hide" sense then yes, metadata doesn't threaten me unless the government links it to my name (unless I am unusually worried by a government agent knowing only that someone, somewhere bought a PleasureMaster 4000). But in many cases the government would never have cause to look up my name without seeing the metadata first.

Link to comment
Share on other sites
swansont

swansont

Posted
  • Author
Posted

I don't believe the harassment of Applebaum and others is a result of the no-fly list; they're only detained when entering the country from overseas, as fourth amendment search and seizure rights are waived at border inspections, and hence the government can confiscate and inspect their laptops and phones. This is AFAIK legal, or at least not sufficiently illegal to cause a lawsuit yet.

 

Fair enough, but they still had to associate the metadata with a name in order to harass someone.

 

My view is that privacy is about power, so abuses of power are inextricably linked to invasions of privacy. If you're thinking of privacy in the "nothing to hide" sense then yes, metadata doesn't threaten me unless the government links it to my name (unless I am unusually worried by a government agent knowing only that someone, somewhere bought a PleasureMaster 4000). But in many cases the government would never have cause to look up my name without seeing the metadata first.

 

That's my point — until they link it to a name, all they know is that someone bought a PleasureMaster 4000, and said purchase is legal, so the government is supposed to lack the power to pursue the issue any further. I don't see how the government knowing that someone bought a PleasureMaster 4000 has violated anyone's privacy.

 

The violation of privacy comes when they associate your name with the purchase.

Link to comment
Share on other sites
Cap'n Refsmmat

Cap'n Refsmmat

Posted
Posted

Fair enough, but they still had to associate the metadata with a name in order to harass someone.

Possibly, although there may presumably be means to automatically mark airline tickets as requiring extra security checks based on the credit card or phone number associated with their purchase. (Perhaps there's a known terrorist who uses a certain card or phone but switches aliases frequently.)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.