Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Connect 91% of Numbers With Names In Metadata Probe

samzenpus posted about 9 months ago | from the looking-at-the-list dept.

Privacy 84

Trailrunner7 writes "One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency's collection of phone metadata is that the information it's collecting, such as phone numbers and length of call, can't be tied to the callers' names. However, some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort. The Stanford researchers recently started a program called Metaphone that gathers data from volunteers with Android phones. They collect data such as recent phone calls and text messages and social network information. The goal of the project, which is the work of the Stanford Security Lab, is to draw some lines connecting metadata and surveillance. As part of the project, the researchers decided to select a random set of 5,000 numbers from their data and see whether they could connect any of them to subscriber names using just freely available Web tools. The result: They found names for 27 percent of the numbers using just Google, Yelp, Facebook and Google Places. Using some other online tools, they connected 91 of 100 numbers with names."

cancel ×

84 comments

Sorry! There are no comments related to the filter you selected.

This is god. (-1)

Anonymous Coward | about 9 months ago | (#45769663)

You are all fucking bastards who need to get raped by a horse.

Re:This is god. (5, Funny)

larry bagina (561269) | about 9 months ago | (#45769795)

Please clarify:

1. We are bastards. We need to get raped by a horse.

-or- 2. We are having sex with bastards. The bastards need to get raped by a horse.

Re:This is god. (-1)

Anonymous Coward | about 9 months ago | (#45769865)

Also, is this the same horse?

Re:This is god. (-1)

Anonymous Coward | about 9 months ago | (#45770069)

god works in mysterious ways....

and prefers ambiguity.

Re:This is god. (-1, Offtopic)

rubycodez (864176) | about 9 months ago | (#45771989)

further clarification please, are we to be raped by male or female horse? Getting backed into would be bad, but getting our backside into'd very painful.

More lies (-1)

Anonymous Coward | about 9 months ago | (#45769665)

Lies, lies, lies and more lies from the NSA...

555-555-5555 (-1)

Anonymous Coward | about 9 months ago | (#45769673)

Now it's linked to Anonymous Coward!!!

Re:555-555-5555 (2)

The Rizz (1319) | about 9 months ago | (#45769757)

... and now it's linked to Noël Coward!

Metadata was never an excuse for surveillance (1)

Anonymous Coward | about 9 months ago | (#45769675)

Data is data: aka valuable information. And as we in the IT world know, a little metadata goes a long way.

Metaphone (disambiguation) (1)

tepples (727027) | about 9 months ago | (#45769681)

I thought Metaphone [wikipedia.org] was a spell check algorithm [php.net] designed to improve on Soundex [wikipedia.org]

Re:Metaphone (disambiguation) (2)

jellomizer (103300) | about 9 months ago | (#45769871)

Combine that with the Levenshtein distance [wikipedia.org] you can get some good results.

No shit (3, Informative)

oodaloop (1229816) | about 9 months ago | (#45769705)

Phone numbers are listed in things like telephone books. NSA (and other intelligence agencies; let's not forget about the rest of them) have been ingesting telephone directories, business cards, public records, FB pages, ad nauseum into massive databases for many years so that a new name/number/address/email etc can be matched to known correlates.

Re:No shit (0)

Anonymous Coward | about 9 months ago | (#45769761)

I never heard about that program. How do you know about it? Did you work on that program or something?

Re:No shit (2)

hawguy (1600213) | about 9 months ago | (#45769965)

I never heard about that program. How do you know about it? Did you work on that program or something?

If they haven't been adding public phone book data to their databases then they'd have to be awfully incompetent - that data is commercially available and (relatively) cheap to purchase.

Re:No shit (5, Informative)

icebike (68054) | about 9 months ago | (#45769857)

Phone numbers are listed in things like telephone books. NSA (and other intelligence agencies; let's not forget about the rest of them) have been ingesting telephone directories, business cards, public records, FB pages, ad nauseum into massive databases for many years so that a new name/number/address/email etc can be matched to known correlates.

Even metadata consisting only of Cell numbers are available to the NSA because they have access to all the carriers records [aclu.org] as well.

Even a "Burner" [gigaom.com] phone is traceable in the US.

There is no such thing as "metadata", and there hasn't been for a long time.

Re:No shit (1)

AHuxley (892839) | about 9 months ago | (#45770353)

Any mobile phone is trackable due to the vast interest in keeping and tracking voice prints. Colombia in the early 1990's was the first real very 'public' use.
Cloning, hardware changes did not offer any protection from total telco surveillance.
That same tech is now cheap and global.

Re:No shit (1)

ZouPrime (460611) | about 9 months ago | (#45769987)

Not only that, but *obviously* they have the ability to associate a number with someone at some point - if not, then what is the point in collecting and analysing anything? Metadata doesn't allow you to see the *content* of a call, but obviously it has to give you some information or you wouldn't bother with it.

Re:No shit (2)

sumdumass (711423) | about 9 months ago | (#45770585)

Well, the working claim was that in order to associate a name with the number, that had to get a warrant and ask the provider who owns the number. Of course this ignores things like a crisscross directory that allows you to look up names from numbers and street addresses but i don't think they expected the public to think that far.

What this research does is shows how they do not need a warrant or special information from the service providers. It shows how availible most this information is and how it is reletively harmless until you posess the information the NSA is collecting while trying to claim it means nothing special.

crisscross directory (1)

SpaceLifeForm (228190) | about 9 months ago | (#45770881)

99% of the public is not even aware of a what a criss-cross directory is and how it can be used or abused.

Re:crisscross directory (0)

Anonymous Coward | about 9 months ago | (#45771667)

Criss-cross directories make me want to jump, jump.

Re:crisscross directory (1)

Runaway1956 (1322357) | about 9 months ago | (#45772279)

Wow - that makes me part of the 1%? I learned about those directories even before I had internet access. Admittedly, I didn't have ready access to such a directory until after I had internet, but I was very much aware that one could use a phone number to find an address, along with the name of the person who paid for the phone number.

Re:No shit (2)

ShanghaiBill (739463) | about 9 months ago | (#45770015)

Phone numbers are listed in things like telephone books.

Of course. Before I read the summary, I never heard anyone claim that numbers cannot be connected to names, and it certainly wasn't a "key tenet" justifying NSA spying. In fact, being able to trace suspicious calls back to an identifiable person is the whole point.

Re:No shit (0)

Anonymous Coward | about 9 months ago | (#45770263)

they obviously know to who the numbers belong to, otherwise they wouldn't be able to say "hey, number X just called Y, who is suspect of (being an EU commissioner investigating corrupt corportations, is the German Chancellor, works for a NGO, etc.)".

anybody thinking (or believing) that these guys don't know who the numbers belong to is missing the whole point about the mass surveillance. If they cannot single out the numbers and assign them names, places, and content, they wouldn't be able to extract any meaningful information from all those things (except some statistical bullshit about people habits that facebook and google would like to know), and thus would the whole thing would be a waste.

Re:No shit (1)

rubycodez (864176) | about 9 months ago | (#45772005)

cell numbers are in phone books? not in my neighborhood

Re:No shit (2)

Runaway1956 (1322357) | about 9 months ago | (#45772325)

Hmmm. Not exactly in the phone book - but you've got me wondering. Is there, or is there not, a directory somewhere that might enable Average Joe, the campus activist, to look people up? It's pretty sure that the NSA can look you up any time they like. Gotta leave for work in a few minutes, but I'm leaving this tab open as a reminder to see what I can see when I get home . . . .

OOOOOHHHHHH!!!!!! The very top hit on my first Google search!

http://www.nationalcellulardirectory.com/ [nationalce...ectory.com]

So there is a directory - I need to explore it when I get home!

Re:No shit (1)

rubycodez (864176) | about 9 months ago | (#45772439)

funny, they require email address AND CELL NUMBER to register!

Re:No shit (1)

Runaway1956 (1322357) | about 9 months ago | (#45775371)

LOL, isn't THAT special? You can't register unless you give them the information to add you to the database! What a hoot. I'm not going to bother even supplying a fake number with a throwaway email. But, at least we know that there are one or more directories, apparently fishing for the information needed to grow.

Hummm (0)

Anonymous Coward | about 9 months ago | (#45769713)

They collect data such as recent phone calls and text messages and social network information.

When it's discovered that the NSA was installing apps on phones that collected calls+texts+social media you might then have a point. Please, take a step back and try finding out who owns the phone when all you have is a pile of "this one called that one" data...

Re:Hummm (1)

icebike (68054) | about 9 months ago | (#45769913)

When it's discovered that the NSA was installing apps on phones that collected calls+texts+social media you might then have a point. Please, take a step back and try finding out who owns the phone when all you have is a pile of "this one called that one" data...

Already been done.

Since before 2009, NSA can even figure out who owns burner phones. Its all done thru metadata [gigaom.com] .

Re:Hummm (1)

ShaunC (203807) | about 9 months ago | (#45770355)

When it's discovered that the NSA was installing apps on phones that collected calls+texts+social media you might then have a point.

The users are installing the apps (Facebook, etc.). The companies who run the apps are cooperating with NSA. If you haven't "discovered" that by now, well I'm not sure there's much hope left for you.

Re:Hummm (0)

Anonymous Coward | about 9 months ago | (#45771705)

When it's discovered that the NSA was installing apps on phones that collected calls+texts+social media you might then have a point.

The users are installing the apps (Facebook, etc.). The companies who run the apps are cooperating with NSA. If you haven't "discovered" that by now, well I'm not sure there's much hope left for you.

They actually aren't, unless compelled by subpoena. At the point where a judge is ready to issue a subpoena for information about you, your life is an open book, always has been that way and always will be that way. So, um, you might want to "discover" some new tinfoil for that dome of yours.

Wha'? (3, Informative)

93 Escort Wagon (326346) | about 9 months ago | (#45769715)

One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency's collection of phone metadata is that the information it's collecting, such as phone numbers and length of call, can't be tied to the callers' names.

I don't believe I've heard anyone, in the government or not, make that claim. What possible good would metadata be to them if they couldn't associate it with an individual?

What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.

Re:Wha'? (5, Interesting)

s.petry (762400) | about 9 months ago | (#45769845)

Then you have not listened to much of the debate. Clapper and others in offices have stated that metadata is completely anonymous and therefor not a risk. They have also said what you note. This is a campaign of denial and deceit trying to cover all possible ground. Additionally, TV media has been pretty silent on the issues so they are trying to keep things quiet and away from the masses.

Re:Wha'? (1)

timeOday (582209) | about 9 months ago | (#45770401)

"Clapper and others in offices have stated that metadata is completely anonymous and therefor not a risk."

Cite?

Re:Wha'? (1)

cold fjord (826450) | about 9 months ago | (#45770465)

You might as well watch the 60 Minutes [cbsnews.com] segment. The metadata discussion, and a demonstration of the analysis, is near the beginning and in the transcript.

Re:Wha'? (2)

s.petry (762400) | about 9 months ago | (#45770655)

You could look up the Clapper testimony, where he claimed in front of a Congressional hearing that they did not get personal data and if they did it would be expunged/ignored (can't remember the exact verbiage). Google with this string "NSA claims metadata harmless" and you will find plenty.

Re:Wha'? (1)

timeOday (582209) | about 9 months ago | (#45771019)

Harmless is one thing; anonymous is the point in question.

Re:Wha'? (1)

s.petry (762400) | about 9 months ago | (#45771201)

I see, so being pedantic for no real reason, except for perhaps ego.

Re:Wha'? (2)

s.petry (762400) | about 9 months ago | (#45771221)

To be less of a dick (pardon me) The Clapper testimony stated that they could not see personal data. That statement is exactly the definition of anonymous. Whether they used the term 'anonymous' or not is not relevant to the point. The point was that they claimed they could not see your personal data, and if they accidentally did they would remove it and not use it.

Re:Wha'? (1)

ahabswhale (1189519) | about 9 months ago | (#45771657)

It was openly discussed and even demo'd on 60 minutes. Do you still want to stick with that "keep thing squiet and away from the masses" statement?

In any event, the NSA merely collects the data. Other agencies like the FBI will request information about the connections. So a phone number is provided to the NSA and the NSA gives them a set of phone numbers associated with the target number. It's up to the requesting agency to track down names and other details.

Re:Wha'? (5, Informative)

oodaloop (1229816) | about 9 months ago | (#45769867)

The idea behind using metadata without names is building a network diagram showing who is in contact with whom. If you have one bad guy talking to another through an intermediary, it's not necessarily important to know the name or names of all the people in between, so much as it is important to know that they are in cahoots, so to speak. That information can then be the starting point for further investigation. With massive graphs of this sort, you can start to look for important nodes, identify roles and TTPs (tactics, techniques, and procedures), and flow of information from number and direction of links. I don't support the unconstitutional searching of Americans' data, but I do understand the methodology of network analysis. (IAA Intelligence Analyst)

Re:Wha'? (2)

cold fjord (826450) | about 9 months ago | (#45770051)

It is demonstrated in the 60 Minutes [cbsnews.com] segment near the beginning.

Re:Wha'? (1)

Anonymous Coward | about 9 months ago | (#45770359)

yes, but they do have to know which of those numbers belong to a bad guy, which means that they must have a mapping phone->person.
furthermore, if they know who are the bad guys, why not only tap his phone (which could even be done with a regular court order, no need for secret laws) and any other phone he talks to? why do they have to tap millions of other calls that have no connection in the graph?
I think that is exactly what people are mad about, because they are going against the "innocent until proven otherwise" doctrine that characterized free democratic countries before they lost it to paranoia, and who are now slaves to a phantom bunch of wakos whose primary goal was to attack the foundations of said free democratic countries.

Re:Wha'? (1)

cold fjord (826450) | about 9 months ago | (#45770501)

Based on the 60 Minutes [cbsnews.com] segment, if NSA sees something suspicious involving a US number it alerts the FBI of the number. The FBI would then investigate and identify who was involved.

I suggest watching it, it clarifies things.

Re:Wha'? (0)

Anonymous Coward | about 9 months ago | (#45770739)

Indeed. Which it should not be allowed to do. You don't get to mix espionage methods with police jurisdiction.

Re:Wha'? (1)

ahabswhale (1189519) | about 9 months ago | (#45771671)

Your statement makes no sense whatsoever.

Re:Wha'? (0)

Anonymous Coward | about 9 months ago | (#45769887)

The argument has been that they only collect phone numbers, and only attach those numbers by an FBI request to any individual; They have stated several times that phone numbers are not unique identifiers for individuals so their data set isn't actually about "people" or something... it always sounded like a stupid argument to me; but I've certainly heard it more than once.

Re:Wha'? (0)

Anonymous Coward | about 9 months ago | (#45770527)

The data all comes from the tel-cos. The phone companies know the names attached to all numbers. Why would this information not be also passed to The NSA? To me it seems that claiming on names are attached to the data is misinformed at best. Even throw-away cell phones can point to connections with real people attached.
As for the claim that all they are looking for is connections to other numbers: any one remember the "6 degrees of separation from Kevin Bacon"? Take that out 10 places and you have pretty near to entire population of the U.S. Out 12 places pretty much covers the population of the Earth. Plus it doesn't require much of a modern drive to hold all that data.

Re:Wha'? (0)

Anonymous Coward | about 9 months ago | (#45769891)

Just think of all the cell phone voice mail archived on the telephone company computers that auto( or you do it) deletes after a few days/weeks. Hmmm, nothing gets deleted, it just gets moved to a different place. Also why do you think MSoft coughed up the money for skype? Skype became a US owned, and then back doored to get tot he encryption parts for Uncle Sam. I wouldn't doubt if Uncle Sam gave them the money to buy Skype.

BTW, with all the complaining about encryption. Why isn't slashdot HTTPS'd by now?????

Re:Wha'? (0)

Anonymous Coward | about 9 months ago | (#45769961)

BTW, with all the complaining about encryption. Why isn't slashdot HTTPS'd by now?????

Who do you think owns Dice Holdings, Inc.?

Re:Wha'? (2)

cold fjord (826450) | about 9 months ago | (#45770047)

I don't believe I've heard anyone, in the government or not, make that claim. What possible good would metadata be to them if they couldn't associate it with an individual?

What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.

They show how it is done and discuss it in the 60 Minutes [cbsnews.com] segment. It is pretty close to the start after a brief discussion with General Alexander. You can read the transcript and watch the video.

Briefly, they can chain together the calls from someone that they identify as a terrorist and see where it leads. How many calls, where they go.

If they run into a US number that looks suspicious they can alert the FBI to start an investigation based off from the phone number. It would be up to the FBI to identify who that was.

Re:Wha'? (1)

AHuxley (892839) | about 9 months ago | (#45770257)

Metadata provided color of law cover in the USA for the NSA to try and offer parallel construction under a vast domestic surveillance.
Once before an open US court, ideas like collection of phone metadata become legally difficult.
http://www.freedomwatchusa.org/federal-judge-rules-against-nsa [freedomwatchusa.org]
http://rt.com/usa/at&t-phone-surveillance-dea-325/ [rt.com] Hemisphere was also interesting reading :)

Re:Wha'? (1)

bill_mcgonigle (4333) | about 9 months ago | (#45770259)

What I've mainly heard them say is "you shouldn't care, since we're not listening to the actual call". That's still garbage.

It is still garbage. Like Bruce says, metadata is surveillance [schneier.com] :

Imagine you hired a detective to eavesdrop on someone. He might plant a bug in their office. He might tap their phone. He might open their mail. The result would be the details of that person's communications. That's the "data."

Now imagine you hired that same detective to surveil that person. The result would be details of what he did: where he went, who he talked to, what he looked at, what he purchased -- how he spent his day. That's all metadata.

When the government collects metadata on people, the government puts them under surveillance. When the government collects metadata on the entire country, they put everyone under surveillance. When Google does it, they do the same thing. Metadata equals surveillance; it's that simple.

Re:Wha'? (1)

AHuxley (892839) | about 9 months ago | (#45770619)

Its great thanks to Snowden and many others that the world can now see past terms like "metadata" and understand that they are under constant domestic watch.
In the past you had to join a political party, be near a protest, have your car licence plate seen near a protest, be found to be writing letters on political topics...have the wrong friends, family, reading the wrong material...
Now your entire digital life awaits US domestic storage, indexing, sorting and cross referencing. The next step will be domestic US legal use beyond the Parallel construction methods i.e. the vision of a generational (life long) US court friendly digital "lockbox".
http://www.techdirt.com/articles/20130618/00483923515/nsas-lockbox-has-no-lock.shtml [techdirt.com]

Re:Wha'? (0)

Anonymous Coward | about 9 months ago | (#45772693)

I believe the actual argument that government lawyers have made was the incessant repetition of "I'm not touching you!" while holding their finger a millimeter from your face.

This is my shocked face (3, Insightful)

redmid17 (1217076) | about 9 months ago | (#45769729)

Goon on Stanford for confirming this, but it should have been pretty evident how easily the metadata can be used to identify people for a while now. The fact the NSA said it couldn't be used to do so should lead one to believe the opposite right off the bat.

Re: This is my shocked face (0)

Anonymous Coward | about 9 months ago | (#45769763)

Are these Stanford researchers really goons? Maybe you meant that the NSA goons are going to go after Stanford.

Re:This is my shocked face (0)

Anonymous Coward | about 9 months ago | (#45769805)

The fact the NSA said it couldn't be used to do so should lead one to believe the opposite right off the bat.

And when the NSA comes out and says they did overreach, we shouldn't believe them and assume they didn't. Or do you mean we should only listen to those messages that support the things we already believe, because that's basically what 90-percent of the stuff posted here is about.

Re:This is my shocked face (1)

martin-boundary (547041) | about 9 months ago | (#45770463)

Huh? The rule is: organisations do things to protect their own self interest. We don't believe them when: what they say they did doesn't promote their own self interest.

1) "We tap data, but it's anonymous and we can't do anything with it". That's unbelievable, because their mission is to spy, and tapping useless data is not in their own interest.

2) "We did overreach". That's believable, because otherwise, they would be copping the blame for something they didn't do, which is not in their own self interest.

Re:This is my shocked face (1)

PolygamousRanchKid (1290638) | about 9 months ago | (#45770131)

This is excellent news for me. Now I have some hard evidence for my Mom:

Mom: "You never call me.

Me: "Yes I do . . . just ask the NSA.

Re:This is my shocked face (1)

ahabswhale (1189519) | about 9 months ago | (#45771679)

The NSA never said they don't have the ability, they just said that they don't do it. The leave it to the requesting agency to look into.

reverse phone number lookup anyone? (0)

Anonymous Coward | about 9 months ago | (#45769755)

Yeah finding the name connected to a phone number has been almost trivial for a number of years now.
Hell "back in the day" they had physical books that could be used, so again NSA is lying to Congress and the general public in saying, hey we have numbers but no names.

Note (0)

Anonymous Coward | about 9 months ago | (#45769783)

Remember that it is not so much that they _can't_ be connected it is that they won't. It isn't legal to go willy-nilly looking at that stuff and with only a few people who have access to do such work it won't happen and the level of (I believe) congressional oversight is supposedly staggering. They don't have the resources to stop all of the bad buys, how in the heck would they find time to go rogue?

Re:Note (1)

dpidcoe (2606549) | about 9 months ago | (#45770137)

Just a thought, but what if they don't have enough time to catch the bad guys because they're too busy going rogue?

Also, phone numbers are trivial to remember and trivial to use public search tools on. There's nothing preventing someone who works with the metadata from remembering a handful of numbers, then going home and doing things with them on their own time.

Back in the day.. (1)

Anonymous Coward | about 9 months ago | (#45769793)

Back in the day they had these things called "reverse lookup phonebooks" which could connect numbers to names at least 90% of the time, probably more. Of course nobody uses paper anymore.

More recently -- like, maybe two decades ago -- there was a company that sold such listings on CD-ROM.

Somehow I don't imagine that there's nobody doing that as a web-based service these days, and am shocked that the researchers didn't get a better hit rate. Maybe they didn't want to spend any money. (RTFM? This is Slashdot!)

That dog doesn't hunt (0)

Anonymous Coward | about 9 months ago | (#45769951)

The NSA (Executive Branch) and the Administration (Obama-D) was hoping for plausible deniability. Oops.

With what accuracy (4, Insightful)

phorm (591458) | about 9 months ago | (#45769967)

Just because you've connected 123.233.266.41 with "Bob Smith", doesn't mean you've actually connected to the right person. We've already seen cases where RIAA supoena's to ISP's have gotten the addresses of grandmothers who can barely use email much less file-sharing... so how do we know there "connections" are accurate.

Correction (0)

Anonymous Coward | about 9 months ago | (#45770019)

Sorry

s/there/their/

Re:With what accuracy (0)

Anonymous Coward | about 9 months ago | (#45770087)

Ask the NSA to double check.

Re:With what accuracy (1)

Obfuscant (592200) | about 9 months ago | (#45770173)

This. I'm amazed it has taken this far into the thread before someone has brought up the analogy to IP addresses and that IP addresses do not identify people.

Yes, they can find the account name on the "metadata" just like they find the account name on the ISP account that had the lease on the IP address. If anyone even hints that the account name on the latter proves that they used the IP address to do something there would he hundreds of derogatory postings on /. telling them they're ignorant, stupid, a moron, or an **AA shill. But when the NSA says they can't tie a phone number to a specific caller, they're liars and evil.

If **AA cannot do it with an IP address even though they claim they can, then the NSA cannot do the analogous operation on a phone number and they are correct when they say they cannot.

Re:With what accuracy (1)

DanielRavenNest (107550) | about 9 months ago | (#45770441)

> But when the NSA says they can't tie a phone number to a specific caller, they're liars and evil.

Hey, can I borrow your cell phone?

Re:With what accuracy (1)

phorm (591458) | about 9 months ago | (#45770479)

Not quite what I meant. Basically, they can probably do it within XX% accurate, where on a really good day that XX% might be in the 90's... but that still means that some poor bastard in that region between 1-10% could be misidentified and end up on a terrorist watch list with a bag over his head and a secret trial...

Re:With what accuracy (1)

VortexCortex (1117377) | about 9 months ago | (#45770581)

Say, someone has a phone number and it regularly calls another phone number or set of numbers. You have metadata that validates this connectivity their social media connections, and email addresses where their real names are used. The meta data is not considered in isolation. The MPAA/RIAA hasn't been collecting meta data since the 70's like the NSA has. [wikipedia.org] They don't have the huge data-centers the NSA does. And, you don't have to prove 100% absolutely that the phone number belongs to someone without a shadow of a doubt. It's known that phones will sometimes be lent to other folks to make phone calls. Outliers are easy to trim from graphs, eh? The *AA folks have an instances of an IP address doing something, it's not in the same league as what the NSA is doing.

You see, when we sample the data in aggregate we find it overwhelming more frequent the guesses are correct. The names match the numbers we guessed most of the time, and that's good enough to delve deeper. Triangulate your location -- Oh, look there's that one time you were alone and used the phone, and together with all that other data, yeah we got you red-handed with more nines than the Higgs' Boson. Suspicion of the NSA can lead to deployment of exploits on your hardware [theatlantic.com] -- Access your email and bank or social media from the phone regularly? Ah, yep looks like it's him. You're not really going to say that's not a sample of your voice we got there are you? Oh, you've heard of parallel construction, [wikipedia.org] right?

Meta data alone is very powerful. Would you like to know more? [kieranhealy.org]

Re:With what accuracy (2)

dpidcoe (2606549) | about 9 months ago | (#45770487)

Just because you've connected 123.233.266.41 with "Bob Smith", doesn't mean you've actually connected to the right person. We've already seen cases where RIAA supoena's to ISP's have gotten the addresses of grandmothers who can barely use email much less file-sharing... so how do we know there "connections" are accurate.

You don't know for sure, but you can get a high degree of probability by cross referencing other things, like connection time, who was contacted, etc. I have a bit of experience in that regard.

About 10 years ago I used to be part of a server admin community for an FPS game. We published a banlist for confirmed cheaters detected by punkbuster (in its default state it was crap, properly tuned by someone who knows what they're doing it was quite good at catching cheaters) and let people run our banlists and punkbuster configurations in exchange from streaming their server logs to us. We built a database of what basically amounted to phone metadata (player names, unique IDs, what servers they connected to from what IPs and when, and a record of any kicks and/or bans associated with any unique ID). Someone made a search tool for it that grew organically until we could cross reference just about anything. We started using it to background check people who applied for access to the private section of our forum where we developed punkbuster configurations in response to the cheaters updating their various aimbots to avoid our detection scripts in an endless arms race.

The standard method for finding someones alternate accounts was to dump a list of every single IP address they'd connected from (usually somewhat large), then dump a list of every account that had ever connected from those IP addresses at any point in time (usually about the same size as the name table, due to not all IPs being re-used by gamers who happened to play that particular game). At that point it was an extremely circumstantial and tenuous connection between the names at best, and we'd leave it at that if nothing looked suspicious (if none of those names were banned, all of them could be the guys alts for all we cared). However, if one of the accounts had once been banned, we would start looking deeper into it.

The usual way to make a solid link between the two was to check what IP addresses they connected to during what times. If the accounts connected from the same IP in an interlinked fashion (e.g. account1 connects, then account2 connects, then account1 connects again over a period of a few days), we could safely assume they were at least in the same building (or college campus or whatever). We figured that it would be incredibly bad luck for DHCP to cycle like that between two people who played the same game with one of them happening to be a cheater. From there, we'd check what servers they visited regularly, and what times they had a habit of being active at. If account1 visits servers A, B, and C on a regular basis, and then account2 also visits A, B, and C on the same basis, we would be pretty sure of it being the same person.

It wasn't enough that we would ban people over it, but it was enough for us to deny access based on the fact that their computer probably wasn't physically secure from whoever was cheating. We didn't want to have a situation where someones family member was a cheater and started using their brothers credentials to relay our private checks to the hacker sites before they were released or something like that.

In related news ... (4, Insightful)

Cassini2 (956052) | about 9 months ago | (#45769985)

the NSA automatically identifies telemarketers, and does nothing.

Re:In related news ... (1)

vlueboy (1799360) | about 9 months ago | (#45770565)

OK, devil's advocate here:
Marketing and commerce helps the government, despite all the annoyance we the consumers get.
This resolves into revenue that the government well know they can tax at some point.

Publicly admitting to spying by doing us a public service like you describe would be great, but doesn't help them right now. Look at the NSA's name. Since what they're doing is covert anyway, they can play the "Commerce is not our jurisdiction because Security and not Commerce is part of our name."

At the same time, the boss (government) can just play innocent even though it COULD put the data to good use. Again, if you follow the money, you'll see little motive in cutting money flow by shutting down telemarketers. It's not black and white like can-spam, though. Telemarketing calls tend to be legit, and just take advantage of liberal sharing policies from businesses you already trust [because subtle fine print always allows partners and affiliates to get data unless you opt out by call or mail, which is a bother], as well as loopholes.

Doesn't matter what helps the government (0)

Anonymous Coward | about 9 months ago | (#45770889)

They answer to us, or at least they've forgotten that part. We can certainly remind them, through methods ranging from polite and respectful to their worst fucking nightmares.

Re:In related news ... (1)

KingOfBLASH (620432) | about 9 months ago | (#45770973)

Don't give them any bright ideas to justify what they're doing.

When did 91 out of 5000 become 91% (1)

fred911 (83970) | about 9 months ago | (#45770417)

Please explain.

Re:When did 91 out of 5000 become 91% (1)

CycleMan (638982) | about 9 months ago | (#45773591)

I RTFA. Since a quick free automated process resolved 27% of their 5000 records, they decided to see what a little human time and money could do. They sampled 100 of the 5000, and found data for 91 of them (91%). The sample might not be fully representative of the larger set, or of data in general.

Joe Biden's quote of the day (1)

WaffleMonster (969671) | about 9 months ago | (#45770733)

"I don't have to listen to your phone calls to know what your doing."

"If I know every single phone call you made I am able to determine every single person you talked to I can get a pattern about your life that is very very intrusive"

Re:Joe Biden's quote of the day (1)

rubycodez (864176) | about 9 months ago | (#45772039)

for a lot of geeks that wouldn't hold true, we don't use our phone calls to communicate with friends

now email, chat, forums, other social networking, on the other hand...

Out Flank Capture Flag (0)

Anonymous Coward | about 9 months ago | (#45772383)

This suggest we can capture the metadata of transmissions originating at Ft. Meade Maryland and connect them to each employee of the National Security Agency.

Sweet!

1984 (0)

Anonymous Coward | about 9 months ago | (#45776063)

I cannot believe that even on slashdot people will readily accept and adopt the governments twisted (deliberately) concept of metadata! A phone number is NOT metadata. It is an actual piece of data. The metadata for a database that may store this type of information would be things like: DATE, PHONE_NO, DURATION. Not actual instances of this data but a description of the kind of data that is stored.

Along the same lines, Identity Theft does not exist. It was invented to divert attention from the lazy, incompetent companies that don't want to be bothered with acting responsibly and knowing to whom they are giving stuff to.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?