Two scientists have shown that it is quite easy to identify and locate customers with the connection data collected en masse by the nsa
The mass surveillance interceptions by the nsa and other intelligence agencies are sometimes justified by the fact that there is actually no interception at all. Only the connection data (metadata) was collected, i.E. No personal information, which is why the excitement of the privacy activists is exaggerated.
President barack obama has also tried to downplay the nsa surveillance programs brought to public attention by edward snowden. Presumably prepared by his security advisers and the intelligence agencies, he told the pbs channel in june 2013: "one has my phone number connected to your phone number. There are no names, there is no content in this database." he said this after aring that the nsa could not eavesdrop on a u.S. Burger’s phone conversations or track emails without a warrant.
In october 2013, democratic senator dianne feinstein, who is also the chair of the intelligence committee, wrote usa today more plainly: "the telephone program is not a surveillance. It does not collect the contents of any communication, nor do the records contain names or places. The nsa collects only the kind of information you would find on a phone bill: phone numbers of calls made and received, the time and duration of the calls. The supreme court has declared that this ‘metadata’ is not protected by the fourth amendment." the computer scientist edward w. Felten, on the other hand, has explained in an expert opinion for the aclu that it is relatively easy to obtain personal information from connection data. For a project of the center for internet and society, two staff members tested whether the collection of connection data is really as harmless as the defenders of surveillance programs like to say, i.E. Whether it really only collects numbers and not names. To do this, they asked u.S. Android users to crowdsource their connection data through the metaphone app to see how easy it is to find names or other personal information from that data.
While a new york judge has just ruled that mass collection of connection data is legally okay to prevent terrorist attacks like 9/11, washington judge richard leon, as the two authors point out, had concluded in a previous ruling that it likely violates the fourth amendment to the constitution. According to him, judicial review for a "national security letter" (nsl) not at all necessary for the fbi to obtain customer identification information from the telephone company on the connection data collected by the nsa: "there is also nothing to stop the government from skipping the nsl step altogether and using public databases or other existing vast resources to link phone numbers to customers."
Senator feinstein immediately felt compelled to respond to leon, but did not address the possibilities of obtaining names that he suspected, instead referring to other rulings that had confirmed the interception authority. She particularly highlighted california judge jeffrey miller’s november 2013 ruling that "no legitimate expectation of privacy in connection data" in the case of connection data, because there are no names, contents or localization data. The collection of connection data cannot be called surveillance, he added.
The two authors randomly took 5000 phone numbers from the metaphone data and used them to search yelp, facebook and google places. With no rough effort and just three sources, they had the names for 1.356 of the phone numbers (72.1%) found out. If you not only start an automatic search, but also use employees, as intelligence agencies can do, you will get even further. To test this, they took 100 phone numbers and entered them into google. Within one hour, 60 numbers could be assigned to a person or a company. If one adds the three sources used before, they came already on 76. And if you can spend more money, you can get further even faster. Due to the lack of budget, the two authors tried only one cheap provider, intelius. Thus they could increase the number of hits to 91. "When a few academic researchers come so far so fast", so the conclusion, "it is hard to believe that the nsa has had any trouble identifying the vast majority of american telephone numbers."
Whether the nsa does or has done this is not known, but it would be possible to link phone numbers to people, organizations or companies from the collected data. Then the mass collection of connection data would not be as trivial as obama, feinstein and others claim. If it was only about numbers, the collection would not be very productive, and this is what the californian judge had to decide. In the conviction of four somali men for collecting funds for the terrorist group al-sahbab, the connection data collected by the nsa played an important role. And they could only do that if the connection data could be linked to them. That is exactly why they are being collected, which is why obama and co., that it is only about numbers and not about names, makes for rhetorical smoke and mirrors, consequently for the dumbing down of the people.