Jun 19, 2013 (08:06 AM EDT)
What Prism Knows: 8 Metadata Facts

Read the Original Article at InformationWeek

1   2  
One of the biggest worries triggered by Edward Snowden's National Security Agency (NSA) leaks concerns the scale of data being collected by the intelligence agency.

Government officials have said that while various NSA programs capture different types of data, including metadata relating to phone numbers and call duration, that information is used only to investigate foreigners, unless the FBI first convinces a judge to issue a warrant based on probable cause.

Still, the NSA appears to be collecting records on millions of innocent Americans, and then storing the information until it may be needed at a later date. The agency's supporters, including President Barack Obama, have said that the program makes the country more secure without compromising privacy. According to news reports, advanced search algorithms are used to ensure that information is accessed -- again, without a court order -- only on people who appear to be foreigners.

On the flip side, Center for Democracy and Technology (CDT) president and CEO Leslie Harris said, "There is no algorithm exception to the 4th Amendment," referring to the Constitution's prohibitions on unreasonable searches.

[ Is Edward Snowden a hero or a traitor -- or somewhere in between? Read NSA Prism Whistleblower Snowden Deserves A Medal. ]

Is either side fully right or wrong? Here are eight facts relating to the U.S. government's capture and use of metadata:

1. What Can Metadata Do?

For starters, Bruce Schneier, chief security technology officer of BT, said the metadata in question is more accurately known as "traffic analysis". Nomenclature aside, traffic analysis offers powerful possibilities for identifying whoever's behind the communications. A recently published Nature study found that human mobility traces are highly unique. Based on data collected by researchers on 1.5 million people over a 15-month period, given just four data points -- involving location and time -- they could uniquely identify 95% of the individuals, and by picking two random points, correctly identify half of the people being tracked.

2. Should Intelligence Agencies Be Allowed to Collect Everything?

What are the intelligence ramifications of the Nature study? "When paired with emerging 'big data' analytics techniques, metadata can ultimately prove to be more valuable, and potentially even more illuminating, than the 'data' itself," said CDT researcher Aubra Anthony in a blog post. "Right now, the government's interpretation of Patriot [Act] Section 215 doesn't seem properly limited to protect the privacy of innocent Americans. In fact, the collection of this metadata seems unlimited in scope and duration."

3. Obama: Collection Doesn't Equal Access

Many people have balked at having details related to every call they make recorded. But according to Obama, who's defended the NSA's programs, the data is rarely used. "If you're a U.S. person, then NSA is not listening to your phone calls and it's not targeting your emails unless it's getting an individualized court order," Obama told Charlie Rose in an interview broadcast Monday night on PBS.

Furthermore, Obama said, such a court order would result only if the FBI could demonstrate probable cause to a judge. "[It's] the same way it's always been, the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause."

4. Obama: This Program Doesn't Track Location Data

While a little location and time data could quickly allow investigators to create positive matches, according to President Obama, the NSA's phone-record interception program doesn't capture location data. "There are two programs that were revealed by Mr. Snowden, allegedly. ... Program number one, called the 2015 Program, what that does is it gets data from the service providers like a Verizon in bulk, and basically you have call pairs," Obama explained. "You have my telephone number connecting with your telephone number. There are no names. There is no content in that database. All it is, is the number pairs, when those calls took place, how long they took place. So that database is sitting there."

Given a "reasonable, articulable suspicion that this might involve foreign terrorist activity related to Al-Qaeda and some other international terrorist actors" -- perhaps from the CIA or New York Police Department -- then the NSA, with a court order, will perform narrow queries on the database to see if the phone number has been recorded, and if so, what other numbers it was used to contact. At that point, Obama explained, a related report will be generated and passed to the FBI.