Skip to content

PRISM, the NSA – We “only” collect the meta-data

July 12, 2013

In my opinion, this statement from the US National Security Agency, when defending themselves against the revelations by Ed Snowden about how PRISM collated data about your online communications, is perhaps the most reprehensible piece of marketing double-speak I have heard for a long long time.  They know full well that the vast majority of people don’t really understand what meta-data is, nor how it can be used.  So they rely on ignorance of the populace to hide what they do. They really do think we are stupid.

This article in the International Business Times gives you a useful way to visualise what it means by allowing you to analyse your own email traffic to show what it reveals about you.  What the article does not do is highlight that this data is aggregated and correlated with vast troves of other online activities you engage in.  These two terms, aggregate and correlate, are where it really gets scary.  What you do in any online service is aggregated with what you do in email and other online activities. Lets face it you usually provide an email to validate so many of your logins right?  so how hard is it to correlate a validation email received from a service provider to your personal account if you are tracking the meta-data (who sent what when to whom)?  It’s not hard at all.  This new meta-data is inferred (we’ll get to why that’s scary later) and is aggregated with other data, all of which is inferred from what you do, when, who with.

We are all private individuals, even if we use a social network, we are careful who we connect with, what we share, our kids at school have this drummed into them.  So they think they are safe.  I had exactly this experience when I presented the Krowd privacy concepts to a bunch of tech savvy android developers at a college.  All 16-18, the general consensus was, if I am careful about what I post, so what?, no one sees anything I don’t want them to see.  So wrong.  The meta-data sees a lot lot more. I pointed out that while they used online tools from the same place at the same time on a regular basis, that meta-data can be obtained, stored, aggregated from multiple service providers (hence why the NSA has deals with so many large online service providers) and then patterns of activity can be spotted.  your patterns are mapped to patterns of other individuals, and it becomes easy to infer a relationship between you and someone in your class even though you never connect to them on social networks, email or anything else (and your college records are maintained privately).

The problem with these inference engines is that they work on heuristic programming techniques – which basically means they make connections on the basis of probability, not certainty.  So you are probably connected to those same people in the same place at the same time.  But at what point does this probability become certainty in an investigators mind? Getting back to my initial point about understanding of meta-data, even our courts struggle with such things, they are not staffed with technical people, so the chance of an inference being taken as proof steadily rises, but where is the courts application of reasonable doubt in this context?  As yet its an unresolved legal issue in most countries.

Meta-data + Aggregation + Correlation + Inference = a very uncertain world for the ‘little people’…that’s you and I.

On a positive note – The NSA, however powerful, and they are (see the wired magazine article on General Keith Alexander) are ultimately answerable to the people, law and government.  So there is hope that eventually the ‘little people’ can claw back some semblance of online privacy, although the issue of country boundaries will vex law makers for many many years.

But, in my next blog I will discuss how commercial online  entities stay 3 steps ahead of the law, by offering convenient services for ‘free’….of course only a fool believes anything is truly free, they are commercial entities out to make a profit, and they profit from you as the product, and you’re getting a raw deal.

From → Uncategorized

  1. See and how global organisations have highlighted meta-data as being in dire need of control in order to deliver privacy.

Trackbacks & Pingbacks

  1. PRISM, the NSA – We “only” collect the meta-data | Man in the Krowd

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: