Stanford Grad Students Show NSA Metadata Names are Easier to Trace than Obama Admits

Sunday, January 05, 2014

Dueling federal judges during the past two weeks have issued diametrically opposed rulings on the constitutionality of the National Security Agency’s (NSA) bulk collection of Americans’ telephone call metadata.


One of the principle issues is whether metadata—data about data that does not overtly identify the caller or the content of the call—reveals more than just numbers. President Barack Obama is on the record saying it does not. “You have my telephone number connecting with your telephone number. There are no names,” the president told Charlie Rose on PBS.


But two graduate students at Stanford University conducted a small study and quickly determined that it was irrelevant whether the NSA database of metadata had names, because the associated names were readily obtainable.


Jonathan Mayer, a computer science graduate student and soon-to-be lawyer, and Patrick Mutchler, a PhD candidate in computer science, wrote on Mayer’s blog about an experiment conducted using 5,000 phone numbers obtained from interested participants via crowdsourcing. Using just Facebook, Google Places and Yelp, the two were able to put names to 27.1% of the numbers.


They then took 100 random names from their crowdsourced list, 13 of which had names attached from the aforementioned social media hunt, and ran various Google searches on them. They nailed another 60 names. Then they ran the 100 numbers through Intelius, a cheap (and not always reliable) online aggregator, and snagged another 18 names.


So after spending a few hours of research and even fewer dollars, the student snoopers identified names for 91 out of 100 numbers.


Their conclusion? “If a few academic researchers can get this far this quickly, it’s difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers.”


The Stanford experiment validates what U.S. District Judge Richard Leon wrote when he issued an injunction barring the NSA from collecting metadata (in this case from Verizon) and ordered the agency to destroy what it had collected.


Leon said the government’s argument that the names were safe because the FBI would have to issue a “national security letter” (NSL) to a telecom to get them is bogus because, “NSLs do not require any judicial oversigh…meaning they are hardly a check on potential abuses of the metadata collection. There is also nothing stopping the Government from skipping the NSL step altogether and using public databases or any of its other vast resources to match phone numbers with subscribers.”     


Leon then issued a stay that allowed the government to keep doing what it’s doing while the issue wends its way to the U.S. Supreme Court through various venues. He predicted that could take six months.


One of those venues is the courtroom of U.S. District Judge William Pauley, who called the spying a “vital tool” of counter-terrorism a week later and said it was constitutional.   

             -Ken Broder


To Learn More:

MetaPhone: The NSA’s Got Your Number (by Jonathan Mayer and Patrick Mutchler, Web Policy)

Grad Student Proves NSA Can Link Metadata to Your Identity with “Marginal Effort” (by Travis Gettys, Raw Story)

Judges Clash over Whether NSA Phone Data Collection is Lawful (by Matt Bewig, AllGov)

Klayman et al v. Obama et al (U.S. District Court for the District of Columbia) (pdf)


Leave a comment