NSA knows you own guns. That’s the only possible inference from recent traffic-analysis research conducted with Stanford University volunteers by Stanford grad student Jonathan Meyer, his co-author Patrick Mutchler, and a team of researchers. They used an Android app installed by study volunteers to collect the same metadata that NSA collects and retains on every American’s every phone call. They wondered what they might find, and suspected that the assurances of such characters as NSA’s dishonest Director Clapper, who perjured himself before Congress denying the existence of this program; President Obama, who dismissed ; Senator Feinstein, who dismissed privacy concerns; and many others, might be bogus.
As they explain, it their app should let them answer some simple questions.
This is, at base, a factual dispute. Is it easy to draw sensitive inferences from phone metadata? How often do people conduct sensitive matters by phone, in a manner reflected by metadata?
At the start of the study they said, by way of recruiting participants:
The NSA has confirmed that it collects American phone records. Defenders of the program insist it has little privacy impact and is “not surveillance.”
Like many computer scientists, we strongly disagree. Phone metadata is inherently revealing. We want to rigorously prove it—for the public, for Congress, and for the courts.
That’s where you come in. We’re crowdsourcing the data for our study. We’ll measure how much of your Facebook information can be inferred from your phone records.
Despite the small size (n=649) and brief duration (~4 months, with many particpants only playing for a short period), the researchers have been able to infer accurately quite detailed information about the participants, including not only gun ownership but in at least one signal case, AR ownership. (They also identified participants suffering with sensitive medical conditions, and seeking abortions. You don’t need to be a bearing-arms kind of guy or gal to be up in arms about this).
Meyer and Mutchler write:
We’re listening. If you object, you must be hiding something.
The degree of sensitivity among contacts took us aback. Participants had calls with Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more. This was not a hypothetical parade of horribles. These were simple inferences, about real phone users, that could trivially be made on a large scale.
This is the excerpt that is getting the most play worldwide:
During our analysis, we encountered a number of patterns that were highly indicative of sensitive activities or traits. The following examples are drawn directly from our dataset, using number identification through public resources. Though most MetaPhone participants consented to having their identity disclosed, we use pseudonyms in this report to protect participant privacy.
We’ll just interject that that’s more concern for privacy than we’ve seen from anyone in DC, and these guys’ test subjects volunteered. Stanford FTW. Now back to the widely-played excerpt:
Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.
We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.
Now, the small size of the Stanford sample and short duration of the study are not its only weaknesses. The sample was not scientifically selected, it was a volunteer sample, which means it probably has many skews. (For example, it almost certainly skews low on firearms ownership, even relative to Californians in general… only 7% of volunteers have been betrayed as gun owners by the data, so far).
In addition, the study is not truly equivalent to NSA’s surveillance for several other reasons. Let’s run through them:
First, they were only able to identify a percentage of the telephone numbers (sample members called ~33,000 numbers, 6,107 of which or 18% resolved to an identity. NSA begins with possession of the identities of all the numbers. But the Stanford team didn’t try very hard to identify the numbers. (On a previous run against a random sample of 5,000 numbers, they ID’d 27.1% with no effort, 73% with trivial effort, and 91% with very little effort, and the help of a cheap consumer-oriented data aggregator).
Second, they had no working aids such as number lists to work with at the start. They generated everything from scratch. The NSA has been building its domestic-spying databases for a dozen years, if not longer.
Third, they only attempted what Meyer and Mutchler called “trivial” or “naive” analysis. If it wasn’t on Google, Yelp or Facebook, they gave up looking. For example, they didn’t bother with participants’ blogs or looking for other social media memberships.
Fourth, they report no effort at traffic analysis beyond identifying who called trivially identifiable numbers. A whole toolkit is lying untouched on their workbench. You may rest assured that the government snoops’ tools are not so neglected.
Taken together, all of these these constraints on the sample and the study, and these weaknesses of the Stanford team’s analytic approach and working aids vis-a-vis those on hand at NSA, suggest that this is a very low bound to the sort of data NSA holds. NSA hasn’t been tracking 650 geeks for 6 to 12 weeks: they’ve been tracking everybody for years, probably since 2003. And apparently, they hold the data forever, and dig into it at their own option. Senator Dianne Feinstein, an Intelligence Committee member and generally an NSA apologist, responded during an interview:
Question: But they’re sort of logging this data so they can hold it if they need it later, as opposed to knowing that they need it and getting it.
Feinstein: Well, you can’t know that you need it at the time. You have to go to it and see if there is the link that you’re looking for.
Have you spoken to an FFL, a gunsmith, a gun writer, another gun owner, in the last ten years? If so, you’re already in a de facto registry. Creeped out yet? Here’s what happened (earlier in their research, with less data in hand) when they applied some more sophisticated analysis to the reassuring claim that NSA only follows three hops from a suspect number.
And hey, can NSA tell if you’re dating, and whom? Yep.
But that’s OK, because this data’s completely safeguarded, except for the times that Bradley Manning or Edward Snowden walked off with it. Other than that, yeah, and these must be the only breaches because they’re the only breachers that went public with the data, right?
So this telephonic model of your life can tell the spooks about your guns. And, by the way, NSA shares this stuff with ATF on request (no warrant needed then, either), through the liaison officers at the fusion centers. The end result of this warrantless surveillance dragnet is less privacy for all, and more power for lawless secret police.
And remember, with all this domestic (and God alone knows what foreign) surveillance, the secret police found out about the plans of the Boston Marathon bombers when the bombs went bang. Because they’re not looking for them. They’re looking for you.
And they know you’ve got a gun. Or guns.