You have probably heard the term "metadata" mentioned frequently in reports about government surveillance programs. Or, maybe you have been involved in a class-action lawsuit where a company was alleged to have abused the metadata of its customers.
One way to understand what metadata is to look at examples for different types of data. First, metadata about your (cellphone and land-line) telephone calls includes:
- The phone number you called (reportedly, the name is not collected)
- When you made the phone call: date and time
- Phone number of who called you
- When you received that call: date and time
- Your phone number
- Your phone information (UDID if a mobile device)
- How long you talked: duration of the call in minutes
- Where you made/received the phone call (e.g., geo-location of your mobile device)
Mobile device includes cell phones, smart phones, and tablets. Metadata does not include the contents of your telephone calls or conversations: what you said during your phone conversation. Courts have ruled since 1979 that it is legal to collect telephone metadata. They can learn a lot by analyzing the patterns of your phone calls: who, when, and where you make/receive certain calls. They don't have to listen to your actual phone conversations to learn a lot. Analyzing the metadata of your phone calls tells them almost everything they need or want to know.
Supposedly, agencies need a court order to listen to your phone conversations, but the NSA PRISM surveillance program has already been listening to your video conversations via Skype since early in 2011, including conversations where a person at one end uses a conventional telephone.
Second, metadata about your text messages includes:
- The phone number you sent a text message to
- When you sent the text message: date and time
- The phone number of who sent a text message to you
- When you received a text message: date and time
- Your phone number
- Your device information (UDID if a mobile device)
- Where you sent/received the text message (e.g., geo-location of your mobile device)
Metadata does not include the contents of your text message: what you typed. Remember, your telephone company compiles a detailed record of when and where you are near certain cell towers, because your mobile device constantly seeks the nearest cell tower to make/receive calls or check for voice-mail messages.
Third, metadata about your e-mail messages includes:
- The e-mail address you sent an e-mail message to
- When you sent the e-mail message: date and time
- The e-mail address of somebody who sent an e-mail message to you
- When you received the e-mail message: date and time
- Your e-mail address
- Your device information (UDID if a mobile device)
- Where you sent/received the e-mail message (e.g., geo-location of your mobile device)
Metadata does not include the contents of your e-mail message: what you typed and the contents of any attachments. This gives you an idea of the extent of the bulk e-mail metadata collection by the NSA, in addition to the bulk phone-call metadata collection -- whether directly, through an intermediary (e.g., your phone company, ISP, or e-mail service), or through the XKeyscore spy program.
NBC News reported this about the legality of collecting your e-mail metadata:
"... emails sent and stored on services such as Gmail seem to fall in between these two legal categories. Is the email content, like a call conversation or a letter sealed in an envelope? Or it is data freely given to a third party? Congress tried to split that baby with the Stored Communications Act back in 1986... it created some situations under which law enforcement officials can peek at any data given to third parties, including email, without needing to show probable cause.This means law enforcement officials are sometimes not required to ask before they barge into your virtual home."
Fourth, metadata about your photographs includes:
- When you took the photograph: date and time
- Your device information (e.g., brand, model, UDID if a mobile device)
- The size of the photograph (e.g., bytes, width in pixels, height in pixels)
- The format or file type (e.g., *.jpg, *.png)
- The resolution of the photograph (e.g., pixels per inch)
- Your information (e.g., your name, e-mail address or user name if the photo is uploaded to a social networking website)
- Your camera or device information (e.g., make, model, F-stop, exposure, flash mode, zoom setting, lens maker, lens model, serial number, EXIF version)
- When you edited the photograph: date and time
- Where you took the photograph (e.g., the geo-location, if you used a mobile device)
- Any title, comments, and/or caption text you added to the photograph
- Persons in your photo, if you tagged the photo with names after uploading it to a social networking website
Your video files contain similar metadata elements. Using metadata associated with your photos and videos, they can tell a lot about you without viewing the actual video or photo. Note: social networking websites usually add more metadata to your photographs (and videos) that you upload and store on their service. Why? This makes the data they sell about you more valuable to advertising networks and analytic/tracking companies.
Earlier this year, the International Press Telecommunications Council (IPTC) released the results of a study of images used by social networking websites. Most of those sites edit and delete photographers' metadata from images they host. The IPTC studied 15 social networking websites, and what happened to image metadata during both uploads and downloads. Some of the social networking websites studied: Dropbox, Facebook, Flickr, Google+, Instagram, Pinterest, Twitter, and Tumblr. The IPTC found:
"... Facebook and Flickr are some of the worst offenders, with most of the metadata removed from the original files uploaded. Twitter has also been found to remove Exif and IPTC metadata from its files. Google+, however, passed all of IPTC's tests with flying colours,"
Read the details about the IPTC metadata study. So, the practices by these websites intentionally affects the quality and integrity of your photographs by changing the metadata attached. I'll bet you didn't know that. I'll bet this photo/video metadata tracking gives you a whole, new view of social networking sites.
After reading all of this, several things should be clear. First, metadata is very informative and valuable. It is not benign. Experts have found that metadata is more revealing about you than the content of your telephone conversations. How? By combining your online activity, phone calls, and real-world location. Example: you get a call from your doctor, and five minutes later you do a Google search for "ovarian cancer," and then click through to visit the WebMD website. Twenty minutes later, you call your spouse. After that, your smart phone's GPS history from the telephone company (or your debit card transaction history from your bank) reveals your location at your neighborhood pharmacy. They can easily infer what's happening, even though they did not listen to your actual telephone conversations.
Second, the collection of metadata does not make government surveillance programs any less intrusive. They can learn a lot about you by analyzing only the metadata associated with your online activity. With additional metadata supplied by social networking websites, they can easily learn a lot more.
So, when you hear corporate executives, pundits or politicians claim that there is no problem because they are only collecting metadata, you now know that is misleading and not entirely honest. So, when you hear corporate executives, pundits or politicians claim that there is no problem because they are not reading your email/text messages nor listening to your phone conversations, you now know that, too, is misleading and not entirely honest.
One way to maintain your privacy is to control who has access to the metadata associated with your online activity. To understand the extent of the problem, consumers must demand to know who collects, edits, deletes, saves, and shares (with whom) the metadata associated with your online activity.
I'll bet this gives you a new view of government surveillance programs. As you rush to use cloud services for convenient access by all of your mobile devices, you might pause and consider:
- What metadata is attached to the files you have stored in cloud services,
- Who controls, edits and deletes the metadata attached to those files,
- The companies and governments the cloud service shares your files' metadata with, and
Experts have warned that the massive NSA government spying program could cost U.S.-based cloud-services vendors $35 billion in lost revenues, as customers seek alternatives. Despite the claims of pro-surveillance politicians and government officials, broad surveillance of all citizens has its direct costs.
Were these pro-surveillance people so arrogant (or myopic) that they assumed there wouldn't be consequences to American businesses? Or do they just not care? One could make a good argument that this broad surveillance has jeopardized America's leadership in developing, utilizing, and innovating the Internet, as users look for substitutes to products and services by American Internet and high-tech companies. The surveillance has also damaged the trust by America's allies.