Saturday, June 8, 2013

Meditations on Metadata

I'm sure the NSA is looking back to the days when it was a secretive, little-known intelligence agency able to hide behind the shadow of the CIA.  I read "The Puzzle Palace" a long time ago and any Tom Clancy fan knows what "No Such Agency" does.  It uses spy satellites and stuff to gather electronic intelligence on foreigners to keep America safe.

Or so we thought.

Reports of improper Justice Department collection of phone records were bad enough.  Then came the revelation that the NSA has collected over 100 million phone records from one carrier.  It only seems logical that other carriers have also provided hundreds of millions of records.  Today it comes out that the NSA is also collecting data from internet service providers, social media sites, search engines, and even credit card companies.  Proponents of the programs assure us that the NSA is not actually listening to all of these phone calls and the data is only being sifted for national security purposes.

 I'm fairly certain that nobody at Fort Meade is reading my Facebook posts.  Nor do they care that I used my credit card to buy lunch yesterday.  Unless my data becomes linked somehow to a threat predictor I can be confident that my anonymity remains intact simply due to the sheer volume of data being stored.

It doesn't matter.  What is being done today with my information is not the problem.  The problem is how that information may be used in the future.  The film "Minority Report" contains a scene where the protagonist walks into a store in a shopping mall.  Scanners in the store identify him, query his sales history, and an electronic voice asks him how he is enjoying the jeans he purchased recently.  We are almost there.  

Years ago I worked a temp job for a firm that administered customer loyalty programs for grocery stores.  I was amazed at what simply using a barcoded keychain fob to obtain a discount on groceries allowed the stores and the marketing company to learn about people.  Today social media apps like Facebook will post your physical location for all of your friends (and possibly all of Facebook; have you checked your privacy settings?) to see in realtime.  But these activities are voluntary.  People can decide for themselves whether to allow this data to be collected or made public.

The NSA activities cross that line.  Will we, nil we, the data and the metadata are being collected.  Metadata?  That's information about the data; time, location, duration, etc.  Metadata can be very revealing, too.  The fact that you made a call to an individual at a particular time while driving past a particular cellular tower can reveal contextual clues about your activities even if the exact contents of the call are not recorded.  Just ask a divorce attorney.

Monitoring social media gives the agency information about how we choose to electronically assemble and associate.  If location data is also collected you have yet another tool to monitor the locations and traveling history of people without their knowledge.  Monitoring online activity is even more intrusive.  Did you use your iPhone to check your bank account balance?  Buy an e-book?  The NSA probably knows.

How would you like to receive an annual bill from the IRS for sales tax on every online purchase you made last year?  If your credit card and debit card activity is being collected, there is no reason why that cannot happen.  Did your electronic purchases exceed a certain percentage of your declared income?  The IRS has just been handed responsibility for monitoring the state of your health insurance.  Your lifestyle and economic choices can't be far behind.

During the 2012 presidential debates some wondered whether Harry Reid had obtained copies of Mitt Romney's tax returns, based upon statements Mr. Reid made.  Less than one year later that possibility seems more likely given revelations that IRS employees were selectively auditing tax documents filed by conservative groups and in at least one case, gave confidential donor information to a rival group.  How would you like to be audited by the IRS because some civil servant doesn't like your political donations?

Gun rights groups have been called paranoid for resisting laws to establish a federal database of gun owners.  This is why.  If you want examples, look no further than Nazi Germany, Great Britain, and Australia.

Allow the state to collect this data and eventually the data will be used.  The War on a Noun will be invoked.  Police chiefs will solemnly swear that this data-mining is essential in bringing the noun-committers to justice.  We are reassured that these tools will NEVER be used against normal, law-abiding folks, only THEM, the noun-committers.  A few years later and reports will begin to circulate of abuses by law enforcement.  Congressional hearings will be heard.  Law enforcement officials will solemnly swear that the abuses were isolated events and that these tools are critically necessary in fighting the noun-ists, which have somehow continued to grow despite these temporary and modest infringements on individual privacy.  The furor will subside.

A few months later a politician will attempt to capitalize on a criminal act by calling for further government data collection or monitoring.  It will once again be called a "modest" infringement necessary for keeping Americans protected from themselves.

1 comment:

  1. Brilliant; and spot on.

    The problem is simple: Government *hates hates hates* to delete ANY data. One remembers the directive that came down at the end of WW2 that no war service records could be destroyed without making a copy of them first.

    All the tax data for the entire country could be stored on a single computer with 10 TB of hard drives to store the .PDF files.

    Perhaps we need a directive to *forget*--a law that requires government to destroy unneeded data.

    Or perhaps we need more than that.