The risks of metadata for users’ privacy
20 September, 2016
Today’s extensive use of technology in our daily lives, particularly with the emergence of the Internet of Things, means that our online privacy is threatened – especially by the use of Information and Communication Technologies (ICTs). These devices can disclose a lot of things about our private lives just by generating non-relevant information called metadata.
Metadata is data that describes other data, usually generated when a communication occurs.
Whether it’s a phone call using cellphones, a chat sent on a social network, or communication using emails, all these technologies generate data. Metadata is not the content of the communication itself, but other information such as the IP address of the email’s sender and receiver; the GPS location of participants in the chat session; the duration of a call, the time, and the phone numbers; dates and time zones; and so on. Such information can reveal a lot of things that can map our lives, even without knowing the contents of our personal messages or our communications of any sort.
This kind of information is so reliable and accurate in giving information about users’ private lives that governments can use it for surveillance. For instance, we learned about the U.S. National Security Agency’s (NSA) extensive metadata collection program from the Edward Snowden revelations. According to the former Director of the NSA, metadata is used to target terrorists’ cell phones using drones: “we kill people based on metadata.” Of course, the mass collection of this kind of data is prohibited under the USA Freedom Act. The subject of using metadata is still controversial, but it’s clear that with today’s technologies, as well as the ideas of “big data” and automated analysis, metadata can be used to reveal more detail about our personal and private life. Therefore it is a violation of users’ rights.
Metadata collection could be used by law enforcement agencies to track and catch criminals and terrorists. Because of its accuracy and reliability, several intelligence agencies are collecting data in bulk. The metadata is collected, mined, stored, and analyzed. The result of analyzing this kind of data is shocking: they simply create profiles of every user based on his or her digital footprints. This can reveal our private information such as medical conditions. Recently they used metadata to find out that a woman was pregnant by analyzing only metadata, not the content of her communications. In addition, analyzing metadata can reveal your location in real time, the people you talk to on a regular basis, your political views, and a lot more.
Tech giants such as Facebook’s business model relies on collecting data and using it how they see fit, from selling personal information to companies, to sharing it with government agencies as the Snowden revelations leaked about the PRISM Program. Of course, such companies deny all that, and recently they have become reluctant to share such information with governments, as shown in the FBI case with the giant Apple, regarding handling a skeleton key for decrypting Mac devices.
On the one hand, Facebook is improving its policy regarding sharing metadata online by removing GPS locations from photos posted on Facebook to protect users’ privacy. But on the other hand, we have noticed in recent events that Facebook is recommending a certain psychiatrist’s patients to friend each other, even though she never looked up her patients on Facebook search and never discussed any information about her patients online. The doctor is even quite tech savvy – she knows a lot about VPNs and Tor and how to protect her online privacy – so the issue turned out to be that while patients were visiting her office they were all logged into Facebook on their smartphones, and the big blue social network used their metadata to make friend suggestions based on locations. The Facebook algorithm’s logic stated that if these people share the same location several times, they may know each other.
Recently Facebook (also the owner of the WhatsApp smartphone application) announced that they will be sharing some metadata with Facebook’s network to improve users’ experience and make friend suggestions and ads work better. This is what WhatsApp users were afraid of in the first place when the blue giant bought WhatsApp. They were afraid about whether Facebook would respect their privacy and their personal messages on WhatsApp. Facebook assured users that the company will continue WhatsApp work as a separate corporate entity and will keep respecting the same policies.
However, the new policy is now effective and users have 30 days to opt out from it with a simple change in their settings. Facebook had to give users the choice whether to agree or not due to its settlement with the Federal Trade Commission. The deadline for changing your settings is near; this article describes how to keep Facebook from mining your WhatsApp data
Finally, the big conglomerate is getting bigger and will soon reach every corner of the planet. Several project were initiated by Facebook in different fields, such as creating a free Internet Service Provider for regions of the world that have no Internet connections. There is a lot of concern about our privacy in this digital world; we can’t deny that some of these tech giants are offering users the choice to share their personal information, with many potential benefits, but what guarantee do we have if the system is not open source and we have only their word and promises to protect our privacy?
References and further Readings
Mr. Mohamed Moadeb, Information system Administrator / RSSI