One of the more common words being tossed around by intelligence communities, security experts and governments alike these days is metadata. Since meta means about or beyond, metadata quite simply is data about data.
In the context of national security, we’re told about the importance of metadata. A security organisation might intercept phone calls and store them for only a few days, but they’ll store the metadata about those phone calls for longer. In that case, the metadata refers to things like:
- Originating number
- Number being called
- Length of call
- Location of caller
- Location of person being called
- Whether the person being called subsequently makes a call, and if so, all its metadata too.
These records, we’re told, are entirely innocent and we shouldn’t worry our little heads about them. They’re only useful in tracking criminal or terrorist behaviour, after all. If someone is suspected of nefarious activities, the metadata regarding their communications can be sifted, and we can find out who they have been calling in order to determine what’s going on.
Metadata, we’re assured, is useful only in the context of capturing bad people doing bad things. In the context of ordinary people going about their lives, metadata just simply isn’t relevant and we have nothing to be concerned about.
Except, that’s not the case at all.
In December 2013 a slide from the Electronic Frontier Foundation in reference to metadata got a lot of attention when it showed just how simply metadata can be used to reveal things that people might not feel comfortable about. The text of the slide was:
Why Metadata Matters
* They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
* They know you called the suicide prevention hotline from the Golden Gate Bridge. But they topic of the call remains a secret.
* They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.
The simple, irrefutable fact is that metadata can compromise privacy if it is misused, regardless of whether that’s by a security agency, government or private individual.
I don’t pretend to know the answers, but what I am certain about is that if security agencies continue to insist that metadata collection isn’t an issue for ordinary citizens, we won’t reach the right answer. This is something that demands open public discussion on, and open policy debate on, rather than being veiled under the banner of “national security” and locked in a dark room.
The security uses of metadata needs to be discussed and the legal decisions openly shared so people understand their rights – and have a say in the formulation of those rights. Does that mean metadata still gets collected, but isn’t accessible without a legal warrant? Does that mean there’s multiple layers of oversight added to review every case of metadata access? Who knows: again, I don’t pretend to know the answers, I just know we need to take the time now, before cultures get too entrenched, to look for those answers.
That discussion has to also cover more than just the negative aspects of metadata. After all, big data, mining and analysis of very large amounts of data, is a burgeoning industry within IT and enterprise more broadly. Using big data techniques, hospitals can analyse hundreds of thousands of records in a fraction of the time previously allocated to determine on a case by case basis how safe it is to provide anaesthetic to someone based on a multitude of prior conditions and similar health background. What if, suitably anonymised, metadata could identify health trends or new economic trending data in the general population?
While everyone in security and government runs around insisting that metadata is harmless unless you’re a bad person, we can’t have that discussion either.
This is the information age: data is a commodity, and data about data is equally a commodity. Don’t be fooled: metadata really is something that you need to be concerned about.