Stanford Researchers Find Connecting Metadata With User Names is Simple

Type threatpost
Reporter Dennis Fisher
Modified 2013-12-23T19:20:51


One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency’s collection of phone metadata is that the information it’s collecting, such as phone numbers and length of call, can’t be tied to the callers’ names. However, some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort.

The Stanford researchers recently started a program called Metaphone that gathers data from volunteers with Android phones. They collect data such as recent phone calls and text messages and social network information. The goal of the project, which is the work of the Stanford Security Lab, is to draw some lines connecting metadata and surveillance. As part of the project, the researchers decided to select a random set of 5,000 numbers from their data and see whether they could connect any of them to subscriber names using just freely available Web tools.

The result: They found names for 27 percent of the numbers using just Google, Yelp, Facebook and Google Places.

That result came with next to no effort. So the researchers decided to go up a notch and spend a little time and see how many more they could find.

“What about if an organization were willing to put in some manpower? To conservatively approximate human analysis, we randomly sampled 100 numbers from our dataset, then ran Google searches on each. In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers. When we added in our three initial sources, we were up to 73,” said Jonathan Mayer and Patrick Mutchler in a blog post explaining the results.

Things get even more interesting when they invested a little money in their search.

“How about if money were no object? We don’t have the budget or credentials to access a premium data aggregator, so we ran our 100 numbers with Intelius, a cheap consumer-oriented service. 74 matched. Between Intelius, Google search, and our three initial sources, we associated a name with 91 of the 100 numbers,” they wrote.

The researchers also released an update to the Metaphone app that now enables instant feedback for users, giving them a quick view of how closely they’re connected to other Metaphone users and how many businesses they’ve been in contact with.

Image from Flickr photos of Ron Bennetts.