It’s all in the Meta Data
- Details
- Created on 22 July 2013
- Written by Steve Burrows
Meta data has been in the news lately. The NSA’s Prism programme and GCHQ’s Tempora programme have hit the headlines thanks to the revelations of Edward Snowden, and both the US and UK governments have been forced to attempt to reassure their respective publics. Their assurances have all been along the lines of “we’re not reading your emails or listening to your calls, we’re just filtering meta data”. So no harm there then, meta data is harmless, right? Wrong.
What is Meta Data?
Simply, it is data about data. A telephone call is data; the calling number, receiving number, origin location, destination location, time and length of the call are meta data. Similarly for email, the sending address, destination address, sending location, receiving location, subject line and message length are meta data. And also for Internet data transfers, whether viewing the web or transmitting data to or from some corporate computer systems, the meta data records the end points, time, and nature of the data traffic.
So what can we do with Meta Data?
Basically we can see or imply who talked with who, who emailed who, and who viewed / did what on the Internet. As individual events these records are rarely significant, although records which indicate that someone has been in contact with a subject of interest such as a known terrorist or associated website would clearly be of interest to the authorities. To the vast majority of people going about their law-abiding lives the meta data associated with a single communication or internet usage event is of little or no significance. As patterns aggregated over time meta data develops more value, for instance we can see “Who goes where” and “Who communicates with who” with many possible applications. We could use meta data to:
- Observe sales and service representatives of a company going about their business
- Identify the customers, prospects and suppliers of a competitor
- Indicate when a competitor’s customer or prospect may need service or new product
- Validate field-based employees claims about their activities
- Gain insight into product development research
- Gain insight into individuals personal vulnerabilities & opportunities for subversion
and there are many more possible applications. In short, for the unscrupulous, meta data could be a veritable gold mine - which is why national Intelligence Services are so interested in it. The same pattern analysis which they find so valuable in identifying terrorist networks and activities can be applied to the relationships and activities of any organisation for commercial gain.
Meta Data is a big problem
If meta data did not exist (which it must), or was transient and private (which it could be), then there wouldn’t be a problem. Instead, enabled and demanded by “snooping” laws in the UK, US and many other countries, meta data has become a durable resource which communications providers are required to capture, store, and possibly hand over to government agencies. Used legitimately it does not threaten harm, rather its legitimate use is generally beneficial to society, but unfortunately the illegitimate use of meta data can do great harm.
Many governments assure their public that such meta data that is collected is stored securely and used responsibly, but the public sector officials responsible for its storage and use are only human and there are many recorded cases of other sensitive data held by the public sector, such as Police, Medical and Tax records, being routinely abused for the private profit of corrupt public servants and the criminals who subvert them. Meta Data is no different, its existence has the potential to cause great harm to both individuals and businesses; if it is to be collected by governments then somehow it must be protected by them more securely than their past track records would indicate is possible.