back to article Your comms metadata is super-revealing but the law doesn't protect it

America's legal world needs to rethink what it considers people's private information so it can get a grip on today's spying techniques. Stemming from 1970s telephone laws, communications metadata – which details who you talk to, when and where etc – is considered by the courts to be separate from the actual contents of your …

  1. asdf

    Everybody loves the consititon except for this or that amendment

    Fact of the matter is the "modern" US government (especially SCOTUS) is openly hostile towards the fourth amendment and wants it to be interpreted as literally as possible (with it applicable only to 18th century technology).

    1. Anonymous Coward
      Anonymous Coward

      Re: Everybody loves the consititon except for this or that amendment

      In that case the 2nd amendment must also be interpreted literally. The right to keep and bear arms, thermonuclear or otherwise, shall not be infringed. Period.

      1. Vic

        Re: Everybody loves the consititon except for this or that amendment

        In that case the 2nd amendment must also be interpreted literally. The right to keep and bear arms, thermonuclear or otherwise, shall not be infringed

        If we're being literal, in order to bear arms, you've got to be able to lift them...

        Vic.

  2. Mark 85

    The sticky bit is the "third party".... are these advertisers by per chance? Partners (i.e. more advertisers)? If come to El Reg, I don't give HP any info, but they're a third party and dropping cookies, etc., probably picking up my IP, and any other data they can scrape.

  3. Yet Another Anonymous coward Silver badge

    If it isn't private

    Then it should be subject to FOI requests, in fact it should be public.

    What possible objection could each of the presidential candidates have to a list of everybody they talked to on the phone, everyone they met with and everyone that emailed then, along with all they and their staff's web site visits - being published ?

  4. dan1980

    It never ceases to amaze me how straight-faced the politicians and police (and other agencies) can be when they wring their hands and complain that laws need to updated to reflect the digital age when discussing things like encryption back doors, while they happily - and without restraint - record and access huge volumes of 'metadata' to reveal information about us that would have required a warrant when applied to other forms of communication.

    It's obscene.

    They complain that in, the past, they could get a valid warrant and view someone's communications - for instance in the form of a 'phone tap' - but that now, with digital communications, they are prevented from obtaining this information due to encryption.

    All they want, you see, is the same rules to apply to their access of that information regardless of whether it is in the form of a phone call or an e-mail.

    If these agencies and the politicians who support and encourage them were honest with people (ha!) then they would admit - readily - that this cuts both ways and that police should not be able to get unfettered access to the kind of information that would require a warrant in the non-digital world.

    Instead, they are choosing to treat to vastly different sets of data under the same rules by simply defining them as the same.

  5. streaky
    Boffin

    The reason..

    .. that we allow as a society phone connection records to be recorded then stored is because billing of most phone networks requires it - once you're creating/storing that data for billing you have to be able to give it to customers so they don't feel like you're ripping them off (I mean you probably are ripping them off but not in the lying about calls sense) and in a way it's fair game for intelligence (but obviously because of privacy restrictions apply).

    This simply doesn't apply with the internet. No ISP records this data because it isn't required for billing, so you have to create entirely different laws for it thus proving beyond all doubt that they're not at all the same and that courts and systems of law shouldn't treat them the same.

    With the internet the metadata is as private as the content, because it can reveal as much (and in some cases more) private information.

    1. dan1980

      Re: The reason..

      @streaky

      "No ISP records this data because it isn't required for billing . . . "

      No, that can't be right; the Australian government clearly told me that this type on information is already being recorded by the ISPs and they really aren't asking for any additional data to be collected, just to a formal retention period to be defined.

      They wouldn't mislead me, would they?

  6. jake Silver badge

    Basic, bottom line:

    If you wouldn't shout it from the rooftops, don't put it online.

    1. Anonymous Coward
      Meh

      Re: Basic, bottom line:

      If you wouldn't shout it from the rooftops, don't put it online.

      It is a bit difficult to live your live off of the Internet these days.

      Don't send email, don't browse for or purchase anything online, don't read anything online, don't use any on demand video or music streaming services, don't use a swathe of other services such as google maps, in the future don't even use smart-metered electricity or water. All these things leak useful, and often quite private, information about you, especially when all the metadata is combined.

      Want to know where someone is, what their political views are, who their friends are, and even what they are thinking about at this moment (recent browsing history)? They don't have to shout any of that from the roof tops - you just have to look at their metadata.

      1. jake Silver badge

        Re: Basic, bottom line:

        "It is a bit difficult to live your live off of the Internet these days."

        No, actually, it's not. The issue is that people are totally and utterly pig-ignorant about the medium they are entrusting their data to.

        Me & mine? After 40 years online, we don't create attack vectors.

        1. streaky

          Re: Basic, bottom line:

          The issue is that people are totally and utterly pig-ignorant about the medium they are entrusting their data to

          I'm not pig ignorant and I know data can be secure if governments stay the f out. Email CAN be secure, it's just people choose to allow their mail providers to use ciphers we've known are broken for years now just so they can support outlook express for the 3 people still running windows 98.

    2. tiggity Silver badge

      Re: Basic, bottom line:

      It's not just about "putting it online".

      Sites you browse to, or even just searches you make are potentially logged by your ISP / intercepted by state agents

      Searches you make can be erroneous but look suspect

      e.g. you are not much of a cook and confused by a word in a recipe and have intended to search for the term "ricing" but typed as far as rici and hit return on the wrong auto complete option in browser ...

      Giving the unfortunate search for "ricin" in logs of your data.

  7. Mage Silver badge

    Privacy

    Whatever the USA decides about privacy for their own, unfortunately the rest of the world are not even foreigners, but aliens and 3rd class compared to their own humans. So it won't apply.

  8. David Haworth 1

    Metadata? Schmetadata!

    All that's really needed is for internet communcations to be afforded the same privacy protection as other forms of communication.

    In the good ol' days, the number that I phoned may have been fair game, but any conversation I held once the connection was made was considered to be private. Even if I asked the person at the other end of the line to pass the information on to other people.

    In the good ol' days, the address on the envelope may have been fair game, but the content of the envelope was considered to be private. Even if the envelope contained a message and an instruction to send a copy of the message (in a similarly sealed envelope of course) to each of my friends.

    So the principle appears to have been: any information that is needed by the communication service provider in order to correctly connect or route the communication is fair game, but the information thus communicated is private. Even if it contained further communication instructions for other service providers such as mail distribution services.

    Unfortunately it seems to have become the unchallenged norm that internet communications are not subject to the same privacy principles. If they were, then the only "fair game" part of the protocol would be the TCP/IP headers - IP addresses, port numbers, etc. The contents of the frames (be it IMAP, SMTP, HTTP or whatever) is part of the information content of the communication and (under the good ol' principles) should be considered private. It is not (or at least should not) be used by the communication provider in order to connect or route the communication.

    So we don't really need any new definitions of privacy and whatever. All we really need is that the law observes the old principles correctly.

    One of the interesting effects of universal encryption of communication is that it enforces the same level of privacy that's applied to other forms of communication. We need to point out to law enforcements and lawmakers that the use of encryption does not conceal anything that would not have been concealed in traditional communication.

  9. Aodhhan

    Think

    I like the post about the politicians thinking one way on one topic and another way on a similar topic. This is very true. It's our fault though, when we keep electing these idiots.

    Discussing the metadata and how it's so much different now than it was 30 years ago. It really isn't. Just because technology changes, doesn't mean everything about it is different. Cars have changed dramatically over the years. However, they still have wheels, an engine, brakes, lights, etc.

    Phone systems, just like TCP/IP packets are routed through a series of switches or switch boards, at each dumping some metadata.

    Just like today, there were third parties all over the place for phone transmissions. Especially back 30-50 years ago when there were many phone companies across the USA. Your transmission from one state to another could be routing through several different phone companies.

    If there is a difference, it's because we allow ISPs and those running web services to set up third party advertisements etc. to grab the information. This isn't because the Internet is more complex, it's because the endpoint sets this up.

    What's next... you're going to outlaw the police from doing investigations... like following criminals to see where they hang out, what they drive, who they associate with, where they do business, their day to day procedures, etc? All because this is metadata?

    Or... will we stop having people register homes they buy, cars they drive etc. with our local governments because we have to hand over metadata?

    Finally, law enforcement pretty much has their hands full. They aren't wasting time grabbing your metadata if you're not suspected of being a criminal.

    You're smarter than to let people tell you, "the sky is falling".

  10. fpx
    Alert

    Not that Different

    Aodhhan has a point. Today's metadata is not significantly more revealing than yesterday's metadata. The list of phone numbers that you talked to in the 70s, or the list of addresses that you sent mail to (and received from) at the beginning of the 20th century, was just as useful for guilt by association as it is today. Arguably, less so: where you had to call direct then, these days the metadata just shows you connecting to Google or Facebook.

    What is very different today is the analytical capabilities for metadata. Where decades ago some poor bastard would have to go through phone books by hand and draw maps with a pencil, now the spooks instantly see an interactive graph, probably with every node colored according to some thread score.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like