Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

One of the most interesting things about the data on phone calls being provided to the NSA by Verizon on its business customers, as revealed by the Guardian last night, is what it doesn’t include.

An order from the Foreign Intelligence Surveillance (FISA) court obtained by the Guardian says that Verizon must provide all “telephony metadata.” That’s defined as including but not being limited to the time, duration, origin, and terminus of every call, and the unique identifiers of the handsets and subscriber accounts involved. The order doesn’t spell it out, but “telephony metadata” can also include the location of a phone when it makes a call. The content of calls and the names and addresses the people involved are explicitly said not to be shared.

What exactly the NSA can achieve with all that information depends more on what other sources it can access than on what Verizon is providing. If the NSA has the phone number of a person of interest, it could use Verizon’s dataset to call up when and where they have been active on their phone and who they called. However, although vast, the data store can’t alone empower a kind of universal search engine able to call up the movements and lives of any person by name. However, phone network data could be a building block of that if the NSA has the right other sources to match up and correlate with what Verizon or other phone companies provide.

There’s little doubt that the NSA has plenty of other data sources, but what exactly they are is unknown. One question raised by last night’s news is which other companies are subject to similar orders from the FISA court. The NSA is known to have received similar data to that it gets from Verizon from other phone companies in the past, and today Senate Intelligence committee chair Dianne Feinstein said that type of data gathering was an ongoing practice. Google has been subject to FISA orders, the Washington Post said last month, in a report saying that although the details of the orders are not public, they have been accessed by Chinese hackers. There would certainly be technical challenges, but if NSA has used FISA to mandate access to data from online and financial services it could use them and data like that from Verizon to follow along with almost every aspect of a person’s life electronically. (The NSA is currently building two giant data centers, in Maryland and Utah, to bost its data storage and analysis powers.) The NSA is also known to be interested in having software automatically flag people for investigation based on suspicious patterns in data that reveals communication and association patterns.

The way that correlating different data sources can magnify their power has long concerned privacy and civil rights activists, because it makes it much harder to assess the risks any one particular data source could pose in the wrong hands. Recent moves by Facebook to extract more from what it knows about its users neatly illustrate how the practice can significantly change what can be learned about people. The social network uses obfuscated versions of its members’ phone numbers and e-mail addresses to connect its data with information that data-broker Datalogix gathers from loyalty card schemes, with the result that it is now possible for companies to connect a person’s activity on Facebook, and the ads they see, with what they buy in physical stores (see “Facebook Starts Sharing What it Knows About You”).

5 comments. Share your thoughts »

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me