It’s What You Do, Not What You Say

-Submitted by David Drumm (Nal) Guest Blogger

220px-Seurat-La_Parade_detailOn Friday, President Obama gave a speech concerning the collection of metadata by the NSA. Obama said “So, I want to be very clear—some of the hype that we’ve been hearing over the last day or so—nobody is listening to the content of people’s phone calls.” This is an example of the straw man fallacy. No reputable news reports have claimed that the content of phone calls is being listened to. We are well-informed enough to know that it is transactional data, metadata, that’s being collected. Obama also claimed that “the intelligence community is doing is looking at phone numbers and durations of calls.” What Obama excludes is the collection of the user’s location from cell tower ID, antenna sector, and signal strength.

Obama also noted that the intelligence community is “not looking at people’s names.” However, an MIT study showed that with only four phone calls, a person could be uniquely identified from a collection of 1.5 million anonymous people. Your metadata identifies who you are by what you do.

With the collection of Metadata, the government can determine your political leanings (perhaps from the blogs you read), sexual orientation, medical issues, religious worship, and even marital infidelities. As an example of the latter, consider the David Petraeus and Paula Broadwell situation. They set up a shared, anonymous e-mail account. Instead of sending e-mails, they would communicate by logging in and editing and saving drafts. When Broadwell logged in from various hotels’ Wi-Fi hotspots, a trail of metadata, times and locations, was correlated with hotel guests by the FBI. Broadwell was easily identified.

Law professor Daniel Solove has likened metadata to a Seurat painting. Each dot is meaningless until one steps backs and an accurate picture emerges.

In Smith v. Maryland (1979), a 5-3 decision (J. Powell took no part), the collection of a phone number, using a pen register, by the police was held not to be a search within the meaning of the Fourth Amendment. In the opinion of the Court:

Given a pen register’s limited capabilities, therefore, petitioner’s argument that its installation and use constituted a “search” necessarily rests upon a claim that he had a “legitimate expectation of privacy” regarding the numbers he dialed on his phone.

This claim must be rejected.

In his dissent, J. Marshall foresaw today’s problems:

The prospect of unregulated governmental monitoring will undoubtedly prove disturbing even to those with nothing illicit to hide. Many individuals, including members of unpopular political organizations or journalists with confidential sources, may legitimately wish to avoid disclosure of their personal contacts.

Mathematician Susan Landau, author of Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, is interviewed about the importance of metadata:

H/T: Elspeth Reeve, Juan Cole, Evan Perez and Siobhan Gorman, Jay Stanley and Ben Wizner, New York Times.

48 thoughts on “It’s What You Do, Not What You Say

  1. There are a few cases in our history where the court has reversed itself. Dred Scott and separate but equal come to mind. Hopefully Smith v Maryland will one day be one of those cases.

  2. The straw-man argument is the haven of duplicitous. The tobacco industry used to do studies to prove that cigarettes did not cause all sorts of diseases that no one ever even suggested they did so that their adds could say that rigorous clinical studies prove that cigarette smoking does not cause hang nail!

  3. “Law professor Daniel Solove has likened metadata to a Seurat painting. Each dot is meaningless until one steps backs and an accurate picture emerges.”

    From a data analysis standpoint, that is a perfect analogy.

    Good job, David.

  4. I like to change their term from “metadata” to “megadata” as in too much of a dose. They just love their little term. It is nice and innocuous. Its not fried chicken mama its Shake n Bake. And the computer fuzzies don’t pronounce “data” as in date a person its dat a. So impersonal the data thing. So, metadata is just a lot of nothing. So don’t worry its just a collection of a whole lot of nothing. And we thus don’t know nuthin bout birthin babies Miz Scarlett. And yet we expect them to mid wife the downfall of al Qaeda. If it is all about a lot of nothing then why bother?

    Rest assured Diane Feinstein that as you and your husband buy up all the closed Post Office buildings in the small towns of America and push your net assets over the One Hundred Million mark, that the rest of us are smarter than an 80 year old twit who listens to the likes of Clapper and claps him on the shoulder and says “Good job.” Then there is Saturday Night Al Franken who is satisfied that all is well. He even looks like a sheep. And then there is the legal expert on CNN who has never tried a jury trial but is their expert on all things legal including the Zimmerman trial. Toobin loves the idea that we are a nation of sheep and he can be the sheep herder. Send in the Clowns. It is well known around CNN that the staff makes fun of Jeffrey and that they play the song Watch Out For The Cheater by Bob Kuban and the Inmen. The staff sings the verses after he has passed in the hall. He hits on the college intern girls and tries to score. Year, the guy who calls Snowden a “traitor” cheats on his wife and understands full well the nature of the animal. So you have Toobin interviewing Clapper and the other schmucks and we learn that all they are doing is collecting metadata.

  5. HermanDog used to be guide dog for a guy who worked at CNN. That is where the inside scope on the CNN poopers is coming from.

  6. No one is listening to your phone calls, trust me!!!

    You have got to be kidding me. The fox, with bloody feathers hanging out of his mouth telling me the chickens are all okay inside.

  7. Yeah, Jeffery Toobin its not what you do when you cheat on your wife its what you say when you call some guy you don’t know a traitor. So do what you say and say what you do. Never tried a jury trial in your life, have you Toobin? Yet you say you are the CNN legal expert. Mommy was a news caster, daddy was too, went to Harvard and swim like one too. Don’t really know nuthin bout birthin babies tho.

  8. “Obama also noted that the intelligence community is “not looking at people’s names.” However, an MIT study showed that with only four phone calls, a person could be uniquely identified from a collection of 1.5 million anonymous people. Your metadata identifies who you are by what you do.”

    “Not looking at peoples names”. Yeah…..right…..and J. Edgar Hoover wasn’t wiretapping MLK to find out damaging information. He was doing it to protect MLK.

    “With the collection of Metadata, the government can determine your political leanings (perhaps from the blogs you read), sexual orientation, medical issues, religious worship, and even marital infidelities.”

    To have such knowledge is in most cases to be able to exert control over individuals, or at the least to having a chilling affect on their associations and their activism. Is the President that naive that he is unaware of how this data can and will be used to intimidate individual citizens by government agents who feel entitled to do so in the name of some greater good? I think not. Terrorism is the red flag flown up to engender fear, thus acceptance. This information will also be used in purported criminal cases to force testimony and pleas bargains.

  9. Good article…..

    As I read some OS posted….. Don’t tell be what you believe…. Show me what you do and I’ll know what you believe….. Or something like that…

  10. And we believe the government why, again? Notice Obama did not produce any warrants for this collection, but rather complained about something that was not being alleged, which all but gives it away.

    Secret program, secret court, zero oversight. To think data and metadata are not being freely examined is rather quaint.

    Demand Congress make all communications secure to a person. The tech is here, and has been for some time. There is no reason for us to hand over our privacy carte blanche. There really isn’t. And those who demand it must be removed from office.

  11. Nice article, nice reference – thanks.

    Some readers might also be interested in this:

    Today there is a pretty good summary of the many bits and pieces that have appeared in the popular press over the years regarding NSA monitoring capability.

    The by-line is to the AP but you can read about it here in the NYT:

    Toward the end of the article there is an interesting quote:

    “Schneier, the author and security expert, said it doesn’t really matter how Prism works, technically. Just assume the government collects everything, he said. ”

    It is my belief that for many years the popular press has provided enough information for any citizen to reach essentially the same conclusion that Schneier expresses – the government monitors much of everything that passes through electronic communications channels.

    It seems clear to me that Snowden released classified information.

    But the claims against Snowden go beyond the mere release of classified information.

    The most damaging claim against Snowden is that he damaged national security by providing information that prompted our potential adversaries to change their communications techniques and procedures

    It seems clear to me that any adversary sophisticated enough to read the popular press had to know that internet communications including email and social media, and telephone communications were likely being monitored by the US government.

  12. No reputable news reports have claimed that the content of phone calls is being listened to.”

    So, they are only reputable if they follow the military government line?

    Which was “no, we don’t collect any data in dragnets like that” only a week ago.

    Of course the military collect the content.

    You think the military government is telling the truth when they speak or write on this issue?

  13. Relax people, President Obama is a very intelligent and the head of our country. He’s merely saying to us all, “We’re from the government and we’re here to help.” Now..bend over and “squeal like a piggy.”

    Good piece, Nal.

  14. Seriously, the president claiming this is benign by declaring that the gov’t does not listen in on your phone calls is true strawman. The reality is David had mentioned is the metadata can often have more information than the content of the medium used.

    One can look at a Microsoft Word document and see the metadata. Depending on versioning information the metadata can contain the following info

    The username that create the file
    The initials of the user’s name
    The name of the computer where the doc was created
    Location of the file, local or remote
    the printer name and location on the network
    File properties
    Undo / corrections
    Names of pervious document authors
    Templates used

    There was a big controversy about 8 years ago as to what was contained n metadata for word files. There often is more data than this in other formats.

  15. “I think some people are missing something here. The president has put in place an organization with the kind of database that no one has ever seen before in life.”

    “That’s going to be very, very powerful. That database will have information about everything on every individual on ways that it’s never been done before.”

    “And whoever runs for president on the Democratic ticket has to deal with that. They’re going to go down with that database and the concerns of those people because they can’t get around it. And he’s [President Obama] been very smart. It’s very powerful what he’s leaving in place.”

    Maxine Waters

  16. Darren:

    how dare you impugn the president’s good name. He would never do that but he might have the NSA and the IRS do it. :)

  17. David:

    i tried three times to post an example of the header information (metadata) that is part of what is found in email along with some description as to what the data was but the wordpress filter kicked it out despite the changes I tried to make it postable Could you take the last one I made and post if possible? Thanks.

  18. Darren,

    I found your comments in the spam folder, clicked the “not spam” button, approved one of them, and trashed the others. It doesn’t look like it posted. Try again, I’ll be more careful.

  19. Trying again:

    Here is an example of an e-Mail header for a run of the mill message. The names have been changed to protect the guilty.

    Return-path: nobody#example.domain-
    Envelope-to: somebody#example.domain-
    Delivery-date: Thu, 13 Jun 2013 09:57:22 -0500
    Received: from mail.joeblowemployer.domain- ([]:11069 helo=xserver3.joeblowemployer.domain-)
    by somebodys.isp.domain- with esmtp (Exim 4.80.1)
    (envelope-from nobody#example.domain-)
    id 1Un8xl-003oas3423-TP
    for somebody#example.domain-; Thu, 13 Jun 2013 09:57:22 -0500
    X-MimeOLE: Produced By Microsoft Exchange V6.5
    Content-class: urn:content-classes:message
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    Subject: Double Secret Probation
    Date: Thu, 13 Jun 2013 07:57:24 -0700
    Message-ID: 2C19C59A98BCB4854ery4545#xserver3.joeblowemployer.domain-
    Thread-Topic: Double Secret Probation
    Thread-Index: Ac5oRkiTwBsQ2srewt5465t5uqRXGJrkaiI/oaTg==
    From: nobody#example.domain-
    To: somebody#example.domain-

    Note I had to remove the angle brackets and replace the “at” sign with a “#” and to strip out the dot com addresses to make it workto make it work for wordpress.

    I will explain a few of the items here that aren’t obvious. And I will say this is a minimal message. Some headers have even more data.

    In the Received: header this lists the path (or hops) the message has been relayed through from the sender to the recipient. In this example the email was sent by mail.joeblowemployer.domain- having the Internet Protocol address of which is fully traceable. The sending machine identified itself as xserver3.joeblowemployer.domain-. The message was then handed off to somebodys.isp.domain- which carried it to the recipient. There may be multiple Received: lines as it is relayed to the recipient. Each has essentially the same info from their transaction.

    X-MimeOLE: Line is generated by the original server in this system, the data extracted from this is the sender is using Microsoft Exchange Server as his/her mail server. The versioning information on this can be used to exploit the user either by known vulnerabilities of this software or it can also be used to gather info on the user. Exchange Server is mostly used by organizations, or businesses.

    Message-ID: This is a unique random string that is in theory each email has and only identifies this message. After the # it denotes the generator of the ID, in this case the sender’s mail server. per RFC822 guidelines this can be either generated by the mail client or the server if the client doesn’t provide one.

    Thread-Index: This is a string that identifies whatever chain of emails this email is a part of, such as if it is from a back and forth conversation, and its order. This can be used to tie in other emails together.

    Date: This is the date/time the message was sent. It is either generated by the sender’s email client or the server. Of note is the time zone offset from GMT. (this indicates Pacific Daylight Savings Time which is GMT -7) This can indicate the time zone for which the server is situated.

    Content-Type: The boundary in this is used to break apart attachments and other information in the email so that the client software can render the email message to the user. The boundary is theoretically nearly unique. It can be used to track messages as well but it was originally intended to be used for parsing purposes.

    Again this is minimal at best. Most ISPs tack on additional lines for whatever purpose they might want. Any line that begins with X- is a permissable extension that according to the standard (RFC822) can be used for whatever purpose the mail client / server / or recipient servers choose and this can be also exploited or data mined for whatever purpose.

  20. Darren,

    Are you getting that from the properties portion of the email…. That has the basic identifiers as well as the machine used…..

  21. AY

    It comes from the raw unformatted email as it is delivered to the end recipient. Some client softwares can parse this and present to the user some or all of this information but it is implementation based as to whether or not the informaiton is made available. Also, some client/server implementations such as those found in companies may internally only allow the end user to see portions of this such as the Subject: or From: lines but not the full header.

    If you are at home and use POP3 / IMAP4 / SMTP to read and send your mail with your client is provided all this information it “should” be available. But if you use a web based mail service it might not be available since the transport used to show it to you may or may not include the ability to read the headers. But the ISP should have that information stored on their end. How much data in a webmail based system provided to their users is up to them to decide.

  22. The military has just admitted to listening to phone conversations:

    The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.

    Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.”

    If the NSA wants “to listen to the phone,” an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. “I was rather startled,” said Nadler, an attorney and congressman who serves on the House Judiciary committee.

    (Military Says It Can Tap Phones Anywhere Anytime). This is more evidence of a coup.

  23. From CNET

    and other places we learn:

    “Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.””

    Now I have all the respect possible for school teachers and patrol officers and fast food managers. But unless the analyst mentioned above supervises other employees he or she probably has more in common with teachers and patrol officers than he does with federal judges- in regard to education and understanding of the constitution.

    Do you really want to delegate 4th amendment decisions that may have some complexity away from federal judges and too school teachers and patrol officers?

    I, for one, do not. I think there are good reasons for the whole process that involves judges, warrants, and concepts like probable cause.

    I find the idea that we would secretly delegate the task of 4th amendment review to GS level government employees offends my idea of constitutional government and my idea of the protection of checks and balances.

    I suppose that next we will hear that Rep Nadler disclosed classified information, damaged national security and committed treason.

    Before they indict Rep. Nadler let me say that I thank you and think the nation owes you a debt of gratitude.

  24. The Government SAYS it’s not listening…so I guess we’re ok…they wouldn’t LIE…right!?!?!? Hhahahhahahhahhaha

  25. A friend that I respect called me on my last post and said it sounded like I was denigrating the capability and attainment of teachers and patrol officers.

    Nothing could be further from the truth. My parents both spent time as teachers. And I respect and appreciate the sacrifice and efforts that LEO make very day.

    But the fact is that there are something less than 900 authorized article 3 judgeships and maybe half that number of magistrates. My guess is that the educational track for these individuals is heavily weighted toward humanities and social sciences as undergrads and of course law school later.

    In contrast to that the pool of candidates NSA uses to recruit analysts might include 500 or 700 thousand individuals who have or are able to qualify for security clearances. My guess is that these individuals would have degrees in subjects heavily weighted toward computer science, mathematics, linguistics and perhaps political science and psychology.

    In additions I would guess that the culture and understood mission of judges and intelligence analysts are very different – at least when it comes to issues related to the 4th amendment.

    Due to likely differences in education and understanding of their professional mission I would expect that the decisions rendered by judges and intelligence analysts are likely very different.

    In a crude sense I would expect judges to be answering the question should access take place. I would expect analyst likely assume the access question is already answered and the relevant issue is what information is needed regarding the individual, or situation under investigation. These are two very different kinds of questions.

    I am arguing that the protection offered by the 4th amendment is decreased when decisions related to the 4th amendment are delegated to analysts with education, training, and professional mission very different from the judges who should be making these decisions.

  26. BFMIke:

    I am a former LEO and I did not take any offense to what you wrote in that posting and in fact I agree with your position.

  27. I went to a search engine and queried “what is my isp address” It gave me a bunch of commercial sites. I clicked on one and its splash page gave me the address and a bunch of information about the computer making the query including operating system etc and the ISP proper.. It also gave me the geocoordinates of the closest host ISP office (9.4mi away).

    For money it would supply me with a bunch more information including how many ports my system had and if they were open, allow me to trace (worrisome) incoming email addresses, and sell me some protection for those open ports. For more money it would sell me a proxy server’s anonymity and gave me a selection of one in the US and four in China.

    Once anyone knows your IP address all they need is a search engine and a list of names from the provider.

    BTW, NSA is building another data acquisition/storage center in Maryland. Pretty soon they’re going to be as ubiquitous as FBI fusion centers and if you don’t know about them you haven’t been paying attention. The machine is composed of various parts and they are all now up and running. Srsly, this sh*t just serious up in here.

  28. I’ll get right to the point… and I’m sorry about the language I’m about to use. But, Mr. President…. in case you’re not really listening…. F. U…. and the Camel you rode in on!!!!!

  29. On Feb. 27, 2000, 60 Minutes ran a program, Season 32, Episode 24, “Echelon”, showed that at that time they could listen to electronic communication over “every square inch” of the planet.

    That they could do it now, 13 years later, when computer power doubles every 18 months (Moore’s Law) renders this well within the military’s capability.

  30. @Darren Smith

    Thank you for your service. And thank you for your thoughtful and informative remarks on this blog.

  31. lottakatz

    All of those services you describe are available for either free or can be done at your local computer. Many people get hooked by these type of ads

    If you wanted to find out what your IP address is it is available in your network settings of your computer, or if you use a router or DSL modem or both the one that hooks to your wall is the one that is the one that is generally visible to others on the internet.

    The quick and easy way to get this if you have a router and a modem of some kind (and you are using windows) is to go to the Command Prompt and type


    In this example I just selected but you can use another one. This will have the effect of displaying the IP addresses and hosts between your computer and The first entry will be your computer then (maybe) your router and/or modem and each “hop” along the way to the distination.

    As for open ports. A port is simply a sub-address that your network card listens for and then hands information addressed to this port to a service or software on the computer that processes that information.

    Port numbers typically run from 1 to 65535. You can use a firewall on your computer to shutdown all ports that you do not specifically allow which is the recommended setting. It would be probably easiest for you to look on Microsoft’s firewall help files to address this, as it is mostly too involved to discuss here.

  32. As Marcus Aurelius should have said: “Of each thing, ask what it does; what typical behavior it exhibits, what unconscious habits it reflexively indulges.”

    Or, as the National Surveillance Administration puts it:

    “Of each person, ask whom he or she calls; who calls him or her; from where the calls originate and are received; their frequency and duration; without stating probable cause for violating the individual’s constitutional right to security in his or her person, papers, and effects; and without specifying the thing or things sought by the secret, self-authorized inquisition.”

    Something like that.

  33. Darren, I was not clear in my posting. I know what my ISP addy is and where to find it etc. I posted that exercise to show how easy it is to access a personal identifier and derive information from it by a third party. That list of info about me and my computer was the splash page of a randomly picked company on a Google search. The only thing they didn’t have was my name and address.

    If the government flags any transmission by any of us it will carry as metadata our isp and then a simple search engine can bring up all other data with that identifier. All they then need is a the list of client name/addy’s from the provider. Similarly, if there’s someone they are interested in and they have provider lists, they can derive the identifier and extract everything carrying that identifier from their vast store of data.

    Now, please correct me if I am wrong because this is a crucial bit of information: I thought at one point some time ago that your ISP # was the number of the closest transmission tower- sort of like ones electronic area code. I then did some searches and came away with: ‘no your ISP is the identity of the computer you are doing this search with and every electronic device you use to transmit information from and to, has it’s own discrete, absolute identifier’. That’s when the ISP provider lists of clients became very important to me.

    That being the case I am curious about the client lists of the ISP providers but have read very little about that. I’m wondering if there are specific requests, as we are told there should be, based on warrants, of if entire listings are being demanded or routinely funneled to NSA, FBI whoever?

  34. From Steve M.:

    The big story yesterday morning was a CNET story by Declan McCullagh titled “NSA Admits Listening to U.S. Phone Calls Without Warrants.”

    Charles Johnson noted at the time that what Nadler actually said didn’t match this claim:

    If you read this carefully, you’ll notice that the source for this “admission” is not the NSA at all — it’s second-hand information from Rep. Jerrold Nadler (D-NY). And Nadler himself never even says he heard it from the NSA….

    The key quote here is, “We heard precisely that you could get the specific information from that telephone.” Notice: Nadler did not say they could listen to the phone call, he said “get the specific information.”

    …There’s no mention of it in McCullagh’s article, but this entire discussion was about metadata. They explicitly say this several times, using the word “metadata.” And metadata is not “listening to phone calls”…

  35. But they are keeping a copy of your emails and phone calls so that they can look at them later, if you are doing something they don’t like and they want to crush you. Of course they could also simply fabricate anything they want, but this is only done if they cant find what they want, and to protect society.

  36. I loved as much as you will receive carried out right here.
    The sketch is attractive, your authored material stylish.
    nonetheless, you command get bought an nervousness over that you wish be delivering the
    following. unwell unquestionably come further formerly again as exactly the same
    nearly very often inside case you shield this increase.

Comments are closed.