It’s What You Do, Not What You Say

-Submitted by David Drumm (Nal) Guest Blogger

220px-Seurat-La_Parade_detailOn Friday, President Obama gave a speech concerning the collection of metadata by the NSA. Obama said “So, I want to be very clear—some of the hype that we’ve been hearing over the last day or so—nobody is listening to the content of people’s phone calls.” This is an example of the straw man fallacy. No reputable news reports have claimed that the content of phone calls is being listened to. We are well-informed enough to know that it is transactional data, metadata, that’s being collected. Obama also claimed that “the intelligence community is doing is looking at phone numbers and durations of calls.” What Obama excludes is the collection of the user’s location from cell tower ID, antenna sector, and signal strength.

Obama also noted that the intelligence community is “not looking at people’s names.” However, an MIT study showed that with only four phone calls, a person could be uniquely identified from a collection of 1.5 million anonymous people. Your metadata identifies who you are by what you do.

With the collection of Metadata, the government can determine your political leanings (perhaps from the blogs you read), sexual orientation, medical issues, religious worship, and even marital infidelities. As an example of the latter, consider the David Petraeus and Paula Broadwell situation. They set up a shared, anonymous e-mail account. Instead of sending e-mails, they would communicate by logging in and editing and saving drafts. When Broadwell logged in from various hotels’ Wi-Fi hotspots, a trail of metadata, times and locations, was correlated with hotel guests by the FBI. Broadwell was easily identified.

Law professor Daniel Solove has likened metadata to a Seurat painting. Each dot is meaningless until one steps backs and an accurate picture emerges.

In Smith v. Maryland (1979), a 5-3 decision (J. Powell took no part), the collection of a phone number, using a pen register, by the police was held not to be a search within the meaning of the Fourth Amendment. In the opinion of the Court:

Given a pen register’s limited capabilities, therefore, petitioner’s argument that its installation and use constituted a “search” necessarily rests upon a claim that he had a “legitimate expectation of privacy” regarding the numbers he dialed on his phone.

This claim must be rejected.

In his dissent, J. Marshall foresaw today’s problems:

The prospect of unregulated governmental monitoring will undoubtedly prove disturbing even to those with nothing illicit to hide. Many individuals, including members of unpopular political organizations or journalists with confidential sources, may legitimately wish to avoid disclosure of their personal contacts.

Mathematician Susan Landau, author of Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, is interviewed about the importance of metadata:

H/T: Elspeth Reeve, Juan Cole, Evan Perez and Siobhan Gorman, Jay Stanley and Ben Wizner, New York Times.

48 thoughts on “It’s What You Do, Not What You Say”

  1. lottakatz

    All of those services you describe are available for either free or can be done at your local computer. Many people get hooked by these type of ads

    If you wanted to find out what your IP address is it is available in your network settings of your computer, or if you use a router or DSL modem or both the one that hooks to your wall is the one that is the one that is generally visible to others on the internet.

    The quick and easy way to get this if you have a router and a modem of some kind (and you are using windows) is to go to the Command Prompt and type


    In this example I just selected but you can use another one. This will have the effect of displaying the IP addresses and hosts between your computer and The first entry will be your computer then (maybe) your router and/or modem and each “hop” along the way to the distination.

    As for open ports. A port is simply a sub-address that your network card listens for and then hands information addressed to this port to a service or software on the computer that processes that information.

    Port numbers typically run from 1 to 65535. You can use a firewall on your computer to shutdown all ports that you do not specifically allow which is the recommended setting. It would be probably easiest for you to look on Microsoft’s firewall help files to address this, as it is mostly too involved to discuss here.

  2. On Feb. 27, 2000, 60 Minutes ran a program, Season 32, Episode 24, “Echelon”, showed that at that time they could listen to electronic communication over “every square inch” of the planet.

    That they could do it now, 13 years later, when computer power doubles every 18 months (Moore’s Law) renders this well within the military’s capability.

  3. I’ll get right to the point… and I’m sorry about the language I’m about to use. But, Mr. President…. in case you’re not really listening…. F. U…. and the Camel you rode in on!!!!!

  4. I went to a search engine and queried “what is my isp address” It gave me a bunch of commercial sites. I clicked on one and its splash page gave me the address and a bunch of information about the computer making the query including operating system etc and the ISP proper.. It also gave me the geocoordinates of the closest host ISP office (9.4mi away).

    For money it would supply me with a bunch more information including how many ports my system had and if they were open, allow me to trace (worrisome) incoming email addresses, and sell me some protection for those open ports. For more money it would sell me a proxy server’s anonymity and gave me a selection of one in the US and four in China.

    Once anyone knows your IP address all they need is a search engine and a list of names from the provider.

    BTW, NSA is building another data acquisition/storage center in Maryland. Pretty soon they’re going to be as ubiquitous as FBI fusion centers and if you don’t know about them you haven’t been paying attention. The machine is composed of various parts and they are all now up and running. Srsly, this sh*t just serious up in here.

  5. BFMIke:

    I am a former LEO and I did not take any offense to what you wrote in that posting and in fact I agree with your position.

    1. @Darren Smith

      Thank you for your service. And thank you for your thoughtful and informative remarks on this blog.

  6. A friend that I respect called me on my last post and said it sounded like I was denigrating the capability and attainment of teachers and patrol officers.

    Nothing could be further from the truth. My parents both spent time as teachers. And I respect and appreciate the sacrifice and efforts that LEO make very day.

    But the fact is that there are something less than 900 authorized article 3 judgeships and maybe half that number of magistrates. My guess is that the educational track for these individuals is heavily weighted toward humanities and social sciences as undergrads and of course law school later.

    In contrast to that the pool of candidates NSA uses to recruit analysts might include 500 or 700 thousand individuals who have or are able to qualify for security clearances. My guess is that these individuals would have degrees in subjects heavily weighted toward computer science, mathematics, linguistics and perhaps political science and psychology.

    In additions I would guess that the culture and understood mission of judges and intelligence analysts are very different – at least when it comes to issues related to the 4th amendment.

    Due to likely differences in education and understanding of their professional mission I would expect that the decisions rendered by judges and intelligence analysts are likely very different.

    In a crude sense I would expect judges to be answering the question should access take place. I would expect analyst likely assume the access question is already answered and the relevant issue is what information is needed regarding the individual, or situation under investigation. These are two very different kinds of questions.

    I am arguing that the protection offered by the 4th amendment is decreased when decisions related to the 4th amendment are delegated to analysts with education, training, and professional mission very different from the judges who should be making these decisions.

  7. The Government SAYS it’s not listening…so I guess we’re ok…they wouldn’t LIE…right!?!?!? Hhahahhahahhahhaha

  8. From CNET

    and other places we learn:

    “Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.””

    Now I have all the respect possible for school teachers and patrol officers and fast food managers. But unless the analyst mentioned above supervises other employees he or she probably has more in common with teachers and patrol officers than he does with federal judges- in regard to education and understanding of the constitution.

    Do you really want to delegate 4th amendment decisions that may have some complexity away from federal judges and too school teachers and patrol officers?

    I, for one, do not. I think there are good reasons for the whole process that involves judges, warrants, and concepts like probable cause.

    I find the idea that we would secretly delegate the task of 4th amendment review to GS level government employees offends my idea of constitutional government and my idea of the protection of checks and balances.

    I suppose that next we will hear that Rep Nadler disclosed classified information, damaged national security and committed treason.

    Before they indict Rep. Nadler let me say that I thank you and think the nation owes you a debt of gratitude.

  9. The military has just admitted to listening to phone conversations:

    The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.

    Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.”

    If the NSA wants “to listen to the phone,” an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. “I was rather startled,” said Nadler, an attorney and congressman who serves on the House Judiciary committee.

    (Military Says It Can Tap Phones Anywhere Anytime). This is more evidence of a coup.

  10. AY

    It comes from the raw unformatted email as it is delivered to the end recipient. Some client softwares can parse this and present to the user some or all of this information but it is implementation based as to whether or not the informaiton is made available. Also, some client/server implementations such as those found in companies may internally only allow the end user to see portions of this such as the Subject: or From: lines but not the full header.

    If you are at home and use POP3 / IMAP4 / SMTP to read and send your mail with your client is provided all this information it “should” be available. But if you use a web based mail service it might not be available since the transport used to show it to you may or may not include the ability to read the headers. But the ISP should have that information stored on their end. How much data in a webmail based system provided to their users is up to them to decide.

  11. Darren,

    Are you getting that from the properties portion of the email…. That has the basic identifiers as well as the machine used…..

  12. Trying again:

    Here is an example of an e-Mail header for a run of the mill message. The names have been changed to protect the guilty.

    Return-path: nobody#example.domain-
    Envelope-to: somebody#example.domain-
    Delivery-date: Thu, 13 Jun 2013 09:57:22 -0500
    Received: from mail.joeblowemployer.domain- ([]:11069 helo=xserver3.joeblowemployer.domain-)
    by somebodys.isp.domain- with esmtp (Exim 4.80.1)
    (envelope-from nobody#example.domain-)
    id 1Un8xl-003oas3423-TP
    for somebody#example.domain-; Thu, 13 Jun 2013 09:57:22 -0500
    X-MimeOLE: Produced By Microsoft Exchange V6.5
    Content-class: urn:content-classes:message
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    Subject: Double Secret Probation
    Date: Thu, 13 Jun 2013 07:57:24 -0700
    Message-ID: 2C19C59A98BCB4854ery4545#xserver3.joeblowemployer.domain-
    Thread-Topic: Double Secret Probation
    Thread-Index: Ac5oRkiTwBsQ2srewt5465t5uqRXGJrkaiI/oaTg==
    From: nobody#example.domain-
    To: somebody#example.domain-

    Note I had to remove the angle brackets and replace the “at” sign with a “#” and to strip out the dot com addresses to make it workto make it work for wordpress.

    I will explain a few of the items here that aren’t obvious. And I will say this is a minimal message. Some headers have even more data.

    In the Received: header this lists the path (or hops) the message has been relayed through from the sender to the recipient. In this example the email was sent by mail.joeblowemployer.domain- having the Internet Protocol address of which is fully traceable. The sending machine identified itself as xserver3.joeblowemployer.domain-. The message was then handed off to somebodys.isp.domain- which carried it to the recipient. There may be multiple Received: lines as it is relayed to the recipient. Each has essentially the same info from their transaction.

    X-MimeOLE: Line is generated by the original server in this system, the data extracted from this is the sender is using Microsoft Exchange Server as his/her mail server. The versioning information on this can be used to exploit the user either by known vulnerabilities of this software or it can also be used to gather info on the user. Exchange Server is mostly used by organizations, or businesses.

    Message-ID: This is a unique random string that is in theory each email has and only identifies this message. After the # it denotes the generator of the ID, in this case the sender’s mail server. per RFC822 guidelines this can be either generated by the mail client or the server if the client doesn’t provide one.

    Thread-Index: This is a string that identifies whatever chain of emails this email is a part of, such as if it is from a back and forth conversation, and its order. This can be used to tie in other emails together.

    Date: This is the date/time the message was sent. It is either generated by the sender’s email client or the server. Of note is the time zone offset from GMT. (this indicates Pacific Daylight Savings Time which is GMT -7) This can indicate the time zone for which the server is situated.

    Content-Type: The boundary in this is used to break apart attachments and other information in the email so that the client software can render the email message to the user. The boundary is theoretically nearly unique. It can be used to track messages as well but it was originally intended to be used for parsing purposes.

    Again this is minimal at best. Most ISPs tack on additional lines for whatever purpose they might want. Any line that begins with X- is a permissable extension that according to the standard (RFC822) can be used for whatever purpose the mail client / server / or recipient servers choose and this can be also exploited or data mined for whatever purpose.

  13. David,

    I did the same thing. We may have been at cross purposes. Sorry, Darren!

  14. Darren,

    I found your comments in the spam folder, clicked the “not spam” button, approved one of them, and trashed the others. It doesn’t look like it posted. Try again, I’ll be more careful.

  15. David:

    i tried three times to post an example of the header information (metadata) that is part of what is found in email along with some description as to what the data was but the wordpress filter kicked it out despite the changes I tried to make it postable Could you take the last one I made and post if possible? Thanks.

  16. Darren:

    how dare you impugn the president’s good name. He would never do that but he might have the NSA and the IRS do it. 🙂

Comments are closed.