Metadata vs data
Authorities are quick to point out that “it’s only metadata” that’s collected during bulk surveillance operations, whether that’s through IMSI-catchers, passive taps on cables or tit-fortat sharing arrangements with other agencies to circumvent pesky laws on spying on your own subjects. Metadata typically consists of the “who” and the “when” rather than the “what”. So things like phone numbers, IP addresses, hostnames and timestamps, rather than emails/voicecalls or complete URLs.
Thanks to advances in processing huge datasets, combined with so much of our lives being carried out online, this metadata can still paint a worryingly accurate picture of what an individual is up to. Simply logging all phonecalls and text messages made in a given area over a few days will produce a social graph showing everyone’s circles. If someone knows you were in regular contact with a doctor, and also visiting a website about fibromyalgia, then they may deduce you’re a sufferer. Quoting NSA General Counsel Stewart Baker, “Metadata absolutely tells you everything about someone’s life.”
In the wake of Snowden, it emerged that people up to three “hops” away from persons of interests had their data scooped up (1 http://bit.ly/LXF235wearewatching). An oft-quoted figure is that two random individuals are only separated by six degrees, but in reality this is probably much less now, especially if you count the many superficial connections that social media (especially Twitter) engenders.