Since 2013, a stream of disclosures have prompted reconsideration of surveillance law and policy. One of the most controversial principles, both in the United States and abroad, is that communications metadata receives substantially less protection than communications content. Several nations currently collect telephone metadata in bulk, including on their own citizens. In this paper, we attempt to shed light on the privacy properties of telephone metadata. Using a novel crowdsourcing methodology, we demonstrate that telephone metadata is densely interconnected, can trivially be re-identified, and can be used to draw sensitive inferences.
Jonathan Mayer is Chief Technologist for the Federal Communications Commission Enforcement Bureau. His responsibilities include cybersecurity, consumer privacy, and network neutrality matters. Jonathan is also a Cybersecurity Fellow at Stanford University, where he is completing a PhD in Computer Science. He previously graduated from Stanford Law School, where he served as a lecturer on technology security, privacy, and surveillance. He received his undergraduate degree from the Woodrow Wilson School of Public and International Affairs at Princeton University. Jonathan was named to the Forbes "30 Under 30" in 2014, for his contributions to technology security and privacy.
Patrick Mutchler is a graduate student in the Security Laboratory of the CS Department at Stanford University advised by John Mitchell. His research interests lie in mobile security and privacy, particularly in the measurement of mobile security and privacy threats at a large scale. This research has led him to identify tens of thousands of exploitable Android apps that span the entire Android app ecosystem. Patrick is graduating this spring and will be taking a position at Google where he will be working on Android program analysis.