Phone traffic analysis

USA Today:

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

Here’s the story they don’t tell you.  Using the simple data of who called who and the times of the calls some very interesting conclusions can be made.  Out of billions of calls individual groups as small as ten people can be identified and their organizational structure mapped.  For example they can determine who the leader is and who will take his or her place if they were removed.  This was several years ago so I imagine the results are better now.  The same sort of information can be derived from email traffic as well.

I’m not sure how I stand on this.  My inclination is that if the companies who own the data are compelled to turn it over without probable cause then I’m against it.  But if it is optional and they get paid to share the information then I’m annoyed but don’t have a strong objection.

Other opinions include Michelle Malkin and Alphecca.

6 thoughts on “Phone traffic analysis

  1. This reflects one of my concerns, that the government can get access to individuals’ information through a third party without those individuals having any legal means to contest the government on the matter. The Kansas AG who is constantly trying to figure out new ways to try to intimidate women who have would get abortions comes to mind.

    But with your background, I am curious as to your take on the effectiveness of this effort. I would imagine that they would have to have some nugget of information with which to filter through the billions of calls. If so, why go through so many other peoples’ data, too? How does this give them information that they wouldn’t just get from monitoring all connections to a particular individual? If they don’t have a particular individual or group they’re targeting, then how can they tell the difference between a house church, my sister-in-law and her friends, and a terror cell? Seems like they could be more interested in other data that has nothing to do with terrorism.

  2. The question boils down to, “Who owns the call traffic records?” And I think the answer to that is, “The telephone company.” From there they can sell or give those records to whom ever they want. When they start selling or giving out names, address, and SSN’s then the individuals have something to complain about. I don’t know the extent of the information given out in this case.

    As far as having a “nugget” the answer is no. Just give me the time of the call and who called who. From that set of data AMAZING conclusions can be drawn with great accuracy. And yes, I think they could distingush a terror cell from a church group–for the most part. Perhaps one in a thousand (or some such number) church group will look something like a terror cell or vice versus. Add in the geographical data of where the calls were made from and to and correlate with other intelligence data of suspected terrorist activity and my guess it that it is very effective in distinguishing between friend and foe.

  3. Just getting raw CDR (call detail records) from the switches would be a huge boon in any country. Most people call very few people frequently, perhaps 5x more on a regular basis and the rest randomly. You wouldn’t have to know that A has a pre-paid cell phone and a landline, you would just see calls at the right time in this nexus and assert that A has two phones. Good enough.

  4. Sorry not to have gotten back to this sooner, but I couldn’t get to the site last night or earlier today.

    The phone companies may “own” the data about my call traffic, but that is inherently connected to me by dint of my phone number. Reverse directories are freely available on the internet, at least for landlines.

    The news story I read about this yesterday said that they were looking for the data so that they could go back in time after someone had acted and look up who he had been calling, as if the issue was to be able to look up historical information. That may be a reporter misunderstanding the program, since your description sounds more like a predictive model.

    Part of my concern is the propensity for government to misuse data. What do they do once they have identified a “terror cell”? Do they then send in SWAT commandos with poor trigger discipline because “we can’t take the chance of waiting”? Do they monitor them with warrantless wiretaps and searches? Do they actually follow the law and get a rubber-stamp warrant from the FISA court? If it turns out that they are not a terror cell, and the group they are monitoring hasn’t been shot, do they keep all the information they’ve gathered or is it disposed of? I don’t trust people who have no shame committing a felony by firing someone for their political beliefs not to abuse any information they collect.

    I specified house church in my earlier question for a reason, because they are a cell structure and tend to have tighter social bonds than traditional American churches. I would think a group like that would have communication patterns that would be harder to distinguish from other types of cells. Likewise for my sister-in-law and her friends, who have the ability to spread information amongst themselves that would boggle a mass-media mogul’s mind. I would’ve expected that terrorists would be working in 5-6 person cells and not be in frequent contact outside of those cells, so I just have a hard time figuring out how they would look unique as far as traffic statistics go.

    What use is knowing that person A has a landline and a pre-paid phone unless they are connecting those phones to a specific, no-longer-anonymous person? That is where I have a hard time seeing how this program standing on its own would be useful to find terrorists.

  5. I don’t trust the government very much either. I realize the data is connected to individuals but I don’t see this case as any different than the police approaching a hardware store chain and asking for all information on people who have purchased short pieces of steel pipe and matching caps (pipe bombs). If the store management wants to share that information, even if it includes credit card information, I don’t see there being any constitutional barriers. Who owns the sales data? The store or the customer? And from there is virtually no barrier to asking for all sales information.

    I agree that “standing on it’s own” it doesn’t do much. Only with other data such as overseas phone calls, informants, flight training, fertilizer purchases, etc. does it start being useful.

    As for it being used for historical or predictive value I don’t know for certain. I expect the reporter was ignorant, but I don’t have any inside knowledge on how the NSA is actually using it. And if did have inside knowledge I wouldn’t be sharing it in public. The networking info is all available in published papers.

    I would expect the call patterns of a home church “cell” and a terrorist cell will have some overlap. But I’m betting that even two home churches from different cultures would be discernable let alone a home church and a terrorist cell. For example; the terrorist cell will have mobile phones with several of the people frequently traveling and communicating back to the leader. The home church people will be more stationary and have more peer-to-peer communication.

  6. The difference to me with the hardware chain is that I have a choice of giving them personally identifiable information when I make a purchase. I have the option to obtain the steel pipe by paying in cash if I don’t want them to have information about my habits. If I choose to use a credit card that can be tied to me then I have made that choice based on convenience and I have less room to complain about it. I don’t have that option with a phone company, so I think the privacy safeguards should be higher.

    I think what is sticking for me is that, if this information needs other information to be useful, what is the ‘need’ for the massive collection of citizens’ data? If the phone data leads to other useful information, let’s hear that. It doesn’t make this any less of a concern to me, but at least it would show that they have a clue. I doubt that there is any way they can defend the program. To say that it is effective magnifies the violation of privacy; to say that it is harmless begs the question of why they would do it in the first place.

    I see your point about house church vs. terror cell, but I would think, though, that a construction crew or any number of companies organized to do site work and utilizing a supervisor would have similar leader-centric call patterns. After reading Linked by Barabasi I wonder if social networks tend to have more of those nodes/leaders than you might expect instead of the peer-to-peer distribution. If you have any pointers to public white papers on this topic I would be interested to hear them (I had of course assumed that you didn’t have any clearance-level information on this before I asked you about it).

    I appreciate your educated comments on the topic, but I am afraid they haven’t done much to comfort me that these guys aren’t just using any excuse to invade their own citizens’ privacy.

Comments are closed.