A study of more than 500 mobile phone owners by researchers at Stanford University suggests that call records and other “metadata” stored on our phones can easily be used to infer a wealth of sensitive information about phone owners – laying bare details of private lives that many would prefer to keep hidden.
The findings of the study were outlined in a blog post by researcher Patrick Mutchler on Wednesday. Researchers concluded that the data collected from the phones was very accurate in painting a picture of the phone’s owner, including their work, social interests and medical conditions. That was true even across a small sample population monitored for just a few weeks.
In the study, researchers placed an application, MetaPhone, on Android smartphones belonging to 546 participants and collected a wide range of information including device logs, social network information and call records for analysis.
In all, researchers collected calls to 33,688 unique numbers and analyzed them in conjunction with other logged data. While researchers were confident that metadata could reveal sensitive information if aggregated for long enough, they were surprised by how revealing even the small amount of data collected in their study turned out to be.
The combination of call records and other data from the phones turned out to be highly indicative of the owner’s activities and interests, Mutchler wrote.
Around 18 percent of the unique numbers were found to link to a specific individual, allowing researchers to create at least a partial social graph of the phone owner. In addition, researchers found that they could link other numbers to organizations that were revealing of a sensitive activity or trait. Numbers for discrete businesses like dental and medical offices or *ahem* adult establishments and gun shops. Google queries were used to resolve ambiguity about a business’s purpose. From that, the researchers inferred information based on the call patterns.
“If a person reaches out to a political campaign, for example, it seems highly probable that the person supports the candidate. Similarly, if a person speaks at length with a religious institution, it appears likely that the person is of that faith. A further inference could also be made, that the person worships at that particular institution,” the researchers write.
By correlating series of communications, the researchers were able to draw even broader inferences. For example:
“Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.”
And “in a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.”
The study is just the latest to explore how mobile phone use patterns have become the new fingerprint. A study by scientists at MIT and the Université Catholique de Louvain in Belgium last year analyzed 15 months of mobility data for 1.5 million customers of a European mobile carrier. Their analysis, “Unique in the Crowd: the privacy bounds of human mobility” showed that data from just four, randomly chosen “spatio-temporal points” (for example, mobile device pings to carrier antennas) was enough to uniquely identify 95% of the individuals, based on their pattern of movement.
The news comes amid increased scrutiny of how private firms and governments might tap mobile phone records and metadata to develop detailed profiles of individuals – even without access to the content of their conversations.
Speaking to the South by Southwest conference this week, former NSA leaker Edward Snowden warned of a chilling effect of government surveillance of phone and Internet communications. He called for the use of encryption to thwart government spying.