WASHINGTON — The recent disclosure of extensive U.S. surveillance of phone and Internet communications has raised many technical questions, including how it is possible to sift through the mountains of data. It turns out that the government was collecting only so-called "metadata."
U.S. government officials say the surveillance covered only metadata - the patterns of the phone calls and internet messages - not the substance of the communications.
According to reports, a majority of e-mail messages sent during a specific time period was intercepted and the metadata stored for possible later analysis.
Bill Supernor, the chief technology officer with Internet security firm KoolSpan, said metadata can provide valuable information for intelligence services.
“Metadata is the generic term used to describe information that describes information. So the metadata of an email may be who was it sent to, who it was from, the date, what size the message is. Many emails were passed through a number of POPs [Post Office Protocol]. A number of different email relay stations and that kind of information may be regarded to be metadata,” said Supernor.
Supernor said that storing metadata requires considerably less space than storing the content of those messages, and is much easier to index and catalogue. But its usefulness is limited.
Phone conversations also carry metadata, including which cell tower the phones used, when a call started and ended, and the position of the caller right down to the city block. Those bits of information can help police and intelligence agencies track criminals and terrorists.
Internet messages also can help hackers, however, who may be after financial and other personal data.
“The best thing you can do to defend yourself is pick random passwords, so nothing that involves your cats or dogs or car, or the names of any of these things - your address, your family, any of the kinds of things that appear in social media. It’s such a weapon in the hand of the bad guys,” said Supernor.
In the case of cell phones, Supernor said never use them to send valuable information such as Social Security or personal identification numbers, or credit card numbers.
”SMS is something I would not use for exchanging secure information. That transport is just not a safe transport to use for that kind of information,” he said.
Bill Supernor said the Internet is not a secure means of communication and strongly advises encryption of messages containing sensitive information. This is especially true for commercial companies and organizations that want to make sure that the private information they share stays behind an impenetrable screen.