When news broke about U.S. government agencies collecting metadata about its citizens’ Internet and phone communications, many were surprised by its scope. The surveillance covered a vast number of Internet messages and phone calls. The government did not deny the action but pointed out that the collected data contained, not the substance of the communication, but the so-called metadata.
Although many suspected that U.S. intelligence agencies were collecting data about suspicious messages and calls, it was assumed that the actions were covered by court orders and aimed at specific targets. But reports say, during a specific time period, practically all e-mail messages were intercepted and their metadata stored for possible later analysis.
Government agencies claim that they collect only metadata and not the content of intercepted messages. But KoolSpan Chief Technology Officer Bill Supernor says metadata holds very valuable information for the intelligence services.
“Metadata is the generic term used to describe information that describes information. So the metadata of an e-mail may be who was it sent to, who it was from, the date, what size the message is," said Supernor. "Many e-mails were passed through a number of POPs [Post Office Protocol]. A number of different e-mail relay stations and that kind of information may be regarded to be metadata.”
Why is communication over the Internet not private? If computers each have their own addresses, how can e-mail be read by someone else?
Supernor says to understand this we have to go to the beginnings of the Internet.
“When the Internet was first designed and envisioned, it was envisioned as a system for open communication between people at different universities," said Supernor. "And over time it grew into a system for sharing information between defense related organizations."
So at first, security was not the primary concern because nobody thought the Internet would be used for private communication among people, companies and government officials. Security was added later, he says, almost as an afterthought.
Another problem, says Supernor, stems from the networked nature of the Internet.
“Networks imply lines of communication connected at hubs or endpoints," he said. "And any one of those hubs or endpoints can be a point at which information could be pulled off and snooped upon or intercepted by both friendly and unfriendly parties.”
Supernor adds that storing metadata requires considerably less space than storing the content of the messages. He says metadata is much easier to index and catalogue, but only so much can be done with that information.
Reports indicate U.S. intelligence agencies also collected metadata of phone conversations, with information about originators and receivers of calls, duration of calls and possibly even the types of phones used. Supernor says that in the case of cellular, it can show which cell tower the phones used at the time a call was placed, received, and the time the call ended on either phone.
“The metadata can contain some pretty interesting information in terms of the physical location," said Supernor. "And if anybody ever used some of the mapping applications on the smartphone, with the GPS turned off, that’s a lot of information that’s available to know about, right down to the city block where a person was located.”
Intelligence agencies are presumably after terrorists and criminals. But what about other hackers who may be after financial and other personal data?
Supernor advises “the best thing you can do to defend yourself is pick random passwords, so nothing that involves your cats or dogs or car, or the names of any of these things - your address, your family, any of the kinds of things that appear in social media. It’s such a weapon in the hand of the bad guys.”
In the case of cell phones or smartphones, Supernor says one should especially guard valuable information such as Social Security numbers and credit card numbers.
”SMS is something I would not use for exchanging secure information," he said. "That transport is just not a safe transport to use for that kind of information.”
Bill Supernor says that the Internet is not a secure means of communication and strongly advises encryption of messages containing sensitive information. This is especially true for commercial companies and organizations that want to make sure that the private information they share stays behind an impenetrable screen.