A Stanford graduate student has shown just how easily names can be matched with phone records, contradicting some of the legal justification offered by federal authorities for the National Security Agency’s bulk collection of phone data.
President Barack Obama said in June that the surveillance captured only which telephone numbers were connected to others. “There are no names … in that database,” Obama said.
Just last week, Sen. Dianne Feinstein (D-CA), chair of the Senate Intelligence Committee, said cell phone customers had no reasonable expectation to privacy because the data collected by the NSA because it did not contain their names.
But researcher Jonathan Mayer and co-author Patrick Mutchler reported that they’d gathered thousands of phone numbers from volunteers and checked various public online directories to link some of the 5,000 numbers chosen at random from their database to individuals.
With “marginal effort,” they matched more than 27 percent of the numbers using just Yelp, Google Places and Facebook.
They then randomly sampled 100 numbers from the database and ran Google searches for each.
“In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers,” Mayer wrote. “When we added in our three initial sources, we were up to 73.”
The researchers admitted they didn’t have the budget or credentials to access a premium data aggregator, but they ran the same 100 numbers through Intelius, a cheap, consumer service, and found 74 matches to individuals.
“Between Intelius, Google search and our three initial sources, we associated a name with 91 of the 100 numbers,” Mayer wrote.
The pair said their results showed that Americans should have little reason to expect their data to remain private in the NSA database.
“If a few academic researchers can get this far this quickly, it’s difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers,” Mayer wrote.
[Image via Agence France-Presse]