Evaluating the privacy properties of telephone metadata

@article{Mayer2016EvaluatingTP,
  title={Evaluating the privacy properties of telephone metadata},
  author={Jonathan R. Mayer and Patrick Mutchler and John C. Mitchell},
  journal={Proceedings of the National Academy of Sciences},
  year={2016},
  volume={113},
  pages={5536 - 5541}
}
Significance Privacy protections against government surveillance are often scoped to communications content and exclude communications metadata. In the United States, the National Security Agency operated a particularly controversial program, collecting bulk telephone metadata nationwide. We investigate the privacy properties of telephone metadata to assess the impact of policies that distinguish between content and metadata. We find that telephone metadata is densely interconnected, can… 

Figures and Tables from this paper

Evaluating the Privacy Properties of Secure VoIP Metadata
TLDR
This work investigates privacy properties of voice calls metadata, in particular when using secure VoIP, giving evidence of the ability to extract sensitive information from its metadata, and finds that ZRTP metadata is freely available to any client on the network, and that users can be re-identified by any user with access to the network.
Privacy of Location Information
TLDR
The review reveals that, after 2015, no comprehensive study was undertaken in the following areas: how location information is generated and exchanged in the IP-mediated long-term evolution telecommunications network and how mobile devices are tracked and create more precise location estimates.
Privacy versus the Use of Location Information for Law Enforcement and Security in Australia
This article reviews existing knowledge regarding the powers of the Australian Security Intelligence Organisation and the Australian Federal Police to access and use metadata. The review is primarily
Categorizing Uses of Communications Metadata: Systematizing Knowledge and Presenting a Path for Privacy
TLDR
This work provides both an intellectual framework for thinking about the privacy implications of the use of communications metadata and a roadmap, with first steps taken, for providing privacy protections for users of electronic communications.
Privacy Policies and Their Lack of Clear Disclosure Regarding the Life Cycle of User Information
TLDR
It is argued that the lack of clarity in privacy policies presents a significant barrier toward empowering people to make informed choices about which products or services to use and the widespread adoption of machine learning or other techniques to analyze such policies.
Privacy and Social Movements
TLDR
The impact of privacy violations on social movements and the tools for encrypted messaging currently used by social movements are discussed and it is shown that the misunderstandings around privacy by users and the causes that prevent the developing of better tools for social movements.
Bulk Surveillance in the Digital Age: Rethinking the Human Rights Law Approach to Bulk Monitoring of Communications Data
The digital age has brought new possibilities and potency to state surveillance activities. Of significance has been the advent of bulk communications data monitoring, which involves the large-scale
kτ, ε-anonymity: Towards Privacy-Preserving Publishing of Spatiotemporal Trajectory Data
TLDR
An algorithm is proposed that generalizes the data so that they satisfy $k^{\tau,\epsilon$-anonymity, an original privacy criterion that thwarts attacks on trajectories, a step forward in the direction of open, privacy-preserving datasets of spatiotemporal trajectories.
Preserving mobile subscriber privacy in open datasets of spatiotemporal trajectories
TLDR
An algorithm is proposed that generalizes the data so that they satisfy-anonymity, an original privacy criterion that thwarts attacks on trajectories, and is a step forward in the direction of open, privacy-preserving datasets of spatiotemporal trajectories.
Quantifying Surveillance in the Networked Age: Node-based Intrusions and Group Privacy
TLDR
The results show that the current individual-centric approach to privacy and data protection does not encompass the realities of modern life, which makes us---as a society---vulnerable to large-scale surveillance attacks which the authors need to develop protections against.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 59 REFERENCES
Privacy leakage vs . Protection measures : the growing disconnect
TLDR
The growing disconnect between the protection measures and increasing leakage and linkage suggests that the community needs to move beyond the losing battle with aggregators and examine what roles first-party sites can play in protecting privacy of their use rs.
On the Anonymity of Home/Work Location Pairs
TLDR
If the approximate locations of an individual's home and workplace can both be deduced from a location trace, then the median size of the individual's anonymity set in the U.S. working population is 1, 21 and 34,980.
Privacy and Online Social Networks: Can Colorless Green Ideas Sleep Furiously?
TLDR
The state of the art of privacy protection measures is surveyed and some potential directions in moving from a syntactic approach to a more holistic semantics-based approach are presented.
k-Anonymity: A Model for Protecting Privacy
  • L. Sweeney
  • Computer Science
    Int. J. Uncertain. Fuzziness Knowl. Based Syst.
  • 2002
TLDR
The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment and examines re-identification attacks that can be realized on releases that adhere to k- anonymity unless accompanying policies are respected.
Cookies That Give You Away: The Surveillance Implications of Web Tracking
TLDR
It is shown that foreign users are highly vulnerable to the NSA's dragnet surveillance due to the concentration of third-party trackers in the U.S. Using measurement units in various locations, this work introduces a methodology that combines web measurement and network measurement.
Anonymization of location data does not work: a large-scale measurement study
TLDR
This study shows that sharing anonymized location data will likely lead to privacy risks and that, at a minimum, the data needs to be coarse in either the time domain (meaning the data is collected over short periods of time, in which case inferring the top N locations reliably is difficult) or the space domain ( meaning the data granularity is strictly higher than the cell level).
Unique in the Crowd: The privacy bounds of human mobility
TLDR
It is found that in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.
Differential Privacy
TLDR
A general impossibility result is given showing that a formalization of Dalenius' goal along the lines of semantic security cannot be achieved, which suggests a new measure, differential privacy, which, intuitively, captures the increased risk to one's privacy incurred by participating in a database.
De-anonymizing Social Networks
TLDR
A framework for analyzing privacy and anonymity in social networks is presented and a new re-identification algorithm targeting anonymized social-network graphs is developed, showing that a third of the users who can be verified to have accounts on both Twitter and Flickr can be re-identified in the anonymous Twitter graph.
Robust De-anonymization of Large Sparse Datasets
TLDR
This work applies the de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world's largest online movie rental service, and demonstrates that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber's record in the dataset.
...
1
2
3
4
5
...