Maybe we would care more if we knew just how many surprising insights can be gleaned from our online activity. https://edri.org/what-does-your-browsing-history-say-about-you/ https://labs.rs/en/browsing-histories/ https://edri.org/what-does-your-browsing-history-say-about-you/
La prochaine fois que vous entendrez un officiel, un expert en sécurité, un responsable des services de renseignement dire "Oh, mais il s'agit seulement de métadonnées", pensez à Ton Siedsma, l'homme sur qui vous savez tellement, seulement parce qu'il a partagé une semaine de métadonnées avec nous.
THIS STORY IS ABOUT THE POWER OF METADATA.
La traçabilité par les « phéromones numériques »
Eléments de langage d'Urvoas
Ever since reporters began publishing stories about NSA activities, based on documents provided by Edward Snowden, we've been repeatedly assured by government officials that it's "only metadata." This might fool the average person, but it shouldn't fool those of us in the security field. Metadata equals surveillance data, and collecting metadata on people means putting them under surveillance.
An easy thought experiment demonstrates this. Imagine that you hired a private detective to eavesdrop on a subject. That detective would plant a bug in that subject's home, office, and car. He would eavesdrop on his computer. He would listen in on that subject's conversations, both face to face and remotely, and you would get a report on what was said in those conversations. (This is what President Obama repeatedly reassures us isn't happening with our phone calls. But am I the only one who finds it suspicious that he always uses very specific words? "The NSA is not listening in on your phone calls." This leaves open the possibility that the NSA is recording, transcribing, and analyzing your phone calls—and very occasionally reading them. This is far more likely to be true, and something a pedantically minded president could claim he wasn't lying about.)
Now imagine that you asked that same private detective to put a subject under constant surveillance. You would get a different report, one that included things like where he went, what he did, who he spoke to—and for how long—who he wrote to, what he read, and what he purchased. This is all metadata, data we know the NSA is collecting. So when the president says that it's only metadata, what you should really hear is that we're all under constant and ubiquitous surveillance.
What's missing from much of the discussion about the NSA's activities is what they're doing with all of this surveillance data. The newspapers focus on what's being collected, not on how it's being analyzed—with the singular exception of the Washington Post story on cellphone location collection. By their nature, cellphones are tracking devices. For a network to connect calls, it needs to know which cell the phone is located in. In an urban area, this narrows a phone's location to a few blocks. GPS data, transmitted across the network by far too many apps, locates a phone even more precisely. Collecting this data in bulk, which is what the NSA does, effectively puts everyone under physical surveillance.
This is new. Police could always tail a suspect, but now they can tail everyone—suspect or not. And once they're able to do that, they can perform analyses that weren't otherwise possible. The Washington Post reported two examples. One, you can look for pairs of phones that move toward each other, turn off for an hour or so, and then turn themselves back on while moving away from each other. In other words, you can look for secret meetings. Two, you can locate specific phones of interest and then look for other phones that move geographically in synch with those phones. In other words, you can look for someone physically tailing someone else. I'm sure there are dozens of other clever analyses you can perform with a database like this. We need more researchers thinking about the possibilities. I can assure you that the world's intelligence agencies are conducting this research.
How could a secret police use other surveillance databases: everyone's calling records, everyone's purchasing habits, everyone's browsing history, everyone's Facebook and Twitter history? How could these databases be combined in interesting ways? We need more research on the emergent properties of ubiquitous electronic surveillance.
We can't protect against what we don't understand. And whatever you think of the NSA or the other 5-Eyes countries, these techniques aren't solely theirs. They're being used by many countries to intimidate and control their populations. In a few years, they'll be used by corporations for psychological manipulation—persuasion or advertising—and even sooner by cybercriminals for more illicit purposes.
In about every document on the internet, there are some bits of metadata, mostly harmless. || https://www.wefightcensorship.org/article/metadata-your-files-talk-youhtml.html
I have a New York Review of Books blog up today on Congress’s efforts to rein in NSA spying — or at least that part of it that directly targets Americans. It starts with a remarkable admission former director of NSA and CIA Michael Hayden made in a debate I had with him last month at Johns Hopkins, in which he asserted, in response to my argument that metadata is very revealing – “We kill people based on metadata.”
Nos traces numériques laissent bien plus d’empreintes que 12 petits points… Nos téléphones laissent derrière eux, dans les données des opérateurs, de nombreuses informations : qui on appelle, quand, pendant combien de temps, de quel endroit… Nos données de mobilités listent tous les endroits où nous sommes allés. Or, nos façons de nous déplacer sont très régulières, répétitives, uniques, pareilles à des empreintes digitales. Quand on regarde une base de données d’opérateur téléphonique, on est confronté à des millions d’enregistrements. On semble n’y voir personne et pourtant, chacun d’entre nous est là. Comment retrouver quelqu’un dans de telles bases ? Quel serait le nombre de points nécessaires pour identifier à coup sûr une personne dans de telles bases ?
Dans les discussions sur les risques d'espionnage des utilisateurs sur l'Internet, le terme de métadonnées revient souvent. Ce sont les données qui, sans faire partie du contenu de la communication, servent à son acheminement. On sait qu'un espion qui n'aurait accès qu'à ces métadonnées peut récolter plein d'informations intéressantes. Peut-on empêcher cela ?
Back in June, when the contents of Edward Snowden's cache of NSA documents were just starting to be revealed and we learned about the NSA collecting phone metadata of every American, many people -- including President Obama -- discounted the seriousness of the NSA's actions by saying that it's just metadata.
Lots and lots of people effectively demolished that trivialization, but the arguments are generally subtle and hard to convey quickly and simply. I have a more compact argument: metadata equals surveillance.
Imagine you hired a detective to eavesdrop on someone. He might plant a bug in their office. He might tap their phone. He might open their mail. The result would be the details of that person's communications. That's the "data."
Now imagine you hired that same detective to surveil that person. The result would be details of what he did: where he went, who he talked to, what he looked at, what he purchased -- how he spent his day. That's all metadata.
When the government collects metadata on people, the government puts them under surveillance. When the government collects metadata on the entire country, they put everyone under surveillance. When Google does it, they do the same thing. Metadata equals surveillance; it's that simple.
http://www.wired.com/opinion/2013/06/phew-it-was-just-metadata-not-think-again/
A cast of literally thousands, well, three, tell the story of how collecting data about data in no way compromises privacy.
Cast of Characters
Winston Churchill: The prime minister of the United Kingdom
Alan Turing: A cryptographer
Theresa May: Alan Turing's line manager
Cryptographers: Various
Military Policemen (MPs): Various
Scene
Hut 6, Bletchley Park
Time
1944
Setting
A long, prefab "hut" in which various men and women labour over noisy machines. Churchill, May and Turing are stood in a corner, stage right, conversing. Cryptographers sit at their desks, pretending not to listen in.
Si les révélations sur le programme d'espionnage américain Prism ont provoqué un concert d'indignation en Europe, la France, elle, n'a que faiblement protesté. Pour deux excellentes raisons : Paris était déjà au courant. Et fait la même chose.
Les enregistrements provenant de Verizon concernent tout sauf le contenu vocal, rappelle Schneier : qui appelle qui, la localisation des appels, leur durée… “Ces métadonnées” permettent au gouvernement de suivre les mouvements de tout le monde durant cette période et de construire une image détaillée de qui parle à qui. Ce sont exactement les mêmes données que le ministère de la Justice américain a recueillies récemment sur les journalistes d’Associated Press (voir les explications du Monde.fr et comme le rappelait Chris Soghoian de l’Union pour les libertés civiles américaines dans un article de The Verge, il y a des catégories entières d’informations pour lesquelles les métadonnées peuvent être aussi sensibles que les contenus).
Rest assured that we only collected metadata on these people, and no actual conversations were recorded or meetings transcribed. All I know is whether someone was a member of an organization or not. Surely this is but a small encroachment on the freedom of the Crown’s subjects. I have been asked, on the basis of this poor information, to present some names for our field agents in the Colonies to work with. It seems an unlikely task.
Petite démonstration de ce qu'on peut faire avec les fameuses metadatas.
Metadata Can Be More Revealing Than Your Actual Conversations
"The public doesn't understand," Landau told Mayer. "It's much more intrusive than content."