People are upset (or scared or confused or ambivalent) about the revelation that the National Security Agency is collecting information from Verizon concerning telephone calls made on its network. What does it all mean???
Let’s dive right in.
So the government is listening to all my Verizon calls, right?
No. Well, not according to this report that’s been dug up by The Guardian.
What’s happening, then?
Verizon is handing over “all call detail records or ‘telephony metadata’ created by Verizon for communications between the United States and abroad; or wholly within the United States, including local telephone calls.”
They’re handing over my telephony metadata???
Apparently only if you’re using Verizon Business Network Services which, according to the New York Times, “is one of the nation’s largest telecommunications and Internet providers for corporations.”
Now that I’m upset about the possibility of my telephony metadata being shared, what is telephony metadata?
According to the report:
Telephony metadata includes comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call. Telephony metadata does not include the substantive content of any communication, as defined by 18 U.S.C. § 2510(8), or the name, address, or financial information of a subscriber or customer.
Let’s break each part down into plain English.
Comprehensive communications routing information is a vague term, but it most likely means the general area a call originates from, which Verizon switches or towers handle the call, and where the call ends up connecting.
Your office phone, for example, has a telephone cord that connects to a box in some dusty closet in your office space, which may then connect to another box in another dusty closet in the building, which may then connect to another box on the telephone pole, which then connects to Verizon somewhere, who then—I mean, you get the basic idea of how telephone call works, right? All the little connections made along the way make up the routing information.
Session identifying information is part of what happens in the above example. When one phone connects to another phone, Verizon knows both phones’ phone numbers, of course (originating and terminating telephone number). The trunk identifier refers to the magical phenomenon wherein when someone calls you, you can see the number they’re calling from.
Telephone calling card numbers were things I used during my first year of college in 1997 that let me call home for cheaper than it cost to make a long-distance call from my dorm room (you’d call a 1-800 number, enter a 16-digit or so pin, then enter the phone number you wanted to call).
Time and duration of the call should be pretty self-explanatory, but just in case: Time refers to a mystical fourth dimension that doesn’t actually exist, yet is referenced in the human mind in a linear fashion. The duration of a call is how long the call lasted, from hello to goodbye.
IMSI and IMEI refer to cell phones. The IMSI basically tells Verizon that you’re a paying customer and that you are allowed to make phone calls on its network and, if needed, which networks you can roam on. The IMEI basically tells Verizon that your phone belongs to a paying customer. If your phone gets stolen, for instance, you can have Verizon blacklist the IMEI number to prevent it from being able to make calls.
Substantive content of any communication as defined by 18 U.S.C. § 2510(8) is part of the Electronic Communications Privacy Act of 1986. Section 8 of paragraph 2510 says:
“contents”, when used with respect to any wire, oral, or electronic communication, includes any information concerning the substance, purport, or meaning of that communication;
So words, I guess. Things that you say. I’m a tech writer, not a law talking guy – sorry I can’t elaborate further. This stuff is not included in the telephony metadata, according to this report.
The name, address, or financial information of a subscriber or customer should be pretty straightforward. This stuff is not included in the telephony metadata, according to this report.
In a nutshell, we’re mostly talking about information that doesn’t identify you in any personal manner but that could, if needed, be tied to you with a little more digging thanks to the routing information involved, the phone numbers involved, and the IMSI and IMEI numbers involved.
Are other telephone companies handing similar data over to the NSA?
Hard to say, but maybe? It seems that would-be terrorists might also use networks other than Verizon. Again, I’m just a tech writer.
Surely non-identifying information about me isn’t being passed around willy-nilly anywhere else, right?
Right. Oh, unless you use the internet.
If that’s the case, non-identifying information about you is being passed around constantly from site to site in the form of cookies and other methods of technological whimsy.
At a basic level, how you access the Internet works similarly to how a phone call takes place as described above. Your cable modem, for instance, has IMSI- and IMEI-like numbers that get passed along to Comcast, and all the stuff you search for and all the sites you visit get piped through Comcast’s network. Replace “Comcast” with your internet service provider in this instance.
For most people, this happens in a non-identifying, metadata-y way on a day-to-day basis. But if the NSA (or the FBI or some other acronym) comes knocking, metadata – telephony or otherwise – can generally be personally tied to you with a little more digging.
Sleep tight!