Effectiveness of metadata information and tools applied to national security.

Author:Pham, Cassidy


Recent events, in particular, the ongoing Snowden affair, has increased debate about government surveillance within the country and abroad. Among the most common concerns is the infringement of privacy in terms of metadata information. Though there is ample debate concerning the legal and political issues, few, if any, discussions are concerned with the effectiveness of metadata used by the intelligence community (IC). From smartphones to Facebook profiles, the IC, with its latest tools, can collect a substantial amount of information in the form of metadata. With the application of metadata as part of the national security apparatus, it has greatly enhanced the capability of the IC to retrieve and analyze information in the 21st century.

Statement of the Problem

Research is needed to examine the effectiveness of the metadata-related tools and applications in order to determine its usefulness in national security. With the legal and political ramifications in the government's sweeping surveillance of metadata, and the roughly 67 billion dollars budgeted for U.S. intelligence in a period where Americans are less willing to pay for costly government programs, it is imperative for the public to better understand how metadata is used as an intelligence gathering tool as well as how effective it is. The limitation or complete absence of public awareness may unnecessarily limit the IC's ability to effectively use metadata for national security concerns.

Literature Review

Leaked government documents, concerning the software and metadata scheme of surveillance in the form of the National Security Agency's (NSA) XKeyscore will be explained. Various applications of the metadata generated by XKeyscore, and similar programs will be discussed using leaked government documents, declassified documents, scholarly journals, and books. In addition, the interoperability among local, state, federal, and international agencies within the IC using more or less the same type of sources.

Though the actual structure of the metadata has not been made available to the public, training materials in the form of a PowerPoint presentation released by The Guardian provides a rough overview of the possible metadata elements in the National Security Agency's (NSA) so called XKeyscore. This program is essentially a metadata generator that extracts and converts data into separate indexes, or metadata tags. Below is a table from one of the slides that showcases the type of information that XKeyscore extracts and indexes.

It is apparent from the table above and commentary by Glen Greenwald that IP and email addresses are among the items extracted and indexed by XKeyscore (Greenwald, 2013). Web files such as word documents and html files, and HTTP activities consisting of internet browsing and communications are also targeted (Greenwald, 2013). Though the government has yet to confirm the existence of XKeyscore, a recent declassified document does verify some aspects of the metadata collected by the government. According to a document by the Foreign Intelligence Surveillance Court, it is confirmed that the U.S. government does collect "telephony metadata", which according to the document, includes:

comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call (Foreign Intelligence Surveillance Court, 2013).

The wide-range of information that is extracted by XKeyscore has many useful applications in terms of national security. According to one of the slides, analysts can track a German-speaking person located in Pakistan by accessing documents with tags defined by the country of origin, the HTML language, and various other metadata under the "User Activity" plug-in (The Guardian, 2013). Though a good portion of the information is redacted, one particular slide showcases how the metadata is structured. Below is a metadata structure taken from a supposed "HTTP Parser" plug-in.

GET /search?hl=eng&q-islambad&meta= HTTP/1.0

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application v/nds.msapplication/msword, application/x-shockwave-flash, */*

Referer: http://www.google.com/pk/

Accept-Language: en-US

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Host: www.google.com.pk (The Guardian, 2013).

It is apparent that XKeyscore has four notable metadata elements in this particular plug-in, "Accept-Language", "User-Agent", "Referer" and "Host"; though in this example, "Referer" and "Host" come from the same source. These elements tell the analyst that the item content of the information uses the standard U.S. English language code, and it was based on the Mozilla/4.0 browser scheme. In addition, the source of the item came from Google.com, specifically, the Pakistani host server.

Other sources suggest metadata information from XKeyscore and similar programs can be used on other relevant tools. For instance, in a leaked training manual from a PowerPoint slide provided by the New York Times, the SYANPSE Data Model creates visual graphics of metadata information (New York Times, 2013). In this case, the phone and e-mail metadata is used to display a social network diagram that depicts the relationships between people associated with the person of interest. In a research study, a software similar to SYANPSE Data Model called iMiner was used to graph the hierarchy of covert terrorist networks by determining the association and frequency of metadata, in particular, individuals, organizations, places and events (Memon & Larsen, n.d.). Metadata for this...

To continue reading