Metadata is data

or : The "I'm not touching you" of privacy violations

August 22, 2020

Metadata is a pretty broadly used term in tech. Essentially, metadata is data that describes other data. I know that sentence is a little painful, and it uses the word “data” more often than a Star Trek fanfiction So let's use a picture taken on your phone as an example. The data is of course the picture itself. The metadata would be things like date/time, model of phone, exposure information, maybe even the location.

These additional fields, which your phone really does add to your pictures right now, help give some detail to the core data of the picture and, aside from the location might seem pretty harmless.

One of the first challenges with metadata is that the “meta” part is defined in a way that’s convenient for whomever is asked. Let's look at how the NSA views phone call information. In their view it’s fine that they gather information on who is calling whom, and for how long, as long as they’re not actually listening in to the conversation itself. They consider that to be just collecting metadata. I’d argue that the participants of a phone call are a pretty core part of the data, but hey, I think we can trust the government not to overstep on privacy matters.

Appropriate cynicism aside, let’s look at what can be done with metadata. Knowing that two people (Alice and Bob) called at a certain time for a certain duration doesn’t tell you much. It could have been a wrong number, an old fashioned 80’s crank call, or a lonely, shameful pizza order.

Now if you’ve got months of Alice and Bob’s call data you can derive patterns. You can see when the two started talking and determine the pattern and frequency of their talks. What if Bob is a mental-health therapist? For a given pattern of calls you can establish a reasonable expectation that Alice is in counseling. That kind of information is clearly private, and with the unfair stigma around mental-health that still exists in corners, could expose Alice to discrimination.

Web-scale stalking

That private fact could be inferred from a pretty small data set. Compare that to the truly enormous amount of data that has been mined by Google, Facebook, and all the companies that have turned you and your data into their product. They have much more than the simple example given above. They don’t just have interactions between two people. They have interactions between billions of people, and they have the tools and skillsets to derive more information about us than we’ve ever considered.

That data is how they get their income. If a service is free, then, odds are, you are the product. Think about how your client’s data is being exposed when you use them

The easiest way to keep a secret is not to know it

Protecting your business data and your client's privacy is the right thing to do, and increasingly a matter of regulation. At Pritact our core goal is to facilitate secure communication for business. Your files and messages are encrypted before they get to us and the metadata isn’t extractable from our databases. We don’t derive income from your private data allowing you to safely work with your clients without risk of giving up your proprietary data or your client’s personal information.

Curious about how Pritact can protect all your data? Send us an email to learn more.