In the context of digital communications, metadata is the digital equivalent of an envelope—it’s information about the communications you send and receive. The subject line of your emails, the length of your conversations, and your location when communicating (as well as with whom) are all types of metadata. Metadata is often described as everything except the content of your communications.
Historically, metadata has had less privacy protection under the law in some countries—including the U.S.—than the contents of communications. The police in many countries can obtain the records of who you called last month more easily, for instance, than they can arrange a wiretap of your phone line to hear what you’re actually saying.
Those who collect or demand access to metadata, such as governments or telecommunications companies, argue that the disclosure (and collection) of metadata is no big deal. Unfortunately, these claims are just not true. Even a tiny sample of metadata can provide an intimate lens into a person’s life. Let’s take a look at how revealing metadata can actually be to the governments and companies that collect it:
- They know you rang a phone sex line at 2:24 am and spoke for 18 minutes. But they don't know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you got an email from an HIV testing service, then called your doctor, then visited an HIV support group website in the same hour. But they don't know what was in the email or what you talked about on the phone.
- They know you received an email from a digital rights activist group with the subject line “52 hours left to stop SOPA” and then called your elected representative immediately after. But the content of those communications remains safe from government intrusion.
- They know you called a gynecologist, spoke for a half hour, and then searched online for the local abortion clinic’s number later that day. But nobody knows what you spoke about.
Protecting metadata from external collection is a difficult problem technically, because third parties often need access to metadata to successfully connect your communications. Just like the outside of an envelope needs to be readable by a postal worker, digital communications often need to be marked with source and destination. Mobile phone companies need to know roughly where your telephone is in order to route calls to it.
Services like Tor and experimental projects like Ricochet hope to limit the amount of metadata that is produced by common ways of communicating online. Until laws are updated to better deal with metadata, and the tools that minimize it become more widespread, the best one can do is be aware of what metadata you transmit when you communicate, who can access that information, and how it might be used.