What does your smartphone metadata say about you?

A study conducted by Stanford University graduate students has demonstrated that a lot of personal information can be gleaned just based on the phone calls you make.

Even if the only information that is collected from your phone is the calls you place, that can still tell someone a lot about you. Two graduate students from Stanford University found that even metadata surveillance — that is, data about data, in this instance phone calls — can reveal medical information, interests and hobbies.

Computer science doctoral students Jonathan Mayer and Patrick Mutchler conducted an NSA-style metadata survey of 546 volunteer phone numbers using an app called MetaPhone, which tracked the phone numbers of the caller and recipient, the serial numbers of the phones involved, the time and duration of the calls and even the location of each party when the call was placed. What they discovered is that they could ascertain medical conditions, financial contacts and even information about the caller's hobbies.

"One of the things which is most concerning about the privacy properties we've uncovered is how easy it is to make inferences about the metadata on a large scale," Mayer said. "We had a participant who... had calls with a lumber yard and a locksmith and a hydroponics dealer and a bong shop. [You] don't need a PHD in computer science to have some sense of what could be going on there."

The volunteers between them called 33,688 unique numbers, and Mayer and Mutchler were able to determine that 57 per cent of the volunteers made at least one medical call, and 40 per cent made a call related to financial services. One caller was identified as a multiple sclerosis patient, and another as seeking an abortion. Governments — including Australian prime minister Tony Abbott — had previously rejected the suggestion that such information was obtainable through metadata.

Mayer said he and Mutchler had not anticipated finding much personal information at all. "We were wrong. Phone metadata is unambiguously sensitive, even over a small sample and short time window. We were able to infer medical conditions, firearm ownership and more, using solely phone metadata," Mayer said.

"It would be entirely possible for an intelligence agency or a telecom provider, or anyone with this dataset to make some pretty disturbing findings. I don't think there is any defence. This is the reality of telephone metadata, it's very sensitive and the policy debate needs to proceed from that premise. We can't wish away the privacy properties of this data."