The carrier’s PRISM moment: A wakeup call?

Wireless operators have long had some of the most valuable customer data opportunity at their fingertips, but will NSA open their eyes to it?

The recent reluctant coming out party of NSA’s PRISM and other surveillance details courtesy of Edward Snowden, highlights the potential uses and value of data, and in particular that of carrier data.

One of the early responses from the government to the PRISM revelations was that it’s all “harmless” as it was simply metadata.

So what is the government’s definition of metadata and what can be done with it?

The metadata consists of: Caller ID, called number, IMSI (the SIM card Identifier), IMEI (the individual device identifier), trunk identifier, time and duration of call. According to the order it is not limited to this, so one can assume that they are asking for a location of the device as well as similar activity for any data sessions (for context an average smartphone pings the network every few minutes).

The short path from anonymous to identified

The claim that this data is anonymous and simply not usable without the actual phone number and account information details is patently false.

For data to be re-anonymized and converted into personally identifiable information, one simply needs access to other data sources that can complement and corroborate some of this data and suddenly the data identifies the individual to whom a single item referenced. The low threshold of the corroborative data required was highlighted in this study performed by researchers at MIT.

This was highlighted by the Netflix million dollar challenge which was initiated for research purposes and was highly regarded, yet by researchers at the University of Texas simply cross referencing it with data freely available from IMDB’s database the researchers were able to accurately re-identify the identity of users in the sample data.

The carrier data is far more insidious as there is simply no better tracker than a cell phone, as the cell phone has been shown to be bound to us even more than our key and wallet. What’s more; the cell phone is both an active tracker for all the activity we manually perform like application usage and phone calls, and a passive tracker that constantly interacts with the wireless network to identify our locations and activities in real-time.

The scary capabilities

Now if researchers were able to do this with freely available data, imagine what the NSA and other intelligence agencies can do with their proprietary data to de-anonymize the carrier metadata with extreme accuracy.

To get a grasp on what the NSA can do with the data once they are de-anonymized, one needs to simply look at this study conducted with similar carrier data by researchers at the University of Birmingham which I referenced to in an earlier post. The researchers were able to “predict” with 94% accuracy where an individual was likely to be in the next 24 hours within 20 meters of accuracy, and further research by Microsoft allowed fairly accurate predictions 285 days in the future.

The goldmine for carriers

To date the carriers have dipped their toes into the possibilities enabled by the rich data opportunity with programs such as Verizon’s Precision Market Insights or Sprint’s Pinsight Media and now AT&T, or abroad in the UK with the cross carrier Weve joint venture that provide agencies with anonymous user data to improve targeting. However the real opportunity is for carriers to create their own businesses utilizing their data to provide rich and contextual customer experiences and application that leverage these types of analytics.

While the NSA does not require any opt-in or privacy mandates, any commercial application will require these types of stringent controls.

Yet the NSA’s insight into the value of carrier customer data – while distasteful, can hopefully be a catalyst for the carrier community to recognize the opportunities presented by that “collateral” side of their business and take its possibilities seriously, while proceeding with thoughtful caution.