How is bulk metadata useful against diplomats or for industrial espionage?

For those you prefer content and don't care so much about the metadata.

The UK has recently had debates about the collection of bulk metadata. Imagine our surprise when GCHQ was slurping it all along. They say that they're a secret organisation and that their collections can't be used for domestic law enforcement, and that this debate was actually about allowing law enforcement to collect metadata.

I would prefer GCHQ to not be slurping this data, but I don't see it as being particularly harmful to me. But extending that out to the general law enforcement agencies, or wider to local government officials etc, is terrifying. GCHQ employees are reasonably well trained in secrecy and privacy and the risk of information being misused is low[1], but we've seen plenty of abuses of personal data by police forces (selling information to news papers, and so on) and local councils (spying on people applying for parking permits or for entry to certain schools) and so it's a bit scary letting them get hold of any more data than they strictly need, especially if there's no judge involved.

> How is bulk metadata useful against diplomats or for industrial espionage?

Because there is no meaningful distinction between metadata and data. Its a deception when agencies claims that metadata somehow is harmlessness.

How is bulk metadata useful against diplomats? To know who they talk to, when, and from where. Did that diplomat spend hours or minutes discussing our offer? Did that diplomat just call back to his superiors when at the same time pretending to not care about this information we "slipped"? Did that diplomat just do a call at 1 am from a cheap motel known for their hookers?

How is bulk metadata useful against industrial espionage? Did they spend minutes or hours discussing the deal we just offered them? Company A just offered to become the remote branch in China, so why is company B calling someone located in China? Are they looking at competing offers? Who, where and in what capacity does Company B has research labs/production sites? Why is that negotiator calling from that "infamous" cheap motel? Does the wife/husband know this? And if I map out each call from the CEO, I should get all the detailed and private HR information I need. When I asked them, they pretend that its a company secret...

Metadata: The information you use to infer the data you don't yet have.

Metadata: The information that helps you decide to target for deeper collection the comms of someone you were previously unaware of. Diplomat X talks to Y a lot, so we better track Y more closely.

You seem to go easy on GCHQ. I don't understand why you give the most trust to the most secret and unchecked agency out of all those mentioned.

Even if you trust GCHQ, how about their partners from other countries who have access to our data GCHQ kindly collected?

I do go easy on GCHQ. While I think that they should stop slurping all data (including metadata) and that oversight needs to be much much stronger, I am less concerned about abuses by GCHQ than I am about abuses by other agencies; and I am less concerned about the consequences to me of GCHQ actions than the actions of other agencies.

A bunch of people collect data.

Some of those people do stuff with that data, and that stuff will have consequences for me.

At the moment it feels like GCHQ has a big store of my data. Maybe they even grep the data for my name. But the consequences to me are better quality research on data-mining (because they sponsor some university research) and a diversion of my tax money to stuff I don't want to fund. (With a bit of industrial espionage, I guess, as shown by the old EU parliament report on ECHELON).

Looking at other abuses of data collection: I don't like the way the UK police are building a massive DNA database. I feel like that carries much more risk of harm to society, and to me, than GCHQ slurping data. An idea DNA database for law enforcement would include everyone who has ever committed a crime, and no-one else. But the UK database includes anyone who has ever been arrested. It doesn't matter if they go to trial and are found not guilty, or if they don't even go to trial. It also includes people who volunteer to be DNA sampled. (EG, in prominent sex attack cases the local population sometimes volunteer to "rule themselves out". It's bizarre.)

The criminal records database is also worrying. Obviously we need it, but there have been plenty of examples of corrupt police officers selling information to the press. It's easy to imagine them selling information to ex-colleagues, or them mis-using the databse for personal use. (Even with the protections in place.)

Local councils have weird powers to spy on subjects. They use these powers to ensure that people applying for a parking permit actually live in that area, and are not just applying for the permit to sell on to other people. Or they use the powers to spy on parents applying to a school, to ensure the parents live in the catchment area. My local council has a bunch of employees who are abusive, nasty, idiots. "Little Hitlers", "Jobsworths", etc. Again, there are plenty of examples of corruption in local government.

With all of those people there are opportunities for the misuse of data and for corruption. And they actually have an affect upon my life - credit ratings are wrong or I get harassed everytime I drive my car or I get refused something that rightfully I'm allowed or whatnot. These everyday abuses that actually happen are more important to me than the theoretical risk of totalitarian government.

In both diplomatic and business negotiations, knowing with whom your adversary is talking and when seems very useful to me.

I'm not sure what overall point I'm making but "evidence that bulk meta data is useful in catching terrorists" is a pretty high bar.

There is very little terrorism in the US, compared to other violent crimes like murder or rape. It's a little harder to quantify because most deaths & injuries were due to one event. Potential mega events like nuclear terrorism or another 9/11 scale event are possible are even more black swanish. But in an average year there is virtually none. Terrorism & counter-terrorism are mostly emotional, the emotional impact of a terrorist attack carries more weight.

What would effective even look like? Reducing the number of yearly incidences from 6 to 4? Making arrests?

> What would effective even look like?

Effective Anti-terrorism laws looks identical to effective anti-murder laws, which anti-mass murder legislation is part of. That might still sound too abstract, so let me list a few more concrete methods:

Good psychological health care. Healthy people do not walk into a day care and shoot children.

Justice system that focus on protecting society and rehabilitation, rather than jails focused on punishment. See Norway in healthy reaction to insane mass murderers.

A foreign policy that do not maintain wars indefinitely. Creating peace is never going to be easy when loaded missiles (drones) keeps flying above peoples head everyday. Torture is also a big no-no.

Well funded and staffed police investigators. This is how organized crime (which all terrorist organizations are) gets taken down. Taking down al-Qaeda is not much different from taking down a drug cartel. If anything, the drug cartel is more dangerous, got more guns, got more people, and is more secret.

You don't have to take it 100% literally. If the NSA had made a convincing case that metadata collection actually prevents terrorism, the senators would probably not have made this statement, even if it's technically still true that there is no evidence.

Even if meta data could be useful for stopping murders and rape, it is really worth providing the police and other law enforcement agencies this kind of power over the populace to make this end? Especially, when the number of cases it could stop would likely be small? I don't know about you, but outside of major destructive threats like terrorism, I don't really want the NSA involved.

Right, but the purpose of the brief is to refute the government's expected argument that the program is necessary to catch terrorists.

Wyden & co. are trying to show in each case that the intelligence would have been available by other means.

This is important because it tends to undermine both the government's statutory interpretation argument (that all call records are "relevant" for these investigations) and maybe the 4th amendment argument (if collection of metadata is a search, then search is "reasonable").

> To be clear, they say that there is no evidence that bulk meta data surveillance is useful in catching terrorists.

Which is sophistry. The goal of defense policy is to minimize attacks, not maximize counterattacks. Superior communication intelligence is a powerful deterrent to attacks. No sensible person wants to be the next Osama bin Laden or Dread Pirate Roberts. At this point all that is left is non-sensible attackers like the Shoe Bomber and the Penis Bomber.