Skip to main content

Metadata Collection And Controversy

In What Are Metadata?, I explained that metadata are data that describe or provide information about other data such as social media discussions, email exchanges or online transactions. Now that we have a common appreciation for what metadata are, let's consider how activities that involve metadata collection on a large scale can be sources of controversy.

Your Activities Tell Your Story

Computer applications, mobile devices, and computer systems that are connected to the Internet or support its operation collect metadata that, when aggregated, can account for not only your daily Internet activities but your real life activities and your activities with others as well.

For example, you can see the web pages that you have visited if you look at your web browsing history. You can download a history of your Facebook activities. You can perhaps visit your mobile (cellular) service provider and obtain similar histories of your text messages or your telephone calls. You can use a Gmail feature called Last Account Activity that includes metadata such as the date, time, location and address where you last attempted to fetch your Gmail email.

You can only gain access to a fraction of metadata that is collected about you. For example, web servers, firewalls, mobile or data network switches, and many mobile device apps collect metadata as well, using cookies, event logging, traffic collection, or event reporting to a monitoring or surveillance system. Monitoring or information gathering systems also collect metadata for a variety of purposes from managing or optimizing network performance or troubleshooting service problems to conducting surveillance to combat terrorism or gathering intelligence to investigate cybercrimes.

Now that you understand what metadata are and how or when metadata are collected, ask yourself, "What do these many metadata sources reveals about you, your activities, behaviors or interests, and your locations?" Perhaps as importantly, ask "Who is collecting these metadata, for what purposes, and why are they interested in me? "

The answers to these questions shape privacy, legality, and ethical conversations that continue to incite controversies related to metadata collection.

Causes of Controversy

Metadata collection teems with controversy. Some of the more prevalent and persistent issues relating to metadata collection are:

Is there notice (informed) consent? At issue here is (1) whether a commercial entity notifies an Internet user that it is collecting metadata (such as a cookie) and explicitly requests permission to do so, or (2) whether a government agency has been granted permission by a court or law to collect metadata (here, the law or ruling may not require notice beyond the application of the law).

Is there clarity of use or sharing? At issue here is whether a commercial entity that collects metadata has published a privacy policy or posts a notice that explains why it is collecting metadata, how the metadata shall be used, and whether or not the commercial entity intends to share or sell metadata to others, including scenarios where private companies share collected metadata with government agencies and where law enforcement and intelligence agencies share metadata, intra- or intergovernmentally.

Is there an expressed retention policy? At issue here is how long an entity will store metadata, whether the retention period creates opportunities to use the metadata for different uses over time, and whether the policies or metadata retention laws that applied at the time of collection will remain in force.

Bulk data or warrantless collection. At issue here is whether it is legal for government agencies to collect metadata about its citizens as part of broad surveillance or intelligence gathering activities without warrants or in violation of Constitutional or other citizens' rights.

Is Metadata Collection Unavoidable?

You can find hundreds of articles that advise you on how to avoid personal or metadata collection or live off the grid. However, avoiding metadata collection is decidedly complex or exhausting, and it involves sacrificing the educational, social or business benefits that the Internet has helped to deliver to a scale never previously achieved or even imagined. Rather than seeking to avoid it, perhaps it's worth considering how to effect positive change in legislation or business practices so that metadata collection is beneficial. This, too, may be decidedly complex or exhausting. However, "No endeavor that is worthwhile is simple in prospect; if it is right, it will be simple in retrospect." (Edward Teller).

Comments

    pitaracoupon  00:07 UTC on 02 August 2016

    Great of theme and really you have great collections of metadata collection is decidedly complex or exhausting, and it involves sacrificing the educational, social or business benefits.

    wikivoyance  10:02 UTC on 12 September 2016

    Yes good article but each country with its own laws and it would be nice if everyone armonise

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."