In What Are Metadata?, I explained that metadata are data that describe or provide information about other data such as social media discussions, email exchanges or online transactions. Now that we have a common appreciation for what metadata are, let's consider how activities that involve metadata collection on a large scale can be sources of controversy.
Your Activities Tell Your Story
Computer applications, mobile devices, and computer systems that are connected to the Internet or support its operation collect metadata that, when aggregated, can account for not only your daily Internet activities but your real life activities and your activities with others as well.
For example, you can see the web pages that you have visited if you look at your web browsing history. You can download a history of your Facebook activities. You can perhaps visit your mobile (cellular) service provider and obtain similar histories of your text messages or your telephone calls. You can use a Gmail feature called Last Account Activity that includes metadata such as the date, time, location and address where you last attempted to fetch your Gmail email.
You can only gain access to a fraction of metadata that is collected about you. For example, web servers, firewalls, mobile or data network switches, and many mobile device apps collect metadata as well, using cookies, event logging, traffic collection, or event reporting to a monitoring or surveillance system. Monitoring or information gathering systems also collect metadata for a variety of purposes from managing or optimizing network performance or troubleshooting service problems to conducting surveillance to combat terrorism or gathering intelligence to investigate cybercrimes.
Now that you understand what metadata are and how or when metadata are collected, ask yourself, "What do these many metadata sources reveals about you, your activities, behaviors or interests, and your locations?" Perhaps as importantly, ask "Who is collecting these metadata, for what purposes, and why are they interested in me? "
The answers to these questions shape privacy, legality, and ethical conversations that continue to incite controversies related to metadata collection.
Causes of Controversy
Metadata collection teems with controversy. Some of the more prevalent and persistent issues relating to metadata collection are:
Is there notice (informed) consent? At issue here is (1) whether a commercial entity notifies an Internet user that it is collecting metadata (such as a cookie) and explicitly requests permission to do so, or (2) whether a government agency has been granted permission by a court or law to collect metadata (here, the law or ruling may not require notice beyond the application of the law).
Is there clarity of use or sharing? At issue here is whether a commercial entity that collects metadata has published a privacy policy or posts a notice that explains why it is collecting metadata, how the metadata shall be used, and whether or not the commercial entity intends to share or sell metadata to others, including scenarios where private companies share collected metadata with government agencies and where law enforcement and intelligence agencies share metadata, intra- or intergovernmentally.
Is there an expressed retention policy? At issue here is how long an entity will store metadata, whether the retention period creates opportunities to use the metadata for different uses over time, and whether the policies or metadata retention laws that applied at the time of collection will remain in force.
Bulk data or warrantless collection. At issue here is whether it is legal for government agencies to collect metadata about its citizens as part of broad surveillance or intelligence gathering activities without warrants or in violation of Constitutional or other citizens' rights.
Is Metadata Collection Unavoidable?
You can find hundreds of articles that advise you on how to avoid personal or metadata collection or live off the grid. However, avoiding metadata collection is decidedly complex or exhausting, and it involves sacrificing the educational, social or business benefits that the Internet has helped to deliver to a scale never previously achieved or even imagined. Rather than seeking to avoid it, perhaps it's worth considering how to effect positive change in legislation or business practices so that metadata collection is beneficial. This, too, may be decidedly complex or exhausting. However, "No endeavor that is worthwhile is simple in prospect; if it is right, it will be simple in retrospect." (Edward Teller).