This article explores the ways in which WhatsApp is underselling the true estimation of the significance of Metadata.
To reinstall trust in its users, WhatsApp released a clarification stating that the new policy update doesn’t compromise privacy of messages with friends and family. Furthermore, it explains that the update includes changes related to WhatsApp business accounts are optional too.
However, owing to severe backlash, WhatsApp has pushed the deadline to May 15 while they further clarify their policy updates.
By using WhatsApp, you may now be sharing your usage data, your phone’s unique identifier, your location when the location service is enabled, among several other types of metadata. A culmination of all your metadata is linked to your identity.
The value of metadata has been underestimated since the term isn’t clearly understood. Metadata is data about our data. For instance, in a cell phone conversation, the conversation itself isn’t metadata but everything except that is metadata. Data regarding who you called, how long you spoke for, where you were when you placed the call, where the other person on the line was and the time you placed the call. Consider a situation when every time you made a call to someone, you had to inform a particular person about who you called, how long you spoke for, when and where and all other details except the content spoken. This applies for every single call and everyone else’s metadata is also being recorded. The person owning the metadata can analyze and tell a lot about your personal life. Who you work with, who you spend time with, who you are close to, where you are at particular times and so on…
Kurt Opsahl, in his post in the Electronic Frontier Foundation, gives an example of how companies and governments collect intimate details about your life with the disguised use of the word called metadata. The following examples are an excerpt of his article:
“They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. They know that you called suicide prevention hotline from the Golden Gate Bridge.
They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour.
They know you called a gynaecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day. But nobody knows what you spoke about.”
Metadata provides more than required context to know some of the most intimate and personal details of your lives. When this data is correlated with the records of other phone calls, one can easily obtain a lot more data and track our daily routines. This is merely about phone calls. WhatsApp includes a lot more features and will collect metadata of chats, businesses and money transactions.
In WhatsApp’s words:
“We collect service-related, diagnostic, and performance information. This includes information about your activity (such as how you use our Services, how you interact with others using our Services, and the like), log files, and diagnostic, crash, website, and performance logs and reports.”
In addition to this, WhatsApp also collects information about IP address, OS, browser information and phone number.
Stanford’s computer scientists conducted an analysis to understand the extent of intrusion of privacy using metadata. The scientists built an app for smartphones. The app was developed to retrieve metadata of calls and text messages from more than 800 volunteers’ phone logs. The researchers received records of more than 250,000 calls and 1.2 million texts. Their inexpensive analysis revealed personal details of several people like their health records. Researchers were also able to learn that one of their participants owned an AR semi-automatic rifle with only metadata.
Gen. Michael Hayden, the former head of the National Security Agency once stated that “the U.S. government kill[s] people based on metadata.”
In 2016, Facebook was involved in the infamous data privacy scandal which centered around collection of personal data of over 87 million people by Cambridge Analytica, a political consulting and strategic analyst firm. The organization harvested user data for targeted advertising, particularly political advertising during the 2016 U.S. election. While the central offender was Cambridge Analytica, the apparent indifference for data privacy to Facebook facilitated Cambridge Analytical and several other organizations.
In June 2018, Facebook confirmed that it was sharing data with at least 4 Chinese companies, Huawei, Oppo, Lenovo and TCL. Facebook was under scrutiny from the U.S. intelligence agencies on security issues as they claimed that the data with the Chinese telecommunication companies would provide an opportunity for a foreign espionage.
In September 2019, there were reports that the Indian government contemplated making it mandatory for companies like Google, Facebook, and Amazon, to share the public data of users.
The Ministry of Electronics and IT (MeitY) was planning on issuing new guidelines under the Information Technology Act which according to which tech giants would have been required to share freely available data or the public information that they collate in the course of their operations, including traffic, buying and illness patterns.