Communications metadata is necessary for the delivery of services. But such metadata leaks information about user intent and behavior. Through timing, for example, one can determine whether a Twitter account is a bot, while through packet length, what language is being spoken in an encrypted Voice Over Internet Protocol (VoIP) call. Thus, protecting a user's privacy and security is complicated. By examining multiple different sets of metadata usage, this EAGER seeks to develop a categorization of the types of information that metadata reveals. Applications of the work should lead to the development of better technical and policy protections of user privacy and security. The main contribution of this proposed research is a categorization of the types of uses to which metadata is applied. There are many uses in metadata usage (how is the data collected, is it aggregated with other data, etc.); this categorization will focus on developing clean types of information revealed through metadata capture and use. Such a categorization of metadata usage will have several important applications. Delineating different types of knowledge gained through the use of metadata (e.g., information about the device, information about the user), will simplify providing better technical protections for user privacy and security against such attacks. Furthermore, by categorizing the different ways metadata is used, it will be possible to more easily understand which usages are privacy invasive and which are not, and thus to develop more privacy-protective policies surrounding metadata usage. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
EAGER: Understanding and Categorizing Metadata