It’s about time for another Black Hat/DEFCON season, and I am going over my notes from last year. One of the most remarkable things in last year’s BH was the keynote speech by General Alexander, head of the NSA. This was right on the heels of revelations by Edward Snowden that the US government was basically listening to, watching, reading and analyzing EVERYTHING. In fact it looked like this was the primary function of the government, an effort so huge that it needed to be outsourced to primary and secondary contractors, housed in the biggest data center ever imagined and came along with a whole new vocabulary.

That is how the general looked to me from the middle of the hotel ballroom. I have to say that it was a very hostile audience, and that the general handled himself with dignity and grace. No matter what you think of the guy, he was unshakeable in his message and kept his cool despite the entire situation.

The general told us that the NSA didn’t actually capture the content of the phone calls, but only captured the METADATA. That’s the main word we will discuss today. In the general’s explanation, metadata consisted of the record that a call was made to a known bad guy from a certain phone, at a certain time. So that if a pattern could be analyzed that the phone number here in the USA was implicated by reason of connecting with other known bad guys, that the phone number here must be being used by a bad guy. This analysis could then be handed over to other authorities to apprehend or prosecute the US based bad guy. That’s metadata, (an analysis of the relation of one piece of information to other known pieces of information, and the pattern that is revealed) Now this is not the only kind of metadata the world will see. We now live in a world where there is something called BIG DATA. Big data assumes that if a large enough body of data can be collected about a person, or a group of people, or a company, or a country, or any other collection of people, that that data will produce a deep and revealing analysis about any aspect of that person or group of persons. (eye color, voting habits, preference in automobiles, browsing habits, etc.)

So let’s assume, just for the sake of argument, that YOU are the subject of such an analysis. Where would the data come from? From FaceBook, and other social media, from GOOGLE, and other search engines, from the discount card you use at the pharmacy or at the grocery store, from the three credit reporting agencies, from the location records provided from your own cell phone, from an analysis of the number and type of words used in your emails and texts (called case based reasoning, and very much a metadata kind of thing) and so on. There is an ocean of data about you, a galaxy of it.

And an analysis of this data would reveal EXACTLY who and what you are. That is METADATA in action.

PAY CLOSE ATTENTION

I have been saying for a while that Google knows more about you than your analyst. Well, some of you do not have analysts. This article (click HERE to read it) says they know more about you than does your own spouse.

And I am telling you this right now. This thing you are thinking the government is doing. It’s not just the NSA. Other countries can do it. Advertisers already do it. Political factions can do it. Criminals can do it. This trend will only continue, in fact, to quote Al Jolson, “You ain’t seen nothing yet.”

Persevere,

David Perry

Huntington Beach, CA