• Privacy at risk



    YOU walk into a photo printing services shop to have some pictures in your thumb drive printed. The service staff asks what paper size you wish to have your pictures printed on, the texture – matte or glossy, and if you want the prints to have borders. So, you specify a 5-R print, glossy, and with borders. What you gave the service staff is simply a description of the print.

    The pictures stored in your thumb drive have attributes, too: file name, file type, size in bytes, and the date and time of creation, modification, or last access. These attributes are collectively called metadata.

    There is more. The photo metadata may also include the date and time the picture was taken, the brand and model of the camera used, the camera settings, the dimensions in pixels, location in storage, and more. The date and time stamp when the picture was taken is different from the date and time stamp when it was created. When it was created may refer to when a copy of the photo was generated.

    And, get this, a picture can reveal where it was taken. If the GPS functionality of the electronic device used was enabled at the time when the picture was taken, the GPS coordinates will be recorded as well. Anybody who checks this photo attribute will know where you were. Personal privacy broken!

    It’s not only digital photos that have metadata. All digital files have metadata.

    Some attributes of a digital document are: document name, the software used, the document size in bytes, the number of lines, the date and time stamp showing when it was first created, last modified, or last accessed, and the location in storage.

    And, there is more. The editing metadata, if recorded, could also include the changes and editing done on the document. An in depth analysis of this type of metadata can reveal, to a certain extent, an individual’s thinking process. Personal privacy broken!

    When surfing the virtual world, internet users leave what is called digital footprint, digital track, digital dust, or digital breadcrumbs. Every user of cyberspace leaves behind digital footprints that could lead back to a location you had made some posts, uploaded photos, or was simply browsing the internet. A digital investigator worth his salt will be able to track where you have been in the virtual world. The digital investigator may be able to inspect your social media posts, be it a photo, a comment, or even your shares and likes.

    Even if you made an innocent search on how to make an improvised explosive device, the moment you go to such a site, you leave behind you a digital footprint.

    A device seized as evidence by law enforcement authorities from a suspect could also reveal a lot about the suspect. The files stored in the device could provide clues. Throw into the digital evidence lot the cookies which are recorded when browsing websites as well as the user’s browsing history.

    The device used to connect to the telecom infrastructure could reveal a lot as well. The telecom companies keep, although temporarily, a record of a person’s communication activities – sending a text message, making phone calls, and/or connecting to the Internet. The statement of account generated by the telecoms provider reveals locations where a user initiated a call, the phone number and location of the recipient of the phone call, and the date and time the call started and ended. Personal privacy broken!

    In some jurisdictions, digital file attributes, digital footprint, cookies, browsing history, and telecom records are lumped together under the term metadata.

    Remember the ComeLeak incident? How did the National Bureau of Investigation track down and identify Paul Biteng who is alleged to have defaced the Commission on Elections website?

    Information and Communications Technology Secretary Rodolfo A. Salalima announced at a press briefing last June 13, 2017, that the military had identified at least 60 Facebook pages where seditious content have been posted. The military had requested assistance to have these pages taken down. It was in the same press briefing that Secretary Salalima announced the impending arrest of an individual they had identified. How did the DICT zero in on the individual, yet unnamed?

    By way of metadata!

    Metadata serves a special purpose: discovery and identification. Metadata reveals where an individual has been and what he has been up to. Metadata, put together, reveals the identity of an individual. For law enforcement authorities, metadata is a valuable source of leads in a cybercrime investigation. Metadata can help digital forensic investigators in their case build-up.

    For social networks and online marketers, metadata provides behavioral indicators which they process in order to tailor information feeds to the netizen.

    For privacy advocates, metadata is a window into the privacy of an individual. As earlier pointed out, GPS coordinates in a photo reveals where the photo owner was when the picture was taken, document editing metadata can reveal to a certain degree the thought process that the subject individual went through in the preparation of a document, and phone records reveal an individual’s communication and net surfing activities. In the internet of things, metadata becomes a giant view window.

    While the Data Privacy Act protects personally identifiable information and sensitive personal information and there is a constitutionally guaranteed protection of the content of communication, there appears to be no law that regulates the collection, use, and processing of metadata. Privacy is at great risk!


    Please follow our commenting guidelines.

    Comments are closed.