Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is bulk metadata useful against diplomats or for industrial espionage?

For those you prefer content and don't care so much about the metadata.

The UK has recently had debates about the collection of bulk metadata. Imagine our surprise when GCHQ was slurping it all along. They say that they're a secret organisation and that their collections can't be used for domestic law enforcement, and that this debate was actually about allowing law enforcement to collect metadata.

I would prefer GCHQ to not be slurping this data, but I don't see it as being particularly harmful to me. But extending that out to the general law enforcement agencies, or wider to local government officials etc, is terrifying. GCHQ employees are reasonably well trained in secrecy and privacy and the risk of information being misused is low[1], but we've seen plenty of abuses of personal data by police forces (selling information to news papers, and so on) and local councils (spying on people applying for parking permits or for entry to certain schools) and so it's a bit scary letting them get hold of any more data than they strictly need, especially if there's no judge involved.



> How is bulk metadata useful against diplomats or for industrial espionage?

Because there is no meaningful distinction between metadata and data. Its a deception when agencies claims that metadata somehow is harmlessness.

How is bulk metadata useful against diplomats? To know who they talk to, when, and from where. Did that diplomat spend hours or minutes discussing our offer? Did that diplomat just call back to his superiors when at the same time pretending to not care about this information we "slipped"? Did that diplomat just do a call at 1 am from a cheap motel known for their hookers?

How is bulk metadata useful against industrial espionage? Did they spend minutes or hours discussing the deal we just offered them? Company A just offered to become the remote branch in China, so why is company B calling someone located in China? Are they looking at competing offers? Who, where and in what capacity does Company B has research labs/production sites? Why is that negotiator calling from that "infamous" cheap motel? Does the wife/husband know this? And if I map out each call from the CEO, I should get all the detailed and private HR information I need. When I asked them, they pretend that its a company secret...

Metadata: The information you use to infer the data you don't yet have.


Metadata: The information that helps you decide to target for deeper collection the comms of someone you were previously unaware of. Diplomat X talks to Y a lot, so we better track Y more closely.


You seem to go easy on GCHQ. I don't understand why you give the most trust to the most secret and unchecked agency out of all those mentioned.

Even if you trust GCHQ, how about their partners from other countries who have access to our data GCHQ kindly collected?


I do go easy on GCHQ. While I think that they should stop slurping all data (including metadata) and that oversight needs to be much much stronger, I am less concerned about abuses by GCHQ than I am about abuses by other agencies; and I am less concerned about the consequences to me of GCHQ actions than the actions of other agencies.

A bunch of people collect data.

Some of those people do stuff with that data, and that stuff will have consequences for me.

At the moment it feels like GCHQ has a big store of my data. Maybe they even grep the data for my name. But the consequences to me are better quality research on data-mining (because they sponsor some university research) and a diversion of my tax money to stuff I don't want to fund. (With a bit of industrial espionage, I guess, as shown by the old EU parliament report on ECHELON).

Looking at other abuses of data collection: I don't like the way the UK police are building a massive DNA database. I feel like that carries much more risk of harm to society, and to me, than GCHQ slurping data. An idea DNA database for law enforcement would include everyone who has ever committed a crime, and no-one else. But the UK database includes anyone who has ever been arrested. It doesn't matter if they go to trial and are found not guilty, or if they don't even go to trial. It also includes people who volunteer to be DNA sampled. (EG, in prominent sex attack cases the local population sometimes volunteer to "rule themselves out". It's bizarre.)

The criminal records database is also worrying. Obviously we need it, but there have been plenty of examples of corrupt police officers selling information to the press. It's easy to imagine them selling information to ex-colleagues, or them mis-using the databse for personal use. (Even with the protections in place.)

Local councils have weird powers to spy on subjects. They use these powers to ensure that people applying for a parking permit actually live in that area, and are not just applying for the permit to sell on to other people. Or they use the powers to spy on parents applying to a school, to ensure the parents live in the catchment area. My local council has a bunch of employees who are abusive, nasty, idiots. "Little Hitlers", "Jobsworths", etc. Again, there are plenty of examples of corruption in local government.

With all of those people there are opportunities for the misuse of data and for corruption. And they actually have an affect upon my life - credit ratings are wrong or I get harassed everytime I drive my car or I get refused something that rightfully I'm allowed or whatnot. These everyday abuses that actually happen are more important to me than the theoretical risk of totalitarian government.


In both diplomatic and business negotiations, knowing with whom your adversary is talking and when seems very useful to me.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: