The National Security Agency's court-approved authority to access and analyze phone records three "hops" away from a suspected terrorist's phone number has alarmed civil liberties groups like the ACLU, which estimated that just one starting number could yield 2.5 million people's phone records.
Now, new research from Stanford graduate students Jonathan Mayer and Patrick Mutchler suggests that the NSA's dragnet could be bigger -- much bigger.
"Under current FISA Court orders, the NSA may be able to analyze the phone records of a sizable proportion of the United States population with just one seed number," they wrote in a blog post published Monday. "And by the way, there are tens of thousands of qualified seed numbers."
Under the rules approved by the Foreign Intelligence Surveillance Court, the agency's broad-reaching phone metadata collection program can only sift through details on who Americans called and when if the caller is three or fewer degrees of separation, or "hops," from a number suspected of associations with terrorism.
That will yield 2.5 million people's records alone if, as the ACLU assumed, the average person has 40 phone contacts. But Mayer and Mutchler say that between voicemail, spam robocalls and calling services like Skype, many of us are connected by just a small set of phone numbers.
Many phone connections look more like spokes all heading toward a central hub on a wheel, rather than the complex web of interactions we may assume. Millions of people who subscribe to T-Mobile, for example, call into one, central voicemail number. In Mayer and Mutchler's crowdsourced study of volunteer Android phone users, 17.5 percent were connected in just two hops by the T-Mobile voicemail number.
"That’s potentially tens of millions of Americans connected by just two phone hops, solely because of how their carrier happens to configure voicemail," they write. It gets worse when you toss in those annoying automatic spam robocalls.
In the FISA court rulings he has reviewed, Mayer told HuffPost in an email, he has seen little discussion of the implications of his research.
"We can’t expect lawyers to be experts in graph theory, of course," he said.
Mayer and Mutchler have previously used their expertise to show how our metadata -- which the courts have generally ruled is not protected by the Fourth Amendment -- can even be used to show who phone users are dating.
Their research could be limited, Mayer said, by the limited, self-selected nature of the survey, which relies on users signing up for an app. The NSA might also choose on its own to cut popular digits, like the T-Mobile voicemail number, out when linking Americans to suspected terrorist numbers.
"But that is not a legal requirement," Mayer said. "And, for those concerned about the scope of agency authority, voluntary self-restraint offers little reassurance."