US defense and intelligence services are buying troves of data about Americans on the open...

AppleInsider

US intelligence and defense organizations are perhaps operating outside mandates to spy on American citizens by buying a wealth of personal data harvested from smartphones through brokers, and a senator wants the practice stopped.

The U.S. government is a key customer of data brokers

Senator Ron Wyden says in a letter that, thanks to a "legal gray area," US intelligence and the Department of Defense can purchase bulk data about U.S. citizens without their consent. He wants the practice stopped, and the data deleted.

Typically, if a government security agency wants to obtain data about a user's internet activity, they would need to petition developers and internet service providers with a warrant. However, they can avoid issuing warrants by purchasing data from data brokers.

When Senator Wyden asked the Department of Defense to disclose if it also purchased data from brokers, the DOD argued that buying commercially available information (CAI) is legal for the Intelligence Community (IC) do, purely because anyone can.

"I am not aware of any requirement in U.S. law or judicial opinion... that DoD obtain a court order in order to acquire, access, or use information, such as CAI, that is equally available for purchase to foreign adversaries, U.S. companies, and private persons as it is to the U.S. Government," Under Secretary of Defense for Intelligence & Security Ronald S. Moultrie pens in response to Senator Wyden's concerns.

However, Senator Wyden points out that may not be entirely true. As it turns out, the Federal Trade Commission (FTC) took action against a data brokerage company, X Mode Social, in early January. In that case, the FTC argued that the collection and resale of data to the IC is unlawful as it was not obtained through informed consent.

As Senator Wyden notes, the data that the government obtains can be particularly sensitive. It could easily show personally identifiable information such as a person's sexual or gender identity and religious practices. It also can reveal information about an individual's medical history.

"Such records can identify Americans who are seeking help from a suicide hotline or a hotline for survivors of sexual assault or domestic abuse, a visit to a telehealth provider focusing on specific healthcare need, such as those prescribing and delivering abortion pills by mail, or reveal that someone likely suffers from a gambling addiction," Senator Wyden writes.

The FTC argues that it isn't enough for consumers to consent to websites and apps collecting their data. They should also be informed and consent to their data being sold to "government contractors for national security purposes."

Senator Wyden asks the US Director of National Intelligence to ensure that government security agencies audit the data collected, determine what data was obtained illegally, and purge the data as soon as possible.

This isn't the first we've heard of U.S. agencies buying data from data brokers. In October, the Department of Homeland Security confirmed it bought harvested data and used it track and ultimately detain immigrants.



Read on AppleInsider

13485

I'm not in favor of data harvesting by government agencies or commercial entities, but if the information they are referencing is already out there (commercially available), whether damaging or innocuous, those horses have been loose for many decades and aren't going back into the barn.

How the information may have been initially collected, or why one may have provided it to be used commercially (informed consent?) is more deserving of investigation.

wood1208

I am sure they have good reason/intention finding terrorists hidden in our community pretending like good American citizen but planning for future terrorists attack. Prevention is better than cure.

ilarynx

wood1208 said:

I am sure they have good reason/intention finding terrorists hidden in our community pretending like good American citizen but planning for future terrorists attack. Prevention is better than cure.

Not a student of American history, it would seem.
From MLK to John Lennon to countless others, spying on and subverting individuals simply for exercising their rights to speak out and protest has ALWAYS been conducted under the guise of "national security". Invoking said "prevention" is too frequently used as a political tool to protect those in power, rather than protecting the public at large. As such, prevention is not better than the cure, particularly when claimed "prevention" subverts the Constitution. 
https://www.amazon.com/Gimme-Some-Truth-Lennon-Files/dp/0520222466

Xed

wood1208 said:

I am sure they have good reason/intention finding terrorists hidden in our community pretending like good American citizen but planning for future terrorists attack. Prevention is better than cure.

I'm always wary of these good intentions. The problem is when bad actors in the government use this info in a way that is harmful to our democracy, like if a fascist wannabe dictator and his cronies get back into office they may be able to use this info to hurt any and all pro-Democracy American citizens... for example.

MplsP

13485 said:

I'm not in favor of data harvesting by government agencies or commercial entities, but if the information they are referencing is already out there (commercially available), whether damaging or innocuous, those horses have been loose for many decades and aren't going back into the barn.

How the information may have been initially collected, or why one may have provided it to be used commercially (informed consent?) is more deserving of investigation.

Agreed - if the information is commercially available as stated then how can it be classified as spying or illegal. One may take issue with the fact that the information is commercially available but that’s a separate question/issue.

anonymouse

I said years ago on these forums that this is why no one in government is eager to stop Google, et al. from their privacy invading, freedom eroding, commercial surveillance — it allows the the spy agencies and law enforcement to easily and legally acquire data that they are prohibited from collecting themselves. It's time to close the loophole and shut down the surveillance economy.

No company should be allowed to harvest, collect and store this sort of data on anyone because it's too easily abused. No government should be allowed to get from them what they aren't legally allowed to collect themselves, because that in itself is an abuse. The more our privacy is allowed to be abused by corporate and government interests, the less freedom we have because privacy is a necessary condition for freedom.

chasm

For those of you who clearly didn’t read the entire article … the FTC has already proposed a reasonable solution, which is that users should also be made aware and consent to collected data being used by government contractors for national security purposes.

The US could also go back to the old standard, which was that any personal data obtained via third parties required a warrant issued by a judge, and not just a chequebook.

Frankly there should also be a LOT more regulation of data brokers. As Sen Wyden pointed out, there’s lots of info being purchased that has no relevance to potential criminal investigations. At the very least, any purchased data should never be made admissible in court.