The U.S. Is Openly Stockpiling Dirt on All Its Citizens Thanks to Commercial Data Brokers ⇥ wired.com

The U.S. Office of the Director of National Intelligence:

As part of our ongoing transparency efforts to enhance public understanding of the Intelligence Community’s (IC) work and to provide insights on national security issues, ODNI today is releasing this declassified IC report dated January 2022.

This report (PDF) was released Friday and, while its (redacted) authors admit the use of what they call “commercially available information”¹ purchased from brokers can be useful in investigations, the tone is occasionally scathing.

Dell Cameron, Wired:

Perhaps most controversially, the report states that the government believes that it can “persistently” track the phones of “millions of Americans” without a warrant so long as it pays for the information. Were the government to simply demand access to a device’s location instead, it would be considered a Fourth Amendment “search” and would require a judge’s signoff. Because the same companies are willing to sell the information — not only to the US government but to other companies as well — the government considers it “publicly available” and therefore “can purchase it.”

It is no secret, the report adds, that it is often trivial “to deanonymize and identify individuals” from data that was packaged as ethically fine for commercial use because it had been “anonymized” first. Such data may be useful, it says, to “identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.” Such civil liberties concerns are prime examples of how “large quantities of nominally ‘public’ information can result in sensitive aggregations.” What’s more, information collected for one purpose “may be reused for other purposes,” which may “raise risks beyond those originally calculated,” an effect called “mission creep.”

While relationships between data brokers and intelligence agencies are not new, the report’s authors acknowledge an increase in the “volume and sensitivity” of this information in “recent years” presents an opportunity for “substantial harm, embarrassment, and inconvenience”. Its use represents one of the most significant changes in surveillance since the whistleblower disclosures of ten years ago.

But, while the DNI trumpets its “ongoing transparency efforts” in releasing this report, it would be surprising if anything immediately came of it. Contrary to popular belief, nihilism is not the default position for most people. In surveys in Canada and the United States, people have indicated they care deeply about their privacy — even online. Regulations have been slowly taking effect around the world which more accurately reflect these views. But there remains little national control in the U.S. over the collection and use of private data, either commercially or by law enforcement and intelligence agencies; and, because of the U.S.’ central location in the way many of us use the internet, it represents the biggest privacy risk. Even state-level policies — like California’s data broker law — are ineffectual because the onus continues to be placed on individual users to find and remove themselves from brokers’ collections, which is impractical at best.