According to the U.S. government, the data it purchases “clearly provides intelligence value” but “raises significant privacy and civil liberties concerns.”
Friday, the Office of the Director of National Intelligence (ODNI) declassified and released a report dated January 2022 in response to a request from Oregon Senator Ron Wyden (D) to reveal how the intelligence community employs commercially available data. This data is generated by internet-connected devices and made available for purchase by data aggregators, including phone apps and vehicles that collect precise location data and web browsing data that tracks users as they browse the internet.
The declassified report is the first public disclosure by the U.S. government regarding the risks associated with commercially available data on Americans, which can be purchased by anyone, including adversaries and antagonistic actors. There is no privacy or data protection law in the United States that governs the sharing or sale of Americans’ private information.
“In a way that far fewer Americans seem to understand, and that even fewer of them can avoid, [commercially available information] includes information on nearly every one of a type and level of sensitivity that historically could have been obtained” through other intelligence gathering capabilities, such as search warrants, wiretaps, and surveillance, according to the report.
Following the release of the report, Senator Wyden issued the following statement: “This review demonstrates that the government’s existing policies have failed to provide essential safeguards for Americans’ privacy or oversight of how agencies acquire and use personal data.”
“According to this report, the ODNI does not even know which federal intelligence agencies purchase the personal information of American citizens,” Wyden added.
The report corroborates a slew of media reports indicating that U.S. government agencies purchased enormous datasets on Americans. The Internal Revenue Service purchased access to a massive database containing the location information of millions of American phones in an effort to capture tax cheaters, while Homeland Security used similar data for immigration enforcement.
A court-issued warrant is required for government agencies to obtain Americans’ private data directly from a phone or technology company, such as private communications. In cases where Americans’ information, such as location data, is available for purchase by the general public, however, U.S. intelligence agencies may acquire it. (However, a federal court has not yet examined this theory.)
The ODNI’s report warns that commercially available data can be readily deanonymized to identify individuals, including Americans, despite the fact that this data is typically sold in volume — often millions of data points. Location data, for instance, can be used to infer where people reside and work based on the location of their cell phones and vehicles at specific times.
Commercially available information can also reveal “the detailed movements and associations of individuals and groups, revealing political, religious, travel, and speech activities,” according to the report. For example, commercially available information can be used to “identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.”
“In the wrong hands, sensitive insights gained through [commercially available information] could facilitate blackmail, stalking, harassment, and public shaming,” stated the report. The report noted that in 2021, a Catholic priest was outed using commercially available location data from a homosexual dating app. The priest subsequently resigned. The report also mentions the acquisition and transfer of location information from a Muslim prayer app to the United States military.
Wyden urged Congress to pass legislation to “place restrictions on government purchases, rein in private companies that collect and sell this data, and prevent our adversaries from obtaining the personal information of Americans.”