The US has been buying “large” amounts of commercially available data on internet users for the purposes of spying, according to a new government report.
The Office of the Director of National Intelligence (ODNI) on Friday declassified a report from January 2022 that outlines the US government’s approach to using Commercially Available Information (CAI), which can come from data brokers working in the internet ad and analytics industries. The purchased information includes details from users' smartphones and social media accounts. Although the data is usually stripped of personal details, the report notes: “It is often possible (using other CAI) to deanonymize and identify individuals, including US persons.”
The ODNI declassified the report to offer some transparency of the surveillance practice, following years of reports about how US agencies have been buying the information from commercial data brokers. In March, Sen. Ron Wyden (D-Oregon) also asked Director of National Intelligence Avril Haines to offer more transparency around the government purchases.
The commercially bought data can be a major asset for US law enforcement and intel-gathering. The report points out “the government would never have been permitted to compel billions of people to carry location tracking devices on their persons at all times… Yet smartphones, connected cars, web tracking technologies, the Internet of Things, and other innovations have had this effect without government participation.”
The agencies buying the information include the FBI, the Department of Defense, the Defense Intelligence Agency, along with a redacted government group, which might be the CIA. But the report also concedes the same government purchases risk harming US citizens since the acquired data could be exploited to find out someone’s personal details, including their sex life.
“It can be misused to pry into private lives, ruin reputations, and cause emotional distress and threaten the safety of individuals,” the report says. “In the wrong hands, sensitive insights gained through CAI could facilitate blackmail, stalking, harassment, and public shaming.”
Buying the data also risks violating the US Constitution's Fourth Amendment, which protects people from unreasonable searches and seizures by the government. The report itself notes the US government needs to establish probable cause before conducting a search of a user’s private data. “However, the same type of information on millions of Americans is openly for sale to the general public,” it adds.
The declassification of the report prompted Sen. Wyden to call on the US government to rein in the “unchecked” surveillance. “According to this report, the ODNI does not even know which federal intelligence agencies are buying Americans' personal data,” he said in a statement. “If the government can buy its way around Fourth Amendment due-process, there will be few meaningful limits on government surveillance.”
He’s calling for the Congress to pass legislation to install guardrails on the government purchases and to enforce tighter requirements around the data brokers whoc traffic in such data sales. The ODNI also recommends the US catalog the government purchases of commercial data and develop standards around using the information. But it's unclear if the ODNI is embarking on the recommendations. The agency didn’t respond to a request for comment.