The Congressional debate over the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) has mostly centered around the outrage of federal agencies using an authority meant for the surveillance of foreigners on foreign soil to warrantlessly collect the communications of hundreds of thousands of Americans every year.
But the Section 702 debate highlights an even greater outrage that needs to be addressed – the routine practice by federal agencies to purchase and access the private data of Americans scraped from our apps and devices without a warrant.
While federal data purchases are not part of Section 702, history suggests that any reforms made to Section 702 to curtail the surveillance on Americans in the pool of “incidentally” collected communications will be futile if we don’t close this other loophole. Our data, freely collected and reviewed at will by the government, can be more personal than a diary – detailing our medical concerns, romantic lives, our daily movements, whom we associate with, our politics and religious beliefs.
The Wall Street Journal shined a much-needed light on this practice. It reported on the relationship between U.S. government agencies and the shadowy world of data-broker middlemen who peddle our most sensitive personal information. The Journal reported that India-based Near Intelligence has been “surreptitiously obtaining data from numerous advertising exchanges” and selling this data to the NSA, Joint Special Operations Command, the Department of Defense, and U.S. Air Force Cyber Ops.
The Journal accessed a memo from Jay Angelo, Near Intelligence general counsel and chief privacy officer, to CEO Anil Mathews about three privacy problems.
First, Angelo wrote that Near Intelligence sells “geolocation data for which we do not have consent to do so.”
Second, he wrote the company sells or shares “device ID data for which we do not have consent to do so.”
And, finally, Angelo wrote, the company violates the privacy laws of Europe by selling Europeans’ data outside of Europe. Customers include agencies of the U.S. federal government, which “gets our illegal EU data twice per day.” It is unclear the extent to which this company sells Americans’ data, though it seems likely that the privacy of Americans is implicated given that the company boasts of having access to data from a billion devices.
Near Intelligence is just one actor in this shadowy world of merchants of personal data. Congress should require government agencies to obtain a probable cause warrant to examine the private data of Americans, whether collected under Section 702 or through data purchases.