Admits Potential for Abuse of Government Spying into Americans’ Politics, Religion, and Sex Lives
For years, PPSA has warned about the vast amounts of sensitive personal information about our private lives that are scraped from our apps and sold by third-party data brokers to government intelligence and law enforcement agencies. Now we have telling details from the inside.
On Friday, the Office of the Director of National Intelligence released a declassified report from a senior advisory group that sheds new light on the dangers posed by Commercially Available Information (CAI). Unlike most government documents, this report is remarkably self-aware and willing to explore the dangers of this policy in plain language.
This panel details all the many sorts of data that the government collects about us from commercial sources.
One data broker with the exceptionally creepy name of PeekYou brags that it “collects and combines scattered content from social sites, news sources, homepages, and blog platforms to present comprehensive online identities.”
The panel is forthright about how this data can be used to “facilitate blackmail, stalking, harassment, and public shaming.” It is not difficult, the report notes, for deanonymized information (which exposes a person’s identity) sold by data brokers to be combined or used with other data “to reverse engineer identities or deanonymize various forms of information.”
The authors of this report recognize how dangerous it is for the intelligence community to have this much commercially available information on its citizenry at its fingertips.
“The government would never have been permitted to compel billions of people to carry location tracking devices on their persons at all times, to log and track most of their social interactions, or to keep flawless records of all their reading habits. Yet smartphones, connected cars, web tracking technologies, the Internet of Things, and other innovations have had their effect without government participation. While the IC cannot willingly blind itself to this information, it must appreciate how unfettered access to CAI increases its power in ways that may exceed our constitutional traditions or other societal expectations.”
The authors note that “CAI could be used, for example, to identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.” And the danger to the American people is not just from our government: this report warns of “intelligence benefits to our adversaries,” allowing foreign agencies to use open-source intelligence and AI to disinform and influence the public.
It cites a chilling factoid from a Duke University report that of the 10 major data brokers, three advertise an ability to provide data to identify U.S. military personnel.
The ODNI report quotes the Duke study that foreign actors could use CAI “to bolster their influence campaigns to interfere in U.S. electoral processes. Criminal organizations could use this data to build profiles on and subsequently target prosecutors and judges. Foreign intelligence organizations could acquire this data through a variety of means – including through front companies that could legally purchase the data from U.S. brokers and through simply hacking a data broker and stealing it all – to build profiles on politicians, media figures, diplomats, civil servants, and even suspected or secretly identified intelligence operatives.”
The authors recognize a danger for U.S. agencies, that “mission creep” can “subject CAI collected for one purpose to other purposes that might raise risks beyond those originally calculated.” It raises the question of the government’s obligation to respect the Fourth Amendment in accessing technologies that track our movements. It highlights the principles set out in a Supreme Court opinion that requires a warrant for certain kinds of cellsite location data.
Yet the report notes that the Defense Intelligence Agency nevertheless provides funding to “another agency” for it to purchase commercially available geolocation data aggregated from smartphones. The author admits it is unclear whether this data is for U.S. locations or foreign ones. The report says that agencies rely on a facial recognition company, Clear, not only to “resolve identities,” but also to locate people.
The authors challenge the bland assertions of federal agencies that Commercially Acquired Information, CAI, is the same as Publicly Available Information, PAI.
“In our view, profound changes in the scope and sensitivity of CAI have overtaken traditional understandings, at least as a matter of policy. Today’s publicly available CAI is very different in degree and in kind from traditional PAI.”
The authors refer to Riley v. California, a Supreme Court case that required a warrant before police could access information in a suspect’s cellphone. The report quotes the Court that asserting that modern CAI is materially indistinguishable from traditional PAI “is like saying a ride on horseback is materially indistinguishable from a flight to the moon.”
Having defined the problems, the authors of this report advance possible solutions. They propose internal processes that could minimize the dangers of mass collection of our private information, changes in how information is cataloged, developing standards and procedures, heightening approvals for information in “sensitive” categories, the creation of additional mitigation measures, and developing more “precise sensitivity and privacy-protecting guidance for PAI.”
The authors of this report should be commended for their frankness. Their solution, however, would merely replicate the failed approach of the FBI in its repeated attempts to reform the processes used to extract Americans’ personal information from Section 702 of the Foreign Intelligence Surveillance Act.
In both instances, the answer to these dilemmas is the Fourth Amendment’s probable cause warrant, an 18th century solution for these 21st century dilemmas.