Government agencies including the FBI, DHS and NSA have their tentacles deep into US society and have amassed huge caches’ of “sensitive and intimate” data on citizens by “flouting the law” according to privacy advocates.
The startling overreach into citizens’ lives was flagged in a report to the Director of National Intelligence Avril Haines which has only just been declassified.
It highlights how a loophole allows intelligence agencies to buy huge troves of data, enabling them to effectively track the phones and locations of millions of Americans without a warrant.
The report notes if agencies pay for the information it is considered “publicly available” whereas if the government were to demand to access the location of a cell phone, that would be classified as a search under the Fourth Amendment and require a judge’s sign-off.
“This report reveals what we feared most,” Sean Vitka, a policy attorney at the nonprofit Demand Progress, told Wired.com
“Intelligence agencies are flouting the law and buying information about Americans that Congress and the Supreme Court have made clear the government should not have.”
The panel of advisers who compiled the report for the Office of the Director of National Intelligence [ODNI] said a vast amount of what the government calls “publicly available information” actually poses a significant threat to the public.
They warn outdated policies confuse information which is for sale with being publicly available. The add the huge datasets for purchase today are “more revealing, available on more people, less possible to avoid, and less well understood” than previously.
They also note the same data can also be purchased by other companies which means it can potentially be exploited.
The panel also noted datasets are often sold as having been “anonymized” – having the identifying information of individuals stripped from it. This is often done by giving only a sex, age and location of a person rather than overt data such as names or phone numbers.
However, the report to the ODNI noted how it is relatively easy to “to de-anonymize and identify individuals,” especially if a number of data points are cross referenced, giving an example of how it could be possible to identify a group of people who attended a protest “based on their smartphone location or ad-tracking records.”
In March FBI director Christopher Wray admitted his agency had purchased cellphone geolocation data, but said its practices had since changed and the bureau now has to go through a “court-authorized process” to get such data.
The brokers who sell mass amounts of data are companies unfamiliar to most people such as Safegraph and Gravy Analytics who do not typically reveal where their data comes from.
However, as part of the contract to install and use many everyday cellphones apps – including navigation, weather, gaming and social media apps – the user agrees to allow their data, including location data, to be sold on.
Electronic Frontier Foundation Senior Staff Attorney Adam Schwartz told tech site Ars Technica in March: “US government agencies must not be allowed to … [buy] private information from data brokers who collect information about the precise movements of hundreds of millions of people without their knowledge or meaningful consent.
“This extremely sensitive information can reveal where we live and work, who we associate with, and where we worship, protest, and seek medical care.”
Unlike most countries in Europe and other developed nations the US has no federal privacy law and most citizens remain unaware of what data they are giving away on a daily basis and to who.
Haines previously said the ODNI report which was prepared for her office should be made public.
In it her advisers also issue a stark warning about how if the same data the government is buying ends up in the wrong hands it could easily be used to “facilitate blackmail, stalking, harassment, and public shaming” against people.