Numerous government agencies, including the FBI, Department of Defense, National Security Agency, Treasury Department, Defense Intelligence Agency, Navy and Coast Guard, have purchased vast amounts of U.S. residents’ personal information from business data brokers. The revelation was published in a partially declassified, internal Office of the Director of National Intelligence report released on June 9, 2023.

The report shows the breathtaking scale and invasive nature of the buyer data market and the way that market directly enables wholesale surveillance of individuals. The data includes not only where you’ve been and who you’re connected to, but the character of your beliefs and predictions about what you would possibly do in the longer term. The report underscores the grave risks the acquisition of this data poses, and urges the intelligence community to adopt internal guidelines to handle these problems.

As a privacy, electronic surveillance and technology law attorney, researcher and law professor, I actually have spent years researching, writing and advising in regards to the legal issues the report highlights.

These issues are increasingly urgent. Today’s commercially available information, coupled with the now-ubiquitous decision-making artificial intelligence and generative AI like ChatGPT, significantly increases the threat to privacy and civil liberties by giving the federal government access to sensitive personal information beyond even what it could collect through court-authorized surveillance.

What is commercially available information?

The drafters of the report take the position that commercially available information is a subset of publicly available information. The distinction between the 2 is critical from a legal perspective. Publicly available information is information that’s already in the general public domain. You could find it by doing a bit of online searching.

Commercially available information is different. It is personal information collected from a dizzying array of sources by business data brokers that aggregate and analyze it, then make it available for purchase by others, including governments. Some of that information is private, confidential or otherwise legally protected.

The business data market collects and packages vast amounts of information and sells it for various business, private and government uses.
Government Accounting Office

The sources and kinds of data for commercially available information are mind-bogglingly vast. They include public records and other publicly available information. But much more information comes from the nearly ubiquitous internet-connected devices in people’s lives, like cellphones, smart home systems, cars and fitness trackers. These all harness data from sophisticated, embedded sensors, cameras and microphones. Sources also include data from apps, online activity, texts and emails, and even health care provider web sites.

Types of data include location, gender and sexual orientation, religious and political beliefs and affiliations, weight and blood pressure, speech patterns, emotional states, behavioral details about myriad activities, shopping patterns and family and friends.

This data provides corporations and governments a window into the “Internet of Behaviors,” a mixture of information collection and evaluation aimed toward understanding and predicting people’s behavior. It pulls together a wide selection of information, including location and activities, and uses scientific and technological approaches, including psychology and machine learning, to research that data. The Internet of Behaviors provides a map of what everybody has done, is doing and is anticipated to do, and provides a means to influence an individual’s behavior.

Smart homes could possibly be good in your wallet and good for the environment, but really bad in your privacy.

Better, cheaper and unrestricted

The wealthy depths of commercially available information, analyzed with powerful AI, provide unprecedented power, intelligence and investigative insights. The information is a cheap option to surveil virtually everyone, plus it provides much more sophisticated data than traditional electronic surveillance tools or methods like wiretapping and site tracking.

Government use of electronic surveillance tools is extensively regulated by federal and state laws. The U.S. Supreme Court has ruled that the Constitution’s Fourth Amendment, which prohibits unreasonable searches and seizures, requires a warrant for a wide selection of digital searches. These include wiretapping or intercepting an individual’s calls, texts or emails; using GPS or cellular location information to trace an individual; or searching an individual’s cellphone.

Complying with these laws takes money and time, plus electronic surveillance law restricts what, when and the way data may be collected. Commercially available information is cheaper to acquire, provides far richer data and evaluation, and is subject to little oversight or restriction in comparison with when the identical data is collected directly by the federal government.

The threats

Technology and the burgeoning volume of commercially available information allow various types of the data to be combined and analyzed in latest ways to know all points of your life, including preferences and desires.

How the gathering, aggregation and sale of your data violates your privacy.

The Office of the Director of National Intelligence report warns that the increasing volume and widespread availability of commercially available information poses “significant threats to privacy and civil liberties.” It increases the facility of the federal government to surveil its residents outside the bounds of law, and it opens the door to the federal government using that data in potentially illegal ways. This could include using location data obtained via commercially available information somewhat than a warrant to research and prosecute someone for abortion.

The report also captures each how widespread government purchases of commercially available information are and the way haphazard government practices around the usage of the data are. The purchases are so pervasive and agencies’ practices so poorly documented that the Office of the Director of National Intelligence cannot even fully determine how much and what kinds of information agencies are purchasing, and what the assorted agencies are doing with the info.

Is it legal?

The query of whether it’s legal for presidency agencies to buy commercially available information is complicated by the array of sources and sophisticated mix of information it comprises.

There isn’t any legal prohibition on the federal government collecting information already disclosed to the general public or otherwise publicly available. But the nonpublic information listed within the declassified report includes data that U.S. law typically protects. The nonpublic information’s mix of personal, sensitive, confidential or otherwise lawfully protected data makes collection a legal gray area.

Despite many years of increasingly sophisticated and invasive business data aggregation, Congress has not passed a federal data privacy law. The lack of federal regulation around data creates a loophole for presidency agencies to evade electronic surveillance law. It also allows agencies to amass enormous databases that AI systems learn from and use in often unrestricted ways. The resulting erosion of privacy has been a priority for greater than a decade.

Throttling the info pipeline

The Office of the Director of National Intelligence report acknowledges the stunning loophole that commercially available information provides for presidency surveillance: “The government would never have been permitted to compel billions of individuals to hold location tracking devices on their individuals in any respect times, to log and track most of their social interactions, or to maintain flawless records of all their reading habits. Yet smartphones, connected cars, web tracking technologies, the Internet of Things, and other innovations have had this effect without government participation.”

However, it isn’t entirely correct to say “without government participation.” The legislative branch could have prevented this example by enacting data privacy laws, more tightly regulating business data practices, and providing oversight in AI development. Congress could yet address the issue. Representative Ted Lieu has introduced the a bipartisan proposal for a National AI Commission, and Senator Chuck Schumer has proposed an AI regulation framework.

Effective data privacy laws would keep your personal information safer from government agencies and corporations, and responsible AI regulation would block them from manipulating you.

This article was originally published at theconversation.com