Report: U.S. intelligence acquires “significant amount” of personal data
The U.S. intelligence community routinely acquires “a significant amount” of Americans’ personal data, according to a new report released this week by a top spy agency.
The report outlined both privacy and counterintelligence concerns stemming from the ability of U.S. government agencies and foreign adversaries to draw from a growing pool of potentially sensitive information available online.
Absent proper controls, commercially available information, known as CAI, “can reveal sensitive and intimate information about the personal attributes, private behavior, social connections, and speech of U.S. persons and non-U.S. persons,” the report, compiled last year by the Office of the Director of National Intelligence, found.
“It can be misused to pry into private lives, ruin reputations, and cause emotional distress and threaten the safety of individuals,” it said. “Even subject to appropriate controls, CAI can increase the power of the government’s ability to peer into private lives to levels that may exceed our constitutional traditions or other social expectations.”
Dated January of 2022, the report was written by an expert panel convened by Avril Haines, the director of national intelligence. It was declassified earlier this month and publicly released this week.
Redacted in places, the report noted that the market for online data is “evolving both qualitatively…and quantitatively,” and can include meaningful information on American citizens and be acquired in bulk. Even when anonymized, agencies can cross-reference data sets to reveal information about specific individuals.
“Today, in a way that far fewer Americans seem to understand, and even fewer of them can avoid, CAI includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection, and that could be used to cause harm to an individual’s reputation, emotional well-being, or physical safety,” the report said.
Information from social media, digital transactions and smartphone software for medical, travel, facial recognition and geolocation services are among the types of data widely available for purchase. It can be used to identify individuals who attend protests or participate in certain religious activities. Adversaries can use it to identify U.S. military or intelligence personnel, or build profiles on public figures, the panel wrote.
The report recommended that the intelligence community develop a set of standards for its purchase and use of online data, noting it would be at a “significant disadvantage” — to those such as foreign adversaries — if it lost access to certain datasets.
“CAI is increasingly powerful for intelligence and increasingly sensitive for individual privacy and civil liberties, and the [intelligence community] therefore needs to develop more refined policies to govern its acquisition and treatment,” the panel wrote.
In a statement, Haines said the intelligence community was working on a framework governing the use of such data. Once finalized, Haines said, “we will make as much of it publicly available as possible.”
“I remain committed to sharing as much as possible about the [intelligence community]’s activities with the American people,” she said.
Haines first promised to evaluate the intelligence community’s use of commercial data during her confirmation hearing under questioning by Democratic Sen. Ron Wyden of Oregon in 2021. She again committed to publicly releasing the findings earlier this year.
“If the government can buy its way around Fourth Amendment due-process, there will be few meaningful limits on government surveillance,” Wyden said in a statement this week. “Meanwhile, Congress needs to pass legislation to put guardrails around government purchases, to rein in private companies that collect and sell this data, and keep Americans’ personal information out of the hands of our adversaries.”