Byron Tau and Dustin Volz, The Wall Street Journal, The Wall Street Journal:
The vast amount of Americans’ personal data available for sale has provided a rich stream of intelligence for the U.S. government but created significant threats to privacy, according to a newly released report by the U.S.’s top spy agency.
Commercially available information, or CAI, has grown in such scale that it has begun to replicate the results of intrusive surveillance techniques once used on a more targeted and limited basis, the report found.
Intelligence agencies don’t need to request a warrant for a piece of information if they can purchase it from public sources instead.
The proliferation of data brokers who specialize in compiling and selling sensitive information has only exacerbated this problem.
Quoted directly from the report:
Under the U.S. Constitution… CAl is generally less strictly regulated than other forms of information acquired by the [intelligence community (IC)], principally because it is publicly available. In our view, however, changes in CAl have considerably undermined the historical policy rationale for treating [publicly available information (PAI)] categorically as non-sensitive information, that the IC can use without significantly affecting the privacy and civil liberties of U.S. persons. For example, under Carpenter v. United States, acquisition of persistent location information… concerning one person by law enforcement from communications providers is a Fourth Amendment “search” that generally requires probable cause. However, the same type of information on millions of Americans is openly for sale to the general public. As such, IC policies treat the information as PAl and IC elements can purchase it.
I understand that it would be foolish to expect intelligence agencies to abide by a stricter set of data privacy rules than civilians. Still, I don’t feel great about public money being used to support and encourage data brokers.
In the end, you can’t sell what you don’t have. This report reinforces my view that end-to-end encryption should be the only acceptable solution for storing personal information.