We recently read a report in The Wall Street Journal that got our attention. Commercial data brokers are selling their third-party data to the government. If you’re an optimist, you would think this could be a good thing. Our intelligence agencies and the defense department may be able to identify patterns that could predict and prevent an unfortunate event – terrorism, for example. But honestly, how would you feel if all the conversations in your house that Siri and Alexa are silently listening in on are sold in the aggregate to the government…or something else?
Data Driven
The report harkens to the need for awareness of hidden risks for organizations that become data-oriented to increase their effectiveness and build relationships with current and prospective customers. Getting to know one’s customers and those that comprise the market is a downright necessity today. We are likely one of the loudest preachers of that point in context of organizational transformation. But…context, of course, is everything.
We have also written about the need for individuals to be cautious of the trails of data they generate every second, minute, hour and day. It has become commonplace to tell the world who we are, how we think and what we like without realizing who might be using these preferences for profit. Data sharing definitely has a different context when dealing with the privacy of individuals.
If you are an avid reader of our newsletter, you may remember our issues on Behavioral and Inference Data, Good Data Vital Currency and Bad Data a Disaster and our routine coverage of First Party Data and EU and US Privacy Regulation Updates. And if you read our book, The Truth About Transformation, you may remember in Part II we summarized lectures taught at UMD on how our mind is easily motivated to become so immersed in our devices and how easily manipulated it is to reveal more and more about ourselves.
The Sharing Economy
We give it all away without knowing what we are revealing. We like a friend’s Facebook post and a Reel on Instagram. We retweet on X and add hearts or thumbs up for a post on LinkedIn. We immerse in post after post on Reddit and lose hour after hour on TikTok as the algorithm feeds us more and more what we “like.” The list of Apps, sites and platforms where we unconsciously, or in some instances knowingly, tell the world who we are is nearly endless.
We give even more away in the word choices (even using Emojis) we make across our communications. Our immersion in every reward and loyalty program reveals our purchasing preferences. Even words or sayings that are very city-centric or region-specific reveal where we are. Do you think you’re not sharing your location? Well, you likely did in how you said what you said.
Even our physical movements are known by the monitors: Consider security cameras nearly everywhere, devices pinging to stay connected to cell/data towers, and our new addiction to using GPS to get where we want to go. All this movement is noted and recorded.
Data Brokerage
We may believe that the organizations we are doing business with and the digital platforms we use don’t share our data. In reality, our data is packaged and sold to anyone who is willing to pay for it — even governments around the world. Perhaps, you think that’s ok, or you may just sigh in resignation. Have we evolved to the point that we rationalize these data harvests as permissible? Or are we simply ignoring what is happening? How often do we do a pro and con analysis weighing the benefits against the negative consequences? The adage “we are what we eat” may be updated to ”we are what we give away.”
Knowing creates awareness and recognition. This week we want to try to fill a gap about what we may not know. Sure, you may know on some level that you are constantly revealing yourself to others, but we suggest what follows might be a bit of a surprise.
I Spy
The WSJ report we introduced was based on Byron Tau’s new book, Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State. Politico states in an interview with Tau, “An opaque network of government contractors is peddling troves of data, a legal but shadowy use of American citizens’ information that troubles even some of the officials involved. And attempts by Congress to pass privacy protections fit for the digital era have largely stalled, though reforms to a major surveillance program are now being debated.”
Tau adds, “The data is used in a wide variety of law enforcement, public safety, military and intelligence missions, depending on which agency is doing the acquiring. We’ve seen it used for everything from rounding up undocumented immigrants or detecting border tunnels. We’ve also seen data used for man-hunting or identifying specific people in the vicinity of crimes or known criminal activity. And generally speaking, it’s often used to identify patterns. It’s often used to look for outliers or things that don’t belong. So, say you have a military facility, you could look for devices that appear suspicious that are lingering near that facility.”
That all sounds logical and defensible. But who gave anyone permission?
Advise and Consent
Here’s the kicker, Tau says “It’s legal for the government to use commercial data in intelligence programs because data brokers have either gotten the consent of consumers to collect their information or have stripped the data of any details that could be traced back to an individual. Much commercially available data doesn’t contain explicit personal information.”
Yes, but. this information can always be tracked back, something we discussed in our piece on inference data. Tau continues: “The truth is that there are ways to identify people in nearly all anonymized data sets. If you can associate a phone, a computer or a car tire (air pressure sensor) with a daily pattern of behavior or a residential address, it can usually be associated with an individual,” he adds.
The WSJ takes the debate even further. The data that is being sold would otherwise need a search warrant. According to Michael Morell, a former deputy director of the Central Intelligence Agency, “If we collected it using traditional intelligence methods, it would be top secret sensitive. And you wouldn’t put it in a database, you’d keep it in a safe.”
Think about what we volunteer without considering the consequences: our geo-location data, shipping information, purchase history, shopping preferences, and loyalty programs. And what happens to all that information? It is often sold to commercial data brokers who then resell or trade it, unbeknownst to us. As the WSJ report states, “In January 2022, a group of advisers convened by the U.S. Director of National Intelligence issued a report on the changing nature of intelligence. The report, withheld from the public for nearly a year and a half, concluded that ‘Today, in a way that [few] Americans seem to understand, and even fewer of them can avoid,’ governments can purchase ‘information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection.’”
National Interests
But ok, if our government can do this, what would prevent a foreign government or entity from doing it? Tau explains, “Gray data is essentially data that’s sort of there for the taking; that’s the byproduct of moving around the web or using some sort of service. So, think of these Bluetooth devices that we all increasingly carry now. Your Bluetooth wireless headphones are just constantly pinging everything around it trying to tell a phone, another endpoint, that it’s there. And these clever governments or their contractors or these private companies have figured out, ‘Hey, you know, I could just run a little bit of code on a million phones around the world and just start vacuuming up all the Bluetooth signals around it.’ And some of these contractors have found willing government buyers for this data.”
TikTok
This leads us to the whole existential crisis about TikTok. We’ve all read the headlines. In summary, The US’s moves against TikTok, which are yet to be signed off by the Senate, reflect widespread fears that the app represents a security risk to the West by allegedly giving Beijing access to citizen’s data as well as the potential to conduct influence operations (Politico). Just to review, TikTok has over a billion followers worldwide, and it is recognized as having a significant cultural impact all over the world. According to Wiki, “TikTok has come under scrutiny due to data privacy violations, addictiveness, misinformation, offensive content, and its role during the Israel–Hamas war. Countries have restricted, banned, or attempted to ban the use of TikTok to protect children and on national security grounds over possible user data collection by the Chinese government. Even if Stephen Mnuchin and a US consortium of investors did buy Tiktok, what’s to prevent commercial brokers from harvesting and selling its data to anyone who is willing to pay for it?
But let’s face it, if TikTok is the bad guy of the moment, are Facebook, Google, credit card companies, retailers’ reward programs, wireless phone companies, and streaming companies suddenly the good guys? Nearly every organization packages its data for those interested in paying for it. Who ensures that an organization seeking to buy data doesn’t have malicious intent? Seems like anyone with the right amount of funds can buy data about you and those who are like you. TikTok may be being singled out but that surely does not plug the dam that is already leaking.
Data Harvesting
How might all this look in the future? The business model for sharing and using data will likely be different from what we have seen in the past as our immersion in our devices and a digital world continues and with the likelihood at some point that governments may catch up and put privacy regulations in place, or at least get close to what rapid advances are occurring.
Industry clouds are an example of how the sectors of our economy might evolve. In industry clouds, organizations share their (anonymized) data with an independent third party. However, if government regulation remains a gap, only by good faith of the industry actors and independent parties in the ecosystem, will data in ways be protected. Who then sets the criteria? Who oversees the independent agents? Note here again that even when data is anonymized, data points can still be put together to reveal whose data it is, where they are located and more. There is no real ability or practical ability to scrub data
Regardless of the will and motivation of some, challenges remain. “A group of U.S. lawmakers is trying to stop the government from buying commercial data without court authorization by inserting a provision to that effect in a spy law, FISA Section 702, that Congress needs to reauthorize by April 19. The proposal would ban U.S. government agencies from buying data on Americans but would allow law-enforcement agencies and the intelligence community to continue buying data on foreigners,” reports the WSJ.
As Tau says, “There is this tension between the United States being a society that’s privacy-oriented, that’s skeptical of the government, and the public safety and national security missions of all these government agencies. Lawyers and program managers and elected officials have to try to balance the fact that this data is out there. It’s available for purchase. It’s something that Home Depot can use to target ads. And the question that gets asked over and over again inside government is, if Home Depot can use it to target ads, why can’t we use it for our very important national security or public safety mission?”
The answer is surely it makes rational sense but must be noted that it is complicated and complex. As with most situations, there are unintended consequences when we don’t take the time and expend the mental energy that is necessary to understand the problem we are trying to solve and what by-products that result. There are pros and cons to most things and situations in life. As individuals, or a collective of individuals comprising an organizational system, some impacts and influences are known, many others unforeseen. It is challenging as best to have the foresight to know where we are heading and what the world will truly look like and be contending with in the future.
Editor’s Note – This article is republished with the author’s permission with first publication in twentyforty digital Issue 152, March 21, 2024.