The Biden Administration wants to stop data brokers and other companies from selling sensitive personal data of American citizens to organizations in China, Russia, and other adversarial countries.
President Biden on Wednesday signed an executive order giving the Justice, Homeland Security, and other federal departments authority to create rules to “prevent the large-scale transfer” of geolocation, biometric, genomic, financial, personal health, and other data from “countries of concern,” which can use the information to compromise national security and personal privacy.
“The sale of Americans’ data raises significant privacy, counterintelligence, blackmail risks and other national security risks – especially for those in the military or national security community,” the White House wrote in a notice about the executive order. “Countries of concern can also access Americans’ sensitive personal data to collect information on activists, academics, journalists, dissidents, political figures, and members of non-governmental organizations and marginalized communities to intimidate opponents of countries of concern, curb dissent, and limit Americans’ freedom of expression and other civil liberties.”
Companies are collecting massive amounts of personal data that can legally end up in the hands of foreign intelligence services, militaries, or private companies controlled by foreign governments through data brokers, the statement noted.
“Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services,” the White House wrote. “This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy.”
Federal agencies and some state governments are taking a hard look at data brokers, which operate in a highly unregulated industry in which companies collect and aggregate huge amounts of personal information that they sell land license. The increasingly nature of the world and the rise of AI make it easier for these businesses to get hold of such data and create a data broker market that is expected to grow from $319 billion in 2021 to more than $545 billion by 2031.
There are about 4,000 data brokers in the world. Some, like Oracle and Experian, are well-known names, but many others operate out of the public eye.
The Federal Trade Commission (FTC) last month for the first time settled lawsuits against data brokers – first OutLogic and then InMarket Media – for selling such information as the precise location data of individuals that others could use to track visits to such places as medical or reproductive healthcare facilities, places of worship, and domestic abuse shelters.
The settlements came after the FTC last year began considering broad regulations to restrict what personal information companies could collect and how they could use it. In addition, the Consumer Financial Protection Bureau is considering prohibiting some information that data brokers now sell, like an individual’s Social Secure number, income, or criminal history.
There is a bipartisan bill in Congress that would prevent data brokers from selling personal information to federal agencies and law enforcement without a warrant. Also, California lawmakers passed legislation last year that made it easier for their citizens to keep data brokers from collecting their information.
The problem was put in the spotlight when researchers at Duke University last year published an in-depth 12-month study that showed how easy and inexpensive it is to buy the personal information of active and retired U.S. military personnel and their families from data brokers and that significant national security risk this represents.
“An industry that builds and sells detailed profiles on Americans could be exploited by hostile actors to target military servicemembers and veterans as a subset of the U.S. population,” the researchers wrote in the 51-page study. “Many veterans often still know currently classified information, even if they are no longer active-duty members of the military. The data brokerage ecosystem poses risks to national security by compiling large, detailed datasets on U.S. military personnel and subsequently selling that data on the open market.”
Biden’s executive order tasks the Justice Department (DOJ) to create regulations that protect Americans’ sensitive personal information from being transferred and exploited by China and similar adversaries that “have a track record of collecting and misusing data on Americans.” The DOJ also will issue regulations to protect sensitive government-related data, such as geolocation information of sensitive government sites and information about military members.
The DOJ and Homeland Security will together create standards that prevent entities in adversarial countries to access U.S. citizens’ data through other means, including data from investment, vendor, and employment relationships.
Meanwhile, the departments of Health and Human Services, Defense, and Veterans Affairs will ensure that federal grants, contracts, and awards aren’t used to make it easier for China, Russia, and others to get access to sensitive health data, even from U.S.-based companies.
Also, when the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector reviews underwater cable licenses, threats to Americans’ personal data will be included in the reviews.
These initiatives “do not stop the flow of information necessary for financial services activities or impose measures aimed at a broader decoupling of the substantial consumer, economic, scientific, and trade relationships that the United States has with other countries,” according to the executive order.
Recent Articles By Author