Data Brokers and the Sale of sensitive Data on U.S. Military Personnel

Did not Lenin famously fret about capitalists selling the rope to hang them with?

Or is it just a case of naivete and carelessness?

"Overview

The data brokerage ecosystem is a multi-billion-dollar industry comprised of companies gathering, inferring, aggregating, and then selling, licensing, and sharing data on Americans as well as providing technological services based on that data. After previously discovering that data brokers were advertising data about current and former U.S. military personnel, this study sought to understand (a) what kinds of data that data brokers were gathering and selling about military servicemembers and (b) the risk that a foreign actor, such as a foreign adversary government, could acquire the data to undermine U.S. national security. This study involved scraping hundreds of data broker websites to look for terms like “military” and “veteran,” contacting U.S. data brokers from a U.S. domain to inquire about and purchase data on the U.S. military, and contacting U.S. data brokers from a .asia domain to inquire about and purchase the same. It concludes with a discussion of the risks to U.S. military service members and U.S. national security, paired with policy recommendations for the federal government to address the risks at hand.

Major Takeaways:

• It is not difficult to obtain sensitive data about active-duty members of the military, their families, and veterans, including non-public, individually identified, and sensitive data, such as health data, financial data, and information about religious practices. The team bought this and other data from U.S. data brokers via a .org and a .asia domain for as low as $0.12 per record. Location data is also available, though the team did not purchase it.
• Data broker methods of determining the identity of customers are inconsistent and evidence a lack of industry best-practices.
• Currently, these inconsistent practices are highly unregulated by the U.S. government.
• The inconsistencies of controls when purchasing sensitive, non-public, individually identified data about active-duty members of the military and veterans extends to situations in which data brokers are selling to customers who are outside of the United States.
• Access to this data could be used by foreign and malicious actors to target active-duty military personnel, veterans, and their families and acquaintances for profiling, blackmail, targeting with information campaigns, and more."

Data Brokers and the Sale of Data on U.S. Military Personnel - Tech Policy @ Sanford | Tech Policy @ Sanford Risks to Privacy, Safety, and National Security