Rep. Cathy McMorris Rodgers (R-Wash.), chair of the House Committee on Energy and Commerce, said that companies have collected personal data on Americans that the government purchased and then used to spy on and track the activities of U.S. citizens.
Rodgers made the claim during an April 19 subcommittee hearing of the Committee on Energy and Commerce. The hearing of the Oversight and Investigations Subcommittee focused on the activities of data brokers that gather personal information and steps that Congress can take to protect and safeguard the sensitive and private information of Americans.
“Right now, there are no robust protections, and current privacy laws are inadequate, leaving Americans vulnerable,” said Rodgers. “For example, during government-enforced COVID-19 lockdowns, GPS and mobile phone data collected by a data broker was used by the state to spy on Californians exercising their right to attend church services.”
Invading Privacy, Compromising National Security
As detailed at the hearing titled “Who Is Selling Your Data: A Critical Examination of the Role of Data Brokers in the Digital Economy,” companies are invading the privacy and compromising the safety of Americans, culling and selling a vast breadth and variety of sensitive and personal information, including on children as young as 2, teens suffering from depression, Alzheimer’s patients, the vulnerable elderly, and active and former U.S. armed forces members.Brokers also sell information about the prescription medicines people take, their sexual orientation, and their religious practices.
In particular, the sale and availability of the personal and background information of members of the U.S. military poses a risk to national security.
A considerable component of the practices of the data brokers is legal, even though it endangers and jeopardizes the personal and financial safety of people.
Laura Moy, a faculty director at Georgetown Law’s Center on Privacy and Technology, testified at the hearing as one of three witnesses.
In her opening statement, Moy talked about the “suckers list” that data brokers compile and sell. She said that if a “person falls for a scam once, they may end up on other suckers lists categorized by areas of vulnerability, such as sweepstakes lovers.”
Moy added: “The Justice Department actually recently brought cases against multiple data brokers, alleging that over the course of several years, they had refined and sold lists of millions of elderly and otherwise vulnerable individuals to scammers. In one instance, the company was aware that some of its clients were even defrauding Alzheimer’s patients and yet continue to let it happen.”
Justin Sherman, a senior fellow at Duke University’s Sanford School of Public Policy, told subcommittee members about how in 2020, a man who had targeted a U.S. District Court judge for harm purchased information online that identified the home address in New Jersey of the judge, and then assaulted the home, killing the judge’s son and shooting her husband, who survived.
Sherman suggested making three changes to U.S. laws and statutes regarding data brokers.
“First, strictly control the sale of Americans’ data to foreign companies, citizens, and governments, which currently can entirely legally buy millions of U.S. citizens’ data from U.S. data brokers,” said Sherman. “Second, ban the sale of data completely in sensitive categories, such as with health data and location and address data, which can be used to follow, stalk, and harm Americans.”
“Third, stop companies from circumventing those controls by inferring data, using algorithms and other techniques to basically derive information that they haven’t technically collected,” he said.