U.S. intelligence agencies are implementing a new framework for purchasing Americans’ personal data en masse but will still not require a warrant to do so.
The new guidelines are intended to address “novel issues related to privacy and civil liberties,” according to a May 9 statement released by the Office of the Director of National Intelligence.
“In keeping with my commitment to share as much as possible about the [Intelligence Community’s] activities, we are sharing this framework which provides effective governance for the IC’s [Intelligence Community’s] handling of [commercially available information] while also protecting Americans’ privacy and civil liberties,” said Avril Haines, director of national intelligence.
A key method used to do that has been the bulk purchase of personal information from so-called data brokers, who purchase identifiable information obtained from the web and sell it to the highest bidder.
The new guidance comes in response to public outcry regarding the National Security Agency’s use of data brokers to effectively circumvent Americans’ Fourth Amendment right to privacy by using commercial means to obtain private information without the warrants required to collect such data directly from service providers.
Mr. Moultrie also said the defense and intelligence communities had an obligation to gather the same data that potential adversaries had access to.
“I am not aware of any requirement in U.S. law or judicial opinion ... that DoD [Department of Defense] obtain a court order in order to acquire, access, or use information, such as CAI [commercially available information], that is equally available for purchase to foreign adversaries, U.S. companies, and private persons as it is to the U.S. Government,” he said.
The records purchased from data brokers by the Intelligence Community include IP addresses, metadata, and geolocation data, among other things, which can reveal what websites Americans visit, what apps they use, where they travel and when, and even their personal medical histories.
That ruling was issued after an investigation found that many apps collecting these types of data did so illegally, without informing or obtaining consent from the individuals using the app to have their personal information sold to the government.
The FTC also announced that Americans must be told and agree to their data being sold to “government contractors for national security purposes” for the practice to be allowed.
However, the new guidance document does not halt the government’s continued collection of illegally sourced data from data brokers. The guidance document suggests that all current intelligence practices are “legal” and that the current rules regime “protects privacy and civil liberties.”
Instead, the guidance document lays out a baseline strategy for all intelligence agencies to better identify sensitive information, handle it more securely, and assess whether it can be better anonymized.
One rule in the new guidance is that the collection of sensitive commercially available information must be approved by the head of the individual intelligence elements, although those chiefs can simply delegate this responsibility with a written note.
The guidance document aims to establish a baseline of privacy and access protocols that will limit the ability of non-vetted personnel to gain access to the information collected.
