Rethinking Government Access to Consumer Data

The age of pervasive data collection is upon us; sequestering the government won’t help, but oversight will.

This article is only being published here on The Kitchen Sync and is being made available to all subscribers for free. Please share it broadly so that we can produce even more exclusive content in the future.

Share


Private tech companies’ intelligence capabilities are eclipsing those of the US Intelligence Community, and Uncle Sam wants in on the action. And while intelligence agencies’ recent bid to buy privately-produced consumer data has stirred up some predictable controversy, the questions that Americans should be asking are much more fundamental than those currently on the table.  In a world in which Facebook knows more than the CIA about almost everyone—and can sell that unclassified knowledge to anyone—what do privacy, accountability, and oversight look like? If other governments can legally buy the data, what does national security look like?

The answers are not so clear, in part because the American public still has not fully internalized just how much privacy they’ve lost, nor reckoned with what a world of pervasive data collection means for national security. Long-term solutions will require a paradigm shift in how Americans understand privacy and power. To get there, some short-term measures are in order.

Tech’s accidental eclipse of government intelligence owes much to the fact that in the age of big data and AI analysis, “advertising” and “intelligence” have become unnervingly similar. In both industries, massive databases aggregate, analyze, and manage detailed profiles of countless individuals with an aim to influence actions, motivations, and behaviors. The tools and information used to understand persons of interest have organically developed in parallel, and are now highly transferrable.

But whereas agencies like the CIA and NSA are constrained by layers of security clearances, warrants, and bureaucracy, the private sector has open access to incomprehensibly large troves of data about individuals all over the world. Financial incentives also give an edge to digital advertising: The total 2020 budget of America’s entire Intelligence Community, including the CIA, NSA, FBI, and 15 related departments, was $85.8 billion. In 2021, global spending on “programmatic advertising”—automated targeted advertising based on detailed user profiles—is expected to pass $150 billion, dwarfing the financial muscle that goes into conventional intelligence.

That investment is not wasted. According to the Federal Trade Commission’s reporting, one corporate data dealer had more than 3,000 data segments for every US consumer in 2014. Today, with consumers spending a million dollars online every minute and sending more than 300 billion emails every day, we can only image the magnitude of information that these data brokers have amassed. 

Analysis of just the “likes” of the average Facebook profile can outperform family members in accurately assessing individuals’ psychological profiles, and that’s without the aid of the rich location, financial, and health data that are also being funneled into our profiles. The timeliness of consumer data is similarly impressive: in 2019, the New York Times used purchased data to construct a near real-time feed of the location of then-President Trump’s security detail.

In the future, the extent to which we all will be known by data brokers will only increase as the Internet of Things (IoT) expands to include more than 30 billion devices globally by 2025—feeding a constant stream of information on us back to analysis algorithms. Think of the 2018 Strava fiasco, in which a wearable fitness tech company publicly published “heat maps” of geolocated exercise patterns from individuals sporting Fitbits and other similar devices—inadvertently revealing sensitive American, Turkish, and Russian military bases and patrol patterns around the world.

Share

The main reason why domestic and foreign intelligence agencies want this information is that it can turbocharge their operations—from catching dangerous terrorist networks, to understanding military plans, to discerning points of leverage, blackmail, and intimidation. Shutting down the American government’s access to this expansive resource would hand unconscionable intelligence advantages to America’s adversaries, given that there is as yet no credible way to shut down their access.

Such stark realities are likely to evoke a range of strong—if contradictory—impulses among Americans. Most Americans do not want any government to have this level of access to their data, nor any of the 4,000 data broker companies that aggregate, organize, and sell this type of data for profit. But they still routinely give away their individual privacy to countless apps for the sake of convenience, enabling the consumer data trade.

Americans are also likely to express disproportionate concern over the access of their own government, even though they have far less control over the actions of large corporations and foreign adversaries with the same access. Consider the uproar when Edward Snowden leaked details about the NSA’s data surveillance program in 2013. By comparison, the data accessed by the NSA was far smaller in volume and far more controlled than the consumer data that is available to anyone with a checkbook—even though the latter has garnered only a fraction of the attention.

And while most Americans would consider leveraging this level of scrutiny for the sake of national security excessive, history and studies show that a successful attack on American lives, soil, or interests would push most Americans to support dramatic security interventions and to castigate the government for the lack of foresight that left the nation vulnerable.

With these realities in mind, sequestering our government’s intelligence community from the data revolution would be unwise and irresponsible, serving only to put our Intelligence Community at a disadvantage to data-rich foreign agencies. Until more comprehensive privacy reform is put into law that might alter the production of consumer data, we need to refocus our attention to combining the new power that comes with mass consumer data with appropriate accountability and oversight—rather than endlessly debating whether the government should have the data at all.

There are a few areas for obvious and quick legislative action, like making it illegal for foreign adversaries to purchase Americans’ consumer data from data brokers—even if enforcement will be a very uphill battle. But for the most part, solutions will be complex and multifaceted. We need a public debate that accounts for the reality that our actions are overwhelmingly known and analyzed, creating novel sources of power not just for our government, but also for corporations and malicious actors.

As first steps, the House and Senate Select Committees on Intelligence should require an annual report from America’s Intelligence Community on what commercial data it is accessing, how the data is being used, and how the nation’s geopolitical rivals are using the same information. The Director of National Intelligence should also issue an annual unclassified report cataloguing the Intelligence Community’s acquisitions and partnerships in data.

These two simple steps would establish some basic guardrails for the government, and help the public better understand how it wants its government to wield this newfound source of power moving forward. In the future, it would also allow for more nuanced and informed approaches to privacy, security, and governance as the discourse around these topics continues to evolve.

Instead of digging our government’s head in the sand, we should seek a robust approach to consumer data for our national security interests—competitive with the capabilities of leading tech firms and foreign governments that can also leverage data. But true to America’s principles, our first priority must be establishing clear restraint, oversight, and accountability for the government’s newfound powers.