Last week began with the tenth anniversary of the start of Edward Snowden’s disclosures about how U.S. intelligence agencies siphoned the personal data of billions of people around the world. And it ended with a stark warning about how mass surveillance has since become even more entrenched in our lives.
On Friday, the Office of the Director of National Intelligence—the U.S. intelligence community’s oversight body—declassified and published a January 2022 report by a group of ODNI advisors. The report was about how easy it is these days for agencies to buy commercially available personal information, and the experts (whose identities were redacted) warned the ODNI that the U.S. intelligence rulebook is too out-of-date to protect people’s privacy and civil liberties in this context.
U.S. intelligence is relatively constrained in how much it can spy on people’s private personal information within the country, which is why the very first Snowden revelation about the National Security Agency collecting U.S. Verizon customers’ call records was so scandalous. (The rest were mostly about the U.S. spying on foreigners, and Big Tech is still feeling the pain from those.)
But American spies can do what they want with publicly available information, a category that includes commercially available information (CAI). So for example, they’d need probable cause to get permission to track someone’s location without violating the Fourth Amendment, but there’s nothing stopping them from just buying location-tracking data and ad-targeting profiles—which are absurdly detailed these days—from data brokers, then de-anonymizing the information to identify and track Americans.
“Today, in a way that far fewer Americans seem to understand, and even fewer of them can avoid, CAI includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection, and that could be used to cause harm to an individual’s reputation, emotional well-being, or physical safety,” the advisors warned Director of National Intelligence Avril Haines.
This is not to say the ODNI’s advisors aren’t fans of such information—they see a lot of potential for American spies, but also severe risks to the public. “CAI is increasingly powerful for intelligence and increasingly sensitive for individual privacy and civil liberties, and the [intelligence community] therefore needs to develop more refined policies to govern its acquisition and treatment,” they wrote.
Their first recommendation was for the intelligence community to actually figure out what data was being bought by which agencies. Then, they said, it should come up with new standards and procedures for acquiring and using the data, while drawing up safeguards for particularly sensitive information.
Another solution, of course, would be for the U.S. to enact federal data protection legislation that goes beyond today’s meager rules which protect only information pertaining to kids or health.
As my predecessor Jacob Carpenter reported in August, the Federal Trade Commission (FTC) sued data broker Kochava for acquiring and selling precise location data. However, a federal judge last month dismissed the case because the FTC couldn’t prove actual harm to the consumers whose location histories were being sold. Europe’s General Data Protection Regulation (GDPR), by way of comparison, doesn’t require any such proof for regulators to crack down on privacy-busting data-sharing—though admittedly, a few fines here and there have so far failed to stop industry-standard data-trading practices that critics call “the world’s biggest data breach.”
Time will tell if the GDPR one day manages to bring the data-broker industry to heel, in the quest to protect Europeans’ privacy rights. But either way, it would be a real shame if the U.S. didn’t try to do the same for its citizens. After all, if your own senior intelligence advisors say your civil liberties are at risk, there’s a problem.
More news below.
Want to send thoughts or suggestions to Data Sheet? Drop a line here.
David Meyer
Data Sheet’s daily news section was written and curated by Andrea Guzman.
NEWSWORTHY
Microsoft and the FTC reach the point of no return. The Federal Trade Commission sought a court order on Monday to block Microsoft from closing its $69 billion acquisition of Activision Blizzard. While the FTC had already sued to block the deal in December in its in-house administrative court, the move may not have prevented Microsoft from closing the deal—so the FTC is now asking a federal judge to step in. Whether you think this mega-deal even makes sense or not (and columnist Matt Weinberger has a good take on why this deal is so important to Microsoft), it seems that we're heading for a showdown, with neither side ready to blink. Microsoft president Brad Smith says the company welcomes an “opportunity to present our case in federal court.”
YouTube is opening its purse strings more for creators. YouTube is trying to meet video creators’ wishes, so it’s making two new changes aimed at getting them more money. First, Youtube’s Shopping affiliate network will no longer be invite-only, making a path for more creators to earn affiliate commissions from dozens of brands. The next announcement is for smaller-scale creators, who formerly couldn’t be a part of the YouTube Partner Program, but can now profit directly from viewers as part of a newly launched tier. These changes are part of YouTube’s effort to incentivize and earn loyalty from creators posting content across platforms, and come as competitors like TikTok, Meta, and Snap make frequent changes to creator payment programs.
U.S. hospital cites a ransomware attack for its closure. St. Margaret’s Health in Illinois will close this week after a 2021 cyberattack prevented the hospital from submitting claims to insurers, Medicare, or Medicaid for months. The attack took a financial toll on the hospital, which faced other challenges linked to its closure like supply chain issues and inflationary pressure. NBC News reports that ransomware attacks, where hackers wreck an organization’s computers and ask for payment, have targeted U.S. health care since 2016. The rare case of St. Margaret’s publicly linking its closure to an attack comes after at least 300 documented attacks a year on U.S. health care facilities since 2020, according to cybersecurity firm Recorded Future.
ON OUR FEED
"It has become increasingly clear that the global town square needs transformation—to drive civilization forward through the unfiltered exchange of information and open dialogue about the things that matter most to us."
—Twitter CEO Linda Yaccarino, in her first memo to employees Monday laying out a plan for building Twitter 2.0. Yaccarino’s early days on the job come at a critical time. The platform’s revenue from April 1 to the first week of May was $88 million, down 59% compared to the same time last year.
IN CASE YOU MISSED IT
Disgraced Theranos founder Elizabeth Holmes says she can’t afford to pay $250-a-month restitution after serving her prison term, by Chloe Taylor
The 4-day workweek will finally arrive thanks to A.I., Jefferies says—You’ll just need a ‘human day’ to cope with digital overload, Prarthana Prakash
Top tech analyst Dan Ives says the A.I. ‘gold rush’ is just like the dotcom boom but it’s a ‘1995 moment…not 1999’, by Will Daniel
Microsoft just rolled out a huge Xbox lineup for 2023 and 2024, including games that designers could only dream about before modern tech, by Chris Morris
‘He might not be wrong’: Elon Musk echoes the anti-tech take of notorious terrorist ‘the Unabomber’ Theodore Kaczynski, by Chloe Taylor
BEFORE YOU GO
A final Beatles song will be brought to life by A.I. Paul McCartney told BBC Radio 4 that he used A.I. to grab John Lennon's voice from an old demo and create what he says will be the final Beatles record. The BBC reports it is likely to be a 1978 Lennon composition called Now And Then. McCartney was given the demo from Lennon's widow, Yoko Ono, and he’s often talked about finishing the song one day.
When the love song was originally being recorded, the band faced technical issues with a buzzing sound from the electricity circuits in Lennon's apartment. Plus George Harrison didn’t enjoy working on it and called the sound quality of Lennon's vocals "rubbish." Whether it’s Now And Then or another song, it’s expected to be released this year.
This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.