Sensitive personal information such as the apparent home addresses and health status of thousands of active-duty U.S. military personnel can be purchased inexpensively online from so-called data brokers. according to a study published Monday by researchers at Duke University.
Researchers could search for data on military personnel based on geolocation, including whether they lived or worked near Fort Bragg, Quantico or other sensitive military sites. In some cases, they were able to purchase the data for as little as $0.12 per record.
The study underscores long-standing national security concerns among U.S. officials and outside experts that a foreign intelligence service, for example, could paint a picture of the whereabouts and vulnerabilities American military personnel simply by searching for information online. Fraudsters could also use this data to stalk or blackmail military families, the researchers concluded.
The researchers took advantage of a vast ecosystem of data brokers in the United States, stretching from large credit bureaus to obscure analytics companies to mobile apps that quietly sell users’ location data . In the United States, there are still few legal restrictions on the buying and selling of such data.
“It was way too easy to get this data: a simple domain, 12 cents per service member and no background checks on our purchases,” said Justin Sherman, a senior scholar at Duke’s Sanford School of Public Policy, who directs his research on data brokerage. project.
“If our research team, subject to university research ethics and confidentiality processes, could do this as part of an academic study, a foreign adversary could obtain data in the blink of an eye to profile, blackmailing or targeting military personnel,” Sherman told CNN.
Data brokers purchase personal information about people, including their Social Security numbers, names, addresses, income, employment history, criminal history and other items, which can then be used to conduct investigations legitimate information, such as background and credit checks.
But they are facing increasing scrutiny from regulators. In August, the Consumer Financial Protection Bureau said it was explore new rules This would prevent data brokers from selling certain information except in specific circumstances.
The Federal Trade Commission is currently considering new regulations to crack down on data brokers.
“We cannot comment on the specific practices of any company,” an FTC spokesperson said. “However, we have repeatedly expressed concerns about the practices of data brokers and their potential impact on consumer privacy. We are prepared to take action against any company that fails to protect consumer data and comply with applicable laws such as the Fair Credit Reporting Act.
Sen. Ron Wyden, an Oregon Democrat who sponsored legislation to impose restrictions on data brokers, called the Duke study “a wake-up call for policymakers: the data broker industry is out of control and poses a serious threat to the national security of the United States.” .”
“The United States needs a comprehensive solution to protect Americans’ data from hostile nations rather than focusing on ineffective band-aids like banning TikTok,” Wyden said in a statement to CNN.
“The Department (of Defense) takes the privacy interests of its personnel very seriously,” Timothy Gorman, a spokesperson for the Office of the Secretary of Defense, said in a statement to CNN in response. at the duke’s office. “There is a large and growing amount of commercially available information that raises concerns about privacy interests, civil liberties interests, national security implications, threats that our adversaries pose military and operational security risks. »
The Pentagon, Gorman added, “has a responsibility to protect the privacy interests of individuals and will continue to emphasize to our personnel the importance of maintaining, training and implementing strong safeguards to protect the interests of the private lives of our citizens.
The Pentagon and the U.S. intelligence community have long worried about how foreign spies could exploit the market for Americans’ personal data.
The vast amount of personal data sold online constitutes an “increasingly powerful” tool for intelligence gathering by U.S. and foreign spy agencies, but it also poses a risk to the privacy of ordinary citizens, according to a US intelligence report declassified this year.
The Pentagon announced in 2018 a ban on deployed personnel using fitness trackers, smartphones and potentially even dating apps that use geolocation features. This follows scrutiny of these practices after Strava, a fitness tracking app, may have inadvertently revealed the locations of security forces around the world.