Tag: data collection

SEC Plan to Track Americans’ Stock Investments Sparks Legal Fight

All stock trades conducted on U.S. exchanges will soon be surveilled by the government, according to a newly implemented plan by the Securities and Exchange Commission (SEC).

The SEC’s “Consolidated Audit Trail” (CAT) mandate would “allow regulators to efficiently and accurately track all activity throughout the U.S. markets,” the SEC stated.

In announcing the launch of this plan, SEC Chairman Gary Gensler stated in September 2023 that “prior to CAT’s creation, regulators lacked a consolidated view of the material information of all orders in [exchange-traded] securities.”

The CAT plan was originally proposed under the Obama administration in 2012 but remained dormant under the Trump administration. It is currently being resurrected under the Biden administration.

This plan ran into some resistance last week, however, from a group of lawyers and retired judges who see it as a historic violation of Americans’ civil rights.

A complaint filed on April 16 by the New Civil Liberties Alliance (NCLA), as a prelude to a lawsuit, called the CAT mandate “an unprecedented scheme by an administrative agency … to unilaterally set in motion one of the greatest government-mandated mass collections of personal financial data in United States history.”

Keep reading

Biden Opposes Bill That Would Keep Cops and Feds From Buying Your Data

A bipartisan group of lawmakers is once again trying to keep the government from performing an end run around the Fourth Amendment by buying people’s personal data. This week, President Joe Biden indicated that he opposed the bill.

H.R. 4639, known as the Fourth Amendment Is Not For Sale Act, “expands prohibited disclosures of stored electronic communications” to include purchases of data by law enforcement and intelligence agencies.

First introduced in 2021 by Sens. Ron Wyden (D–Ore.), Rand Paul (R–Ky.), Patrick Leahy (D–Vt.), and Mike Lee (R–Utah), the bill has been reintroduced in subsequent sessions. The current version was introduced in the House by Rep. Warren Davidson (R–Ohio) and in the Senate by Wyden and Paul.

On Wednesday, Rep. Jerrold Nadler (D–N.Y.), ranking member of the House Judiciary Committee and one of the House bill’s cosponsorsaffirmed his support on the House floor. “That anyone should have Americans’ private information is highly troubling to me,” Nadler said. “But that our federal government can obtain it without a warrant should be troubling to all of us.”

On Tuesday, the White House announced that the Biden administration “strongly opposes” the bill. According to a Statement of Administration Policy, the bill “generally would prohibit the Intelligence Community and law enforcement from obtaining certain commercially available information—subject only to narrow, unworkable exceptions.”

The Stored Communications Act forbids technology companies from disclosing certain subscriber information, including to the government. But certain types of data—including search histories, credit reports, employment records, and cellphone geolocation data—is “commercially available” and can be sold by third parties called data brokers. Often this data is purchased by private companies in order to better tailor their ad spending.

Governments typically need a warrant to access any of that type of information—as recently as 2018, the Supreme Court affirmed in Carpenter v. United States that the government cannot access a person’s cellphone location data without a warrant. “Although such records are generated for commercial purposes,” wrote Chief Justice John Roberts, that alone did not “negate” the plaintiff’s expectation of privacy. “We decline to grant the state unrestricted access to a wireless carrier’s database of physical location information.”

Put simply: Come back with a warrant.

But instead of honoring that decision, law enforcement and intelligence agencies just started buying the information from data brokers instead: The National Security Agency (NSA) buys people’s internet metadata, and agencies within the Department of Homeland Security—including Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP)—purchase cellphone location data.

Keep reading

Are The Feds Buying Gun Data On Private Citizens Without A Warrant? 

The Biden Administration has shown time and time again how they weaponize federal law enforcement agencies against gun owners.

A recent report by the Inspector General of the Department of Homeland Security highlighted how several DHS component agencies, including the Secret Service, bought Americans’ phone location data without a court order.

Several other agencies, including the IRS, FBI, and the Defense Intelligence Agency, also admitted to using data brokers to sidestep American’s Fourth Amendment rights.

Under normal circumstances, a Judge would need to issue a warrant to collect this kind of data, but in this case, private companies act as a middleman between your data and the government by scraping anywhere that personal data is publicly available. Government lawyers have decided that the Fourth Amendment does not apply to Americans’ personal data — if the government buys it from data brokers.

Using the same quasi-legal methods used to obtain phone location data, federal law enforcement agencies may have already targeted gun owners by purchasing email lists and data sets that contain location, name, and other personal information from data brokers.

Several sites promote their extensive list of “Shooting Fanatics,” “Concealed carry licensed gun owners,” and even “New York City Gun Owners”! These lists are perfect targets for an administration focused on attacking the individual right to keep and bear arms.

With these lists, the Biden Administration’s law enforcement agencies could purchase and misuse the personal information of millions of gun owners without a single warrant or court order.

Keep reading

NSA secretly buying Americans’ data without a warrant

The National Security Agency has secretly been buying Americans’ internet records and using them for spying purposes without obtaining a warrant, a senior senator revealed Thursday.

Sen. Ron Wyden, Oregon Democrat, said the practice had been a “legal gray area,” with data brokers quietly obtaining and reselling the internet “metadata” without the users’ consent. He said the NSA has been trying to keep the whole thing under wraps.

In a letter to Director of National Intelligence Avril Haines, the senator said the government needs a “wake-up call,” and he called for new rules limiting purchases only to data that Americans have consented to be sold.

He also asked for Ms. Haines to take an inventory of what the government already has and toss out any information that doesn’t meet the standard of consent.

“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal,” he said.

He released a letter from Army General Paul M. Nakasone, director of the NSA, detailing and justifying the agency’s actions.

Gen. Nakasone said it acquires what it calls “commercially available information” but said the acquisitions are limited. They don’t include location data from phones “known to be used in the United States,” and they don’t buy or use location data from automobiles in the U.S.

They do buy “non-content” data “where one side of the communication is a U.S. Internet Protocol address and the other is located abroad.”

The general said that information was critical for “the U.S. Defense Industrial Base.”

“NSA understands and greatly values the congressional and public trust it has been granted to carry out its critical foreign intelligence and cybersecurity missions on behalf of the American people,” Gen. Nakasone wrote.

In a separate letter, Under Secretary of Defense Ronald S. Moultrie defended the legality.

“I am not aware of any requirement in U.S. law or judicial opinion … that DoD obtain a court order in order to acquire, access or use information, such as CAI, that is equally available for purchase to foreign adversaries, U.S. companies and private persons as it is to the U.S. government,” he wrote.

Mr. Wyden, though, says the legal landscape may have just changed.

Keep reading

Meta sues FTC, hoping to block ban on monetizing kids’ Facebook data

Meta sued the Federal Trade Commission yesterday in a lawsuit that challenges the FTC’s authority to impose new privacy obligations on the social media firm.

The complaint stems from the FTC’s May 2023 allegation that Meta-owned Facebook violated a 2020 privacy settlement and the Children’s Online Privacy Protection Act. The FTC proposed changes to the 2020 privacy order that would, among other things, prohibit Facebook from monetizing data it collects from users under 18.

Meta’s lawsuit against the FTC challenges what it calls “the structurally unconstitutional authority exercised by the FTC through its Commissioners in an administrative reopening proceeding against Meta.” It was filed against the FTC, Chair Lina Khan, and other commissioners in US District Court for the District of Columbia. Meta is seeking a preliminary injunction to stop the FTC proceeding pending resolution of the lawsuit.

Meta argues that in the FTC’s administrative proceedings, “the Commission has a dual role as prosecutor and judge in violation of the Due Process Clause.” Meta asked the court to “declare that certain fundamental aspects of the Commission’s structure violate the US Constitution, and that these violations render unlawful the FTC Proceeding against Meta.”

Meta says it should have a right to a trial by jury and that “Congress unconstitutionally has delegated to the FTC the power to assign disputes to administrative adjudication rather than litigating them before an Article III court.” The FTC should not be allowed to “unilaterally modify the terms” of the 2020 settlement, Meta said.

The FTC action “would dictate how and when Meta can design its products,” the lawsuit said.

Keep reading

We the Exploited: The U.S. Government Buys and Sells Its Citizens for Profit and Power

Americans have become easy prey for hackers, scammers, snitches, spies, and con artists.

But don’t be fooled into thinking the government is protecting you.

To the contrary, the U.S. government is selling us (or rather, our data) to the highest bidders.

By the way, those highest bidders also include America’s political class and the politicians aspiring to get elected or re-elected. As the Los Angeles Times reports, “If you have been to a political rally, a town hall, or just fit a demographic a campaign is after, chances are good your movements are being tracked with unnerving accuracy by data vendors on the payroll of campaigns.”

Your phones, televisions and digital devices are selling you out to politicians who want your vote.

“Welcome to the new frontier of campaign tech — a loosely regulated world in which simply downloading a weather app or game, connecting to Wi-Fi at a coffee shop or powering up a home router can allow a data broker to monitor your movements with ease, then compile the location information and sell it to a political candidate who can use it to surround you with messages,” writes journalist Evan Halper.

In this way, “we the people” have been reduced to economic units to be bought, bartered and sold by all and sundry.

On a daily basis, Americans have been made to relinquish the most intimate details of who we are—our biological makeup, our genetic blueprints, and our biometrics (facial characteristics and structure, fingerprints, iris scans, etc.)—in order to navigate an increasingly technologically-enabled world.

Those intimate details, in turn, have become the building blocks of massive databases accessed by the government and its corporate partners in crime, vulnerable to data breaches by hackers, cyberattacks and espionage.

For years now, and with little real oversight or restrictions, the government has been compiling massive databases comprised of all manner of sensitive information on the citizenry.

Keep reading

Police Circumventing Warrant Requirements By Purchasing Data from Private Vendors

John Adams warned us that if we give government an inch, it will take a mile.

“The nature of the encroachment upon the American Constitution is such, as to grow every day more and more encroaching. Like a cancer, it eats faster and faster every hour.”

We’ve seen this play out dramatically when it comes to the Fourth Amendment.

The courts have created all kinds of exceptions to the Fourth Amendment. But the government continues to push for more and look for ways to circumvent the restrictions on searches and seizures currently in place.

In the latest ploy to gobble up as much personal information as possible, state and federal law enforcement agencies have turned to buying information from private data miners. According to a report from LawFare Media, buyers of private data include the Department of Homeland Security, the Internal Revenue Service’s Criminal Investigations Division, the Defense Intelligence Agency, and police departments across the country.

If government agents collect the same data directly from cell phones or internet providers, they would have to get a warrant. However, government attorneys argue that purchasing data from private brokers does not violate the Fourth Amendment because once the data becomes “public,” the expectation of privacy disappears. Furthermore, most user agreements stipulate that third parties may collect data. Since customers agree to the TOS, government lawyers contend that they effectively give up their right to privacy.

Keep reading

Debunking the Myth of “Anonymous” Data

Today, almost everything about our lives is digitally recorded and stored somewhere. Each credit card purchase, personal medical diagnosis, and preference about music and books is recorded and then used to predict what we like and dislike, and—ultimately—who we are.

This often happens without our knowledge or consent. Personal information that corporations collect from our online behaviors sells for astonishing profits and incentivizes online actors to collect as much as possible. Every mouse click and screen swipe can be tracked and then sold to ad-tech companies and the data brokers that service them.

In an attempt to justify this pervasive surveillance ecosystem, corporations often claim to de-identify our data. This supposedly removes all personal information (such as a person’s name) from the data point (such as the fact that an unnamed person bought a particular medicine at a particular time and place). Personal data can also be aggregated, whereby data about multiple people is combined with the intention of removing personal identifying information and thereby protecting user privacy.

Sometimes companies say our personal data is “anonymized,” implying a one-way ratched where it can never be dis-aggregated and re-identified. But this is not possible—anonymous data rarely stays this way. As Professor Matt Blaze, an expert in the field of cryptography and data privacy, succinctly summarized: “something that seems anonymous, more often than not, is not anonymous, even if it’s designed with the best intentions.”

Keep reading

The World’s Largest Biometric Digital ID System, India’s Aadhaar, Just Suffered Its Biggest Ever Data Breach

In one fell swoop, roughly 10% of the global population appears to have had some of their most valuable personal identifiable information (PII) compromised. Yet Aadhaar continues to receive plaudits from Silicon Valley. 

An anonymous hacker claims to have breached the digital ID numbers, as well as other sensitive personal data, of around 815 million Indian citizens.

To put that number in perspective, it is more than 60% of the 1.3 billion Indian people enrolled in the government’s Aadhaar biometric digital identity program, and roughly 10% of the entire global population. Thanks to the breach — the largest single one in the country’s history, according to the Hindustan Times — the personal data of hundreds of millions of Indians are now up for grabs on the dark web, for as little as $80,000.

To register for an Aadhaar card, Indian residents have to provide basic demographic information, including name, date of birth, age, address and gender, as well as biometric information, including ten fingerprints, two eyeball scans and a facial photograph. Much of that data has apparently been compromised.

Media reports suggest that the source of the leak was the Covid-19 test data of the Indian Council of Medical Research (ICMR), which is linked to each individual’s Aadhaar number.

Keep reading

Cars are collecting data on par with Big Tech, watchdog report finds

An internet and privacy watchdog has a warning: Your car is tracking you, and it’s collecting far more information than it needs just to get you where you’re going.

Mozilla, the nonprofit that develops the Firefox browser, released a report Wednesday detailing how the policies of more than two dozen car manufacturers allow for the collection, storage and sale of a wide range of sensitive information about auto owners.

Researchers behind the report said that cars now routinely collect data on par with tech companies, offer few details on how that data is stored and used, and don’t give drivers any meaningful way to opt out.

“Cars are a humongous privacy nightmare that nobody’s seemingly paying attention to,” said Jen Caltrider, who directs Privacy Not Included, a consumer privacy guide run by Mozilla. “And they’re getting away with it. It really needs to change because it’s only going to get worse as cars get more and more connected.”

Unlike Europe, the U.S has few meaningful regulations on how companies trade and store personal data. That’s led to a bustling industry of companies that buy and sell peope’s information, often without their knowledge.

Keep reading