security

In the News: Tech Policy Report on Sale of Data on U.S. Military … – Duke University


Another report from the Sanford Cyber Policy Program has been making headlines this week. Building off of the powerful impact of their mental health data broker report in February, the data broker team, led by  Justin Sherman, a senior fellow at Sanford, turned their focus to a major target of data brokers: U.S. military members

Justin Sherman

Along with Sherman, this new report was co-authored with Sanford students Hayley Barton, Aden Klein, Brady Kruse, and Anushka Srinivasan. The authors analyzed hundreds of data broker websites, searching for specific terms like “military” or “veteran”, then contacting data brokers directly to inquire about and purchase data including sensitive information about service members. 

“I’ve been thrilled to see such a bipartisan, supportive response to our report. There is not enough attention to the intersection of data brokerage, US privacy law, and national security, and an enormous credit goes to the student co-authors of the report for their research on this problem. Duke’s work on the data brokerage ecosystem continues to have a strong impact in the media and on public policy to protect Americans, including the military and beyond, from data sale and exploitation,” said Sherman. 

As one of the first reports to tackle this topic, here are some important points to note.

Major Takeaways From Report

  • It is not difficult to obtain sensitive data about active-duty members of the military, their families, and veterans, including non-public, individually identified, and sensitive data, such as health data, financial data, and information about religious practices. The team bought this and other data from U.S. data brokers via a .org and a .asia domain for as low as $0.12 per record. Location data is also available, though the team did not purchase it.
  • Data broker methods of determining the identity of customers are inconsistent and evidence a lack of industry best-practices.
  • Currently, these inconsistent practices are highly unregulated by the U.S. government.
  • The inconsistencies of controls when purchasing sensitive, non-public, individually identified data about active-duty members of the military and veterans extends to situations in which data brokers are selling to customers who are outside of the United States.
  • Access to this data could be used by foreign and malicious actors to target active-duty military personnel, veterans, and their families and acquaintances for profiling, blackmail, targeting with information campaigns, and more.
Readers Also Like:  White House wants input on open source security, memory-safe ... - Cybersecurity Dive

As the report continues to receive the spotlight, media and policymakers have taken notice. Here are just a few so far. 



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.