The U.S. spy chief on Wednesday published its policies for how intelligence agencies collect and use information from data brokers, but a prominent Hill critic says the guidance doesn’t address a key point about what kind of information it can or can’t obtain.

The “Policy Framework for Commercially Available Information,” or CAI, released by the Office of the Director of National Intelligence (ODNI), describes the fundamental way the intelligence community will approach such data, when something is sensitive enough to warrant additional protections and more. It follows a flurry of government activity designed to address how feds use information from companies that harvest personal information on people and then sell it.

“In keeping with my commitment to share as much as possible about the IC’s activities, we are sharing this framework which provides effective governance for the IC’s handling of CAI while also protecting Americans’ privacy and civil liberties,” Director of National Intelligence Avril Haines said in a statement.

Sen. Ron Wyden, D-Ore., who has been at the forefront of scrutinizing intelligence agency use of data brokers, offered both criticism and praise of the document.

“The framework’s absence of clear rules about what commercially available information can and cannot be purchased by the intelligence community reinforces the need for Congress to pass legislation protecting the rights of Americans,” Wyden said in a statement. “The DNI’s framework is nonetheless an important step forward in starting to bring the intelligence community under a set of principles and policies, and in documenting all the various programs so that they can be overseen.”

What it does address are definitions the intelligence community will employ and principles it will adhere to, such as saying that privacy and civil liberties “shall be integral considerations, timely considered” in the use of information purchased from data brokers. It states that it won’t be used to discriminate against anyone based on things like race or gender, that agencies will assess the original source of the data and its quality and that members of the intelligence community will periodically review implementation of privacy safeguards.

Additional scrutiny of using the data would come into play for “sensitive CAI,” such as “data that captures personal attributes, conditions, or identifiers that are traceable to one or more specific U.S. persons, either through the dataset itself or by correlating the dataset with other available information.”

In a statement accompanying the framework, the ODNI emphasized the need to obtain the data, citing the use of commercial imagery to share perspective with allies and warn of Russian plans to invade Ukraine.

“CAI is invaluable to our work,” the statement reads. “At the same time, we acknowledge that CAI raises new concerns, and we are committed to engaging in our work in a way that is protective of Americans’ privacy and civil liberties.”

Spokespeople for the chairmen of the House and Senate intelligence committees didn’t immediately respond to requests for comment on the framework.

Wyden said he’d be paying attention to how the intelligence community implements the guidance.

“I intend to watchdog this process intently, to ensure that every element of the intelligence community implements the framework, that Congress is fully informed of all these programs, and that the executive branch finally delivers transparency about its acquisition of commercially available data,” he said.

A privacy advocacy group shared Wyden’s mixed verdict on the framework.

“For too long, government agencies have tried to buy their way around our constitutional and statutory protections using taxpayer money. This new framework — if implemented effectively — is an improvement over agencies’ current exploitation of the data broker loophole,” said Chris Baumohl, a law fellow at the Electronic Privacy Information Center. “However, it is not a replacement for Congress passing legislation that would close this loophole once and for all.”

Will Owen, communications director for the Surveillance Technology Oversight Project, said it was “encouraging” to see ODNI “recognize the dangers” inherent in the data broker industry, but the policy framework “does not go far enough.”

“This policy offers a first step toward greater transparency and safeguards for the use of commercially available information, but we need to ban law enforcement from purchasing Americans’ data from data brokers to actually protect our privacy and civil liberties,” he said. “This rogue industry is not ‘invaluable,’ as the ODNI says. It is a corrosive force against Americans’ civil liberties that must be dismantled.”

This story was updated May 8, 2024 with comments from Will Owen.

The post Top spy official releases principles on intel agency use of info bought from data brokers appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

69% of Organizations Infected by Ransomware in 2023

February 27, 2024 0 Comments 0 tags

Proofpoint found that 69% of organizations experienced a successful ransomware incident in the past year, with 60% hit on four or more occasions

Apple Released Security Updates for Safari and macOS

March 27, 2024 0 Comments 0 tags

Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system.  CISA encourages users

Michigan lawyer in voting machine tampering case arraigned in D.C.

March 19, 2024 0 Comments 0 tags

Stefanie Lambert, an attorney who represents an ally of former President Donald Trump being sued by Dominion Voting Systems for defamation and who faces felony charges for attempting to unlawfully