Data tracking poses ‘national security risk’, FTC says • The Register

The massive amounts of digital data being bought and sold – or sometimes freely shared – pose a serious national security risk, according to a former US politician and diplomat.

At a Federal Trade Commission (FTC) hearing on trade oversight this week, Karen Kornbluh, the former US ambassador to the OECD and FCC executive who now leads the Digital Innovation Initiative and Democracy at the German Marshall Fund, has urged the watchdog agency to adopt stricter data privacy rules to protect consumers.

Most of the comments during Thursday’s public forum covered the usual concerns about tracking software that collects millions of data points about individuals – including their location, search queries, race and gender – who are then sold to third parties or handed over to the police.

Kornbluh, however, argued that the companies’ data collection and retention practices also help foreign cyber spies.

“There is a national security flaw in the proliferation of consumer data when we have so much information about Americans circulating on the internet,” she said. “In fact, there is a $12 billion for-profit surveillance industry that allows foreign governments to buy data.”

This data, Kornbluh added, is then used for espionage, voter manipulation and ransomware attacks as well as real-life doxxing, swatting and harassment. “Data brokers market data on current or former service members, including their web searches, family members, home addresses and even GPS coordinates,” she said. “It is difficult to know where this data goes or what it is used for.”

She cited the warning from the US National Counterintelligence and Security Center [PDF] about China’s collection of large sets of health care data on Americans “by both legal and illegal means.”

“So we’re making it easier for them to work,” Kornbluh said.

“Data that was never collected in the first place cannot be breached.”

Moreover, as revealed by the Supreme Court’s decision to overturn Roe v. Wade and the more recent Kiwi Farms incident, “it’s clear that this information circulating about vulnerable people poses a real physical danger,” she added.

Kornbluh urged the agency to use its regulatory authority to crack down on dark patterns and other deceptive practices online. Additionally, the FTC should allow parents to delete their minor children’s data and “reset the algorithms that serve them content.”

To avoid what it considers a “national security loophole,” Kornbluh said the FTC should require companies to perform due diligence before selling or sharing personal data, and that recipient companies must also have the same legal responsibilities to ensure that they do not hand over data to cybercriminals. .

“Incrimination of privacy”

Finally, “to combat the criminalization of our privacy”, even if an individual has consented to data collection, if the information collected is sensitive, such as an online search or geolocated tracking of an abortion clinic, “These searches should be removed quickly,” Kornbluh said, echoing a request that hundreds of Googlers made to CEO Sundar Pichai last month.

As the FTC considers imposing tougher privacy rules on companies, it seeks public comment on the ‘harms’ of the companies’ collection, analysis and monetization of people’s information until the 21st october.

While Kornbluh and her fellow “consumer advocate perspectives” panelists had a lot to say about this damage – Electronic Privacy Information Center (EPIC) Deputy Director Caitriona Fitzgerald described the current situation as a “crisis Data Privacy” – not all of the public testimony provided was supportive of future FTC rules.

Surveillance? Or data collection?

The U.S. Chamber of Commerce has not only challenged data privacy mandates, but also the FTC’s choice of words, including “harms” and “commercial oversight,” which it says suggest companies are using consumer data for nefarious purposes.

Additionally, “if regulation were legal, the FTC would be objectively and independently required to consider both the harms and the benefits,” said Jordan Crenshaw, vice president of the U.S. Chamber Technology Engagement Center, in his testimony.

“We urge the FTC to wait for Congress, as required by the Constitution, to pass true, clear, and workable national privacy law and to follow the FTC law remembering the tremendous benefits consumers derive. of our data-driven economy in any application proceeding,” Crenshaw said. .”

However, the political makeup of the commission and the Biden-appointed chairman, as well as a recent lawsuit against data broker Kochava, seem to indicate that it is inclined to codify certain types of privacy regulations in order to limit the appetite. companies for the collection of information.

Big Tech plays by ‘different rules’

EPIC’s Fitzgerald said rules are needed to level the playing field. Otherwise, Big Tech isn’t held to the same legal and ethical standards as, say, telephone companies or postal services.

Data tracking, she said, “attacks long-established standards of privacy. It’s about communications: writing letters, the content of our phone calls. private and we have legally protected their privacy. Why should the rules change when it comes to email?”

“Google’s implementation of email was intended to track both content and the identity of communicating parties in a way we would not advocate, and would violate criminal laws if done by mail or telephone. “, she added.

Fitzgerald called on the agency to “curb commercial surveillance” by limiting large-scale consumer tracking and profiling, and requiring that individuals’ information can only be collected, used and transferred “to the extent reasonably necessary to provide the service requested by the individual”. “

It will also help improve data security, she added: “Data that was never collected in the first place cannot be hacked. Data that is deleted after it is no longer needed cannot be hacked. are more at risk.” ®

Comments are closed.