The White House has launched a new effort to stop data brokers lawfully selling Americans’ personal data to entities in hostile states, arguing it represents a major privacy and national security risk.
President Biden yesterday signed an executive order (EO) which he claimed was the most significant ever taken to protect Americans’ data security.
It relates to the legal sale by commercial data brokers and other companies of personal and financial data to “countries of concern,” or entities controlled by such countries.
The White House claimed this activity means it often ends up in the hands of foreign intelligence services, militaries or companies controlled by foreign governments – raising privacy, counterintelligence, blackmail and other national security concerns.
It could be used to profile and target military officers and those in the national security community, as well as dissidents, journalists and others who may represent a threat to repressive regimes, it added.
“The President’s executive order focuses on Americans’ most personal and sensitive information, including genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information,” a White House fact sheet explained.
“Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services. This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy.”
The EO authorizes the Department of Justice (DoJ) to:
- Issues regulations preventing large-scale data transfers to hostile states
- Issue regulations to establish greater protection of sensitive government-related data
- Work with the Homeland Security Department to prevent hostile nations getting hold of American’s data by other commercial means, such as investments and employment relationships
- Ensure any action doesn’t impede information flows necessary for financial services, or consumer, economic, scientific and trade relationships with other countries
“Today, we make clear that American citizens’ sensitive and personal data is not for sale to our adversaries,” said deputy attorney general, General Lisa Monaco.
“The Justice Department has long focused on preventing threat actors from stealing data through the proverbial back door. This executive order shuts the front door by denying countries of concern access to Americans’ most sensitive personal data.”
A Major Roadblock
Claude Mandy, chief evangelist for data security at Symmetry Systems, explained that the EO stops short of a federal privacy law, instead only encouraging the need for bipartisan legislation.
He added that it may hit a major roadblock in that many organizations lack the ability to understand what sensitive data they hold, whether it’s being shared with data brokers and whether that data ultimately ends up being sold to countries of concern.
“It is clear to us as experts in this field that organizations do not currently have these capabilities, and more importantly nor do data brokers. This includes basic capabilities to vet what data they have, who has access to it, and where it is being accessed from,” he argued.
“The forthcoming action by the attorney general in the short term will obviously be focused on legal restrictions on data brokers prohibiting the sale of this information to identified countries of concern, but the scale of this challenge and determining what type of data is daunting to enforce, particularly with intermediary parties being of concern.”