June 2023 - New ODNI Report Reveals How U.S. Government Buys and Uses CAI

The Office of the Director of National Intelligence (ODNI) recently released a report detailing how the U.S. government buys and uses commercially available information.

The ODNI defines commercially available information (CAI) as "information that is available commercially to the general public, and as such, is a subset of publicly available information."

Meaning, CAI could include a person’s location, credit history, employment history, purchase history and so much more. CAI can also include information tied to your family members and other loved ones as well.

A readily available resource for the U.S. government to obtain a large amount of this information is through data brokers. These data brokers hold databases filled with information on U.S. citizens, and delve even farther into a person’s online history. Data brokers can collect information on people’s voting records and their web browsing activity by scraping public record databases, marketing databases and social media profiles.

And there are no rules to stop data brokers from freely collecting data from all corners of the internet.

Privacy is in a delicate state in the U.S., to put it mildly. The U.S. does not have a federal privacy law similar to what is seen in the EU with the General Data Protection Regulation (GDPR).

While U.S. citizens may be able to make requests about their information on a case-by-case basis with organizations, they do not have default or constitutional rights to access, delete and control their personal data, and there is no regulation to reign in data brokers.

This means that just about anyone could purchase information belonging to a large number of people. Marketers can buy these data points to build consumer profiles and learn more about people’s purchasing habits. Cybercriminals who could use them for malicious purposes, such as leveraging this information to conduct phishing attacks.

And as this ODNI report shows, even the U.S. intelligence community sees the value in conducting business with data brokers, and without any type of law regulating them, data brokers are likely to see their business continue to grow for the foreseeable future.

In fact, Transparency Market Research estimates the data broker market could reach $432 billion by 2031.

Data brokers, and the privacy concerns they bring forth, do not seem to be going anywhere any time soon. With everyone from the U.S. intelligence community to nefarious actors conducting business with data brokers, it is imperative to do whatever is necessary to help people protect their privacy from these entities.

BlackCloak is doing its part to help our clients stay off these data broker websites. Part of BlackCloak’s services include performing opt-out requests on behalf of clients asking to have their information removed from data brokers.

Even with these services, it doesn’t mean the concerns around data brokers will automatically go away. There are a large number of data broker websites on the internet filled with the personal information belonging to a countless number of people.

Until more concrete action is taken to regulate data brokers, the privacy of nearly every single person will be at risk. It’s why everyone should take any measures they can to limit the amount of information they share online and try to remove their information from the internet where possible.

You never know who will end up seeing what you share, whether it’s a government agency, a marketing company or someone with malicious intent.