The US government buys your user data. Here’s what it does with it

In the ODNI’s report, commercially available information (CAI) is defined as “information that is available commercially to the general public, and as such, is a subset of publicly available information.” This information can include your location, credit history, insurance claims, criminal records, employment history, income ethnicity, purchase history, and personal interests.

Also: Cybersecurity 101: Protect your privacy from hackers, spies, and the government

Although apps and websites will disclose that some of this information is not linked to your identity, the report says it’s possible to “deanonymize [anonymous data] and identify individuals, including US persons,” via reverse engineering.

Because CAI is available commercially, the information can be acquired from a third-party data broker, typically in exchange for money. The report defines these data brokers as entities maintaining sophisticated databases full of US citizens’ user data.

But data brokers also obtain publicly available information, such as voting registration, bankruptcy information, and web-browsing activity, from cookies. Usually, citizens are unaware that this information is public and that data brokers obtain it.

Also: How to delete yourself from internet search results and hide your identity online

Data brokers rely on website registration and cookies to track consumers’ online activity and sell the data to advertisers to target consumers with ads. This business practice makes user data a highly valuable commodity.

The report notes that CAI can be useful to US intelligence agencies when it’s obtained in isolation, combined with other publicly available information, or when it’s reviewed by humans or machines.

The ODNI’s report states that the US intelligence community acquires a significant amount of CAI for “mission-related purposes” and sometimes uses social media data to aid in these missions.

The US intelligence community acquires CAI via contractual agreements, and some of these contracts remain classified. Of the unclassified contracts, six are detailed in the report, and one remains redacted.

Also: Were you caught up in the latest data breach? Here’s how to find out

The Defense Intelligence Agency (DIA) funds another agency that buys geolocation metadata collected from smartphones. The DIA then acquires the location data and processes whether the data is US-based location data or foreign-based location data. CAI is also obtained by the FBI and its law enforcement authorities.

The US Navy, Treasury Department, Department of Defense, and Coast Guard have had contracts to acquire CAI. In the past, the IRS tried to purchase location data to track tax fraudsters, and Homeland Security purchased the same type of data to track undocumented immigrants.

According to the report, a study conducted by Duke University found three data brokers — who advertise their services — can provide data identifying US military personnel. Data of this kind could be used by foreign actors to target prosecutors, judges, politicians, diplomats, and intelligence operatives.

CAI, if purchased or stolen by the wrong people, could also help enemies interfere with US elections.

Also: Best secure browsers to protect your online privacy

Although CAI is publicly available, it can be used to uncover sensitive information about an individual and encroach on their right to privacy. According to the EU’s data privacy provisions, known as the General Data Protection Regulation, sensitive information includes someone’s race, ethnicity, politics, religion, and biometric data.

All of those examples can and are taken from US citizens and collected by data brokers.

Most of your personal data is floating around on the internet and in the hands of data brokers. Sometimes, these brokers’ databases are hacked, and your data is stolen and sold on the dark web. In other instances, your data is acquired from brokers by government agencies.

Although it’s possible to decline when apps and websites request access to your data — including your location, contacts, and media —  it’s almost impossible to enjoy a streaming service or social media platform without relinquishing your email address, phone number, or physical address.

Also: The best password managers to safely store your logins

The ODNI stressed the importance of calling on the federal government to strengthen the legal framework for the protection of American user data. These protections include keeping data from foreign adversaries, limiting the amount of data private companies can collect, and checking the government’s powers to ensure it does not violate the rights of Americans.