ODNI Report on Intelligence Agencies’ Data Purchases Underscores Urgency of Reform

Last month, in response to oversight efforts by Sen. Ron Wyden and EPIC’s FOIA request, the Office of the Director of National Intelligence (ODNI) released a partially declassified report by the ODNI Senior Advisory Group (SAG) on the Intelligence Community’s (IC) purchase of commercially available information (CAI). The report found that the IC is collecting increasing amounts of CAI—including sensitive information like location data—but does not know how much CAI it is collecting, what types, or even what it is doing with that data.[1] The report also found that, despite the Supreme Court’s 2018 decision in Carpenter v. United States, which requires a warrant for persistent location information and potentially other data, the IC has no formal, community-wide position on the issue.[2] Predictably, IC elements continue to narrowly construe the decision to allow it to purchase otherwise protected information from data brokers without a warrant.[3]

These findings underscore the urgency of the yearslong effort by members of Congress to curtail the government’s data broker pipeline. This week, EPIC, along with over forty other organizations, endorsed a bipartisan amendment—led by Reps. Warren Davidson and Sara Jacobs—to the National Defense Authorization Act (NDAA) that would prohibit the government from purchasing data protected by the Fourth Amendment, such as location information and internet records. Congress should take this opportunity to close the data broker loophole, which is a key piece of this year’s reform of the warrantless surveillance ecosystem, along with the debate over reauthorizing Section 702 of the Foreign Intelligence Surveillance Act (FISA) and related authorities.

The Exploding Government Data Broker Pipeline

Law enforcement and intelligence agencies’ ability to collect personal data has been traditionally bound by constitutional restraints like the Fourth Amendment’s warrant requirement or statutory regimes like the Electronic Communications Privacy Act and FISA. As private companies have stockpiled personal data, including sensitive data on Americans, these agencies have increasingly turned to the private sector, purchasing Americans’ data and circumventing traditional legal processes, and without providing any transparency about the government agency procedures (or lack thereof) for protecting Americans’ privacy. This end-run around the Fourth Amendments’ protections has only grown more pervasive—and more severe—in recent years.

As the ODNI SAG report concludes, “[t]oday, in a way that far fewer Americans seem to understand, and even fewer of them can avoid, CAI includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection[.]”[4] This includes location information, information about a person’s religion, sexual orientation, gender identity, health (including their mental health and reproductive health needs), political affiliations, and more. And, as the report underscores, the resulting stockpiling of this data raises significant risks of harm to an individual’s “reputation, emotional well-being, or physical safety.”[5] Examples abound of government agents abusing their access to sensitive databases, including by searching for love interests, racial justice protestors, and politicians. Therefore, any expansion of government access to sensitive data need be vetted carefully for necessity and safeguards.

Key Takeaways from the ODNI SAG Report

Per its terms of reference (TOR), this 90-day report, commissioned by the ODNI, attempts to: “(1) describe the role of CAI in intelligence collection and analysis; (2) reflect on the existing framework for ensuring the protection of privacy and civil liberties; and (3) make[] recommendations to the IC regarding how and under what circumstances an IC element should collect, use, retain, and disseminate CAI.”[6] However, it does not attempt “an independent legal analysis” of the issues involved with CAI, an important limitation on its ability to parse the IC’s rules for CAI.[7]

Let’s be clear, though: this report doesn’t cover all types of commercially available information. Rather, it covers only the subset of commercially available information that is also publicly available information, i.e., that it’s available commercially to the general public.[8] Therefore, it does not address information that is commercially available exclusively to governments. This means that it doesn’t cover, for example, reports that the CIA was paying AT&T more than $10 million a year to search its database of phone records for records relating to overseas terrorism suspects. It also wouldn’t cover the DEA’s reported practice of paying informants inside airline, bus, and parcel companies for access to customer data, rather than getting a warrant. And it also would not cover the IC’s purchase of tools similar to Fog Reveal, which are typically only available to government agencies and allow them to search location data based on advertising.[9] The report makes clear that if the government is indeed purchasing significant amounts of CAI that is not available to the public—and it’s hard to believe this isn’t absolutely the case—further reporting is needed.[10] One, then, would hope that further oversight is on its way, either via ODNI or by Congress.

Overall, the report highlights three findings:

• There is a “large and growing amount of CAI that is available to the general public, including foreign governments (and their intelligence services) and private-sector entities, as well as the IC.”[11]
• CAI “clearly provides intelligence value.”[12]
• “Under IC elements’ rules and procedures, CAI (because it is also PAI) is less strictly regulated than other forms of information acquired by the IC[,]” and that “profound changes in the scope and sensitivity of CAI have overtaken traditional understandings, at least as a matter of policy.”[13]

The report underscores that “CAI is increasingly powerful for intelligence and increasingly sensitive for individual privacy and civil liberties, and the IC therefore needs to develop more refined policies to govern its acquisition and treatment.”[14]

While there are a number of key takeaways from the report, three are worth exploring at length:

• The IC is vacuuming up all sorts of new and sensitive CAI, but it doesn’t know what it’s buying or what it’s doing with that information.

The IC is purchasing vast amounts of CAI, including social media data, location data, and other sensitive information. While the report is light on specific examples of IC CAI contracts, there are some worth noting. For example:

• The FBI contracted with ZeroFox for social media alerting.[15] Well before the FBI chose to pay ZeroFox, the company was the subject of significant controversy after it reportedly monitored Black Lives Matter protestors and flagged several as “threat actors” as part of another contract.
• The Defense Intelligence Agency (DIA), as previously reported, provides or has provided funding to another agency that purchases geolocation metadata from smartphones, including information about U.S. persons.[16]
• The U.S. Navy contracted with Sayari Analytics, Inc. for access to its database of CAI.[17]
• The U.S. Coast Guard contracted with well-known data broker Babel Street for an “Open Source Data Collection, Translation, Analysis Application.”[18] EPIC has detailed at length Babel Street’s sale of bulk location data, internet records, and other information to government agencies—including Customs and Border Patrol and Immigration and Customs Enforcement—through tools including Babel X.
• DHS I&A purchased access to Thomson Reuters CLEAR—a massive investigative software platform with “billions of data points”—to “resolve identities” and “provide[] leads for further analysis in DHS systems.”[19] Thomson Reuters has faced sustained pressure to cut its ties with DHS components after concerns were raised that the platform enabled detention and deportation operations.

However, the report emphasizes that the IC as a whole does not understand what CAI individual elements are purchasing, nor how they are using it. Therefore, the report recommends that the IC “develop a multi-layered process to catalog, to the extent feasible, the CAI that IC elements acquire.”[20] It underscores that “[t]he IC cannot understand and improve how it deals with CAI unless and until it knows what it is doing with CAI.”[21]

The report correctly takes a functional approach, rather than a process-oriented approach. The report notes that any cataloguing effort should include formal contracts and procurement decisions, as well as functionally equivalent agency-specific data acquisition processes, such as when an agency acquires CAI via another agency or from a non-IC element without a formal procurement decision.[22] The report also emphasizes the need to triangulate CAI acquisition and use at various stages of the CAI lifecycle.[23] The IC would be wise to follow these recommendations. Establishing a comprehensive inventory of CAI purchases and use is not just a privacy issue, it’s a good governance issue—without knowing what it’s purchasing, it’s hard for the government to argue that these purchases are necessary rather than a wasteful and privacy-invasive use of taxpayer funds.

• Years after Carpenter, the IC has no community-wide standards and procedures for CAI.

Despite the IC’s acquisition of vast amounts of CAI, the report underscores the lack of IC-wide standards and procedures governing acquisition and use of this information. Executive Order 12333, which is the foundational framework for government intelligence activities, treats publicly available information as “relatively unprotected,” though it does not define the term.[24] Individual IC elements—which operate through procedures established by the head of that element and the Attorney General (procedures known as Attorney General guidelines)—may define those terms, taking into account guidance from ODNI.[25]

According to the report, there is considerable variance in the maturity of agency policies governing CAI acquisition. Some agencies have CAI-specific guidance and specific guidelines for sensitive information, while others have either not updated their outdated policies to address new forms of CAI or are in the process of drafting CAI policies, likely in response to increased scrutiny.[26] For example, the CIA and Department of Defense (DOD) Attorney General Guidelines set forth basic standards for intelligence collection about U.S. persons. This includes permitting collection of publicly available information—even that which includes U.S. person information (USPI)—whenever the IC has an authorized intelligence purpose and the information is “reasonably believed to be necessary to that purpose.” The CIA and DOD Attorney General Guidelines also generally permit a collection technique if it is the “least intrusive means” of acquiring that information.[27] Overall, these examples of existing guidelines encourage the collection of CAI without acknowledging how intrusive today’s CAI really is, and without mandating strong safeguards to protect Americans’ privacy.

Overall, the report emphasizes that “current practices vary more, and more unsystematically, than is best. Put differently, the IC’s approach to CAI so far has been mainly federated, with individual elements operating as what might be called laboratories of CAI governance.”[28] Put yet another way, we appear to still be in the Wild West of government data purchases.

Nowhere is this free-for-all clearer—and more alarming—than in the context of location data. In 2018, the Supreme Court ruled in Carpenter v. United States that law enforcement cannot obtain persistent location information without a warrant. As the Court noted, this data “provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’”[29] However, according to the ODNI SAG report, “to our knowledge the IC has not arrived at a communitywide formal position” on whether Carpenter applies to the IC.[30] Indeed, as of January 2021, DIA told Congress as much, writing that the agency “does not construe the Carpenter decision to require a judicial warrant endorsing purchase or use of commercially available data for intelligence purposes.” It is deeply concerning that IC elements may have different—and conflicting—interpretations of a warrant requirement for the same type data, data which the Supreme Court has clearly stated is protected by the Fourth Amendment. Congress should continue to use its oversight authorities to address any inconsistencies and ensure that the IC protects Americans’ constitutional rights.

Another area of concern is the extent to which agencies collect USPI. The report makes clear that in at least some instances, agencies do not have the ability to filter out USPI prior to ingestion, meaning that agencies are hoovering up vast amounts of data—including sensitive data about Americans—with no ex ante safeguards. For example, the purchased geolocation data DIA received is not identified as U.S. location data or foreign location data, meaning that DIA acquires the information and then must identify and segregate any USPI. Note, however, that DIA may still retain—and query—the U.S. location data it obtains. Given the significant risks posed by the IC’s collection, retention, and use of this data, data minimization procedures form a key safeguard against abuse and inappropriate use. However, the report makes clear that agencies’ procedures vary considerably.

Finally, another area where the IC appears to have lagged behind common sense is deanonymization and reidentification. As the report recognizes, “anonymized” CAI may be deanonymized and linked to individuals, whether by combining that CAI with other information (commercially available or not).[31] At least as of the writing of the report, some elements still did not treat information as sensitive because they either “did not possess other data sets that could be used to reidentify (deanonymize) or because they did not intend to reidentify the individuals in the data.”[32] The ODNI SAG report correctly characterizes these agencies’ interpretation as “unacceptably narrow,” but does not recommend a particular standard, in keeping with its TOR.[33] This is yet another area ripe for strong and consistent protections, such as by legislating a definition of de-identified data that ensures information cannot be reasonably re-identified.

The report recommends that, based on its catalogue of CAI, the IC should “develop a set of standards and procedures for CAI, governing and requiring regular re-evaluation of acquisition and use decisions, including as to the use of CAI.”[34] While the report recognizes that these standards will need to be adapted for different IC elements given their different needs and missions, it emphasizes that all IC element approaches to CAI must be consistent in principle—one of several worrying notes that may suggest this is not currently the case.[35]

• The IC is not doing enough to protect Americans’ most sensitive information.

As the report details, the IC’s procedures are particularly lacking when it comes to Americans’ most sensitive information, such as their location information. Although some agencies conduct Volume, Proportion, Sensitivity (VPS) assessments of collection programs regarding the USPI that is likely to be acquired, these requirements do not apply specifically to CAI, and leave significant room for discretion in determining what “enhanced safeguards” can be used to mitigate the risks to Americans’ privacy.[36] Further existing guidance—like the NSA’s—may not always be triggered because of definitional issues, like how USPI is applied in the context of publicly available CAI.[37]

Other IC elements have done even less to protect Americans’ privacy. Some have adopted a binary approach “in which CAI is non-sensitive if the government could and/or historically did overtly and lawfully acquire it directly, and sensitive if the government could not or historically did not do so.”[38] As noted above, other agencies treat “anonymized” data as less sensitive, even where there is the potential to re-identify the data and link to individuals.

The report also indicates that at least some IC elements are purchasing CAI in bulk, meaning it is ingested with no filtering terms or discriminants, and where a significant portion is not reasonably likely to be relevant to intelligence objectives. As the report notes, CAI acquired in bulk “will almost always be more sensitive than CAI in smaller data sets.”[39] Nonetheless, some of IC elements’ current guidelines still encourage the acquisition of CAI (at least when it is PAI)—even in bulk—over other sources of information, even when those sources are more narrowly targeted.[40] The Department of the Treasury and DHS each have internal data review mechanisms that are apparently applied in the context of at least some CAI acquisitions, including those in bulk.[41] However, little if any public information is available on these mechanisms and from the report appears to indicate that they are not binding authorities and may be overridden by higher authorities.[42] Therefore, key questions remain about whether these internal mechanisms are effective checks on CAI acquisition. 

Given these gaps, the report recommends that the IC develop—either as part of the above policies and procedures, and/or as a complement to it—“more precise guidance to identify and protect sensitive CAI that implicates privacy and civil liberties concerns.”[43] In developing this guidance on CAI, the report recommends that IC elements consider a set of procedural and substantive issues, including those listed below:[44]

These are certainly laudable goals, and hopefully ODNI will build off these processes. Ultimately, though, more internal IC processes only go so far. Therefore, Congress should use this framework as a roadmap to establish the scope of—and safeguards for—government data purchases.

For example, while it certainly should be the case that VPS assessments are made prior to acquisition, that is also the case with Privacy Impact Assessments (PIAs), but agencies regularly ignore or delay their obligation to conduct a PIA until well after a program has been implemented. Similarly, requiring the involvement of all relevant parties should be a no-brainer, it’s vital that review mechanisms—whether individual privacy and civil liberties officers or boards like at Treasury or DHS—have sufficient power to act as a meaningful check on CAI acquisitions.

As noted above, Congress has a key role to play in aligning key definitions like sensitive data and de-identified or anonymized data. Congress has an opportunity to bring CAI acquisitions into line with constitutional protections, including by prohibiting the acquisition of Fourth Amendment protected information like location information and internet records. Given its particularly intrusive nature, Congress should also ban bulk collection of Americans’ records. Finally, in addition to resolving these foundational scoping issues, Congress can—and should—mandate the establishment of minimization procedures, including reasonable retention limits, documentation requirements, and limits on searching for information about people in the United States.

Conclusion

The ODNI report confirms what privacy and civil liberties groups have feared for years—that the government continues to evade constitutional protections by purchasing Americans’ data, and that it does so with no safeguards in place. DNI Avril Haines, in a statement to Vox after the report’s release, said ODNI is working on implementing the report’s recommendations and plans to release as much of that framework as possible. ODNI’s continued transparency and commitment to implementing at least some of these recommendations is commendable. However, these recommendations only address part of the government’s data purchases and—given that they are non-binding in nature—do not require any particular safeguards. Therefore, key questions remain about how far the IC is willing to go in implementing strong privacy protections and, given its reluctance to do so in other contexts, hopes should not be too high.

Ultimately, it is up to Congress to protect Americans from warrantless government surveillance. The Davidson-Jacobs NDAA amendment is a clear sign that there is bipartisan appetite for strong reform, and only underscores the extent to which greater reform of the warrantless government surveillance ecosystem is needed this year.

---

[1] ODNI Senior Advisory Grp., Panel on Commercially Available Information, Report to the Dir. of Nat’l Intel. 21 (Jan. 27, 2022), available at https://www.dni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf [hereinafter ODNI SAG Report].

[2] Id.

[3] Id.

[4] Id. at 14.

[5] Id. at 12.

[6] Letter from ODNI Senior Advisory Grp. to Dir. of Nat’l Intel. Avril Haines 1 (Jan. 27, 2022), available at https://www.dni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf [hereinafter ODNI SAG Letter of Transmittal].

[7] ODNI SAG Report, at 15.

[8] Id. at 2.

[9] Fog Reveal has so far only been linked to state and local law enforcement, whose purchases are not within the scope of this report, but given FBI Director Christopher Wray’s admission that the FBI had purchased commercially available location data based on internet advertising, it is very likely that similar tools exist for consumption by IC elements. See Dell Cameron, The FBI Just Admitted It Bought US Location Data, Wired (Mar. 8, 2023), https://www.wired.com/story/fbi-purchase-location-data-wray-senate/.

[10] ODNI SAG Report, at 22.

[11] Id. at 1.

[12] Id.

[13] Id. at 2.

[14] ODNI SAG Letter of Transmittal, at 2.

[15] Id. at 7.

[16] Id. at 8.

[17] Id.

[18] Id.

[19] Id. at 9.

[20] Id. at 21.

[21] Id. It’s clear from the report that this lack of knowledge has hampered prior attempts at assessing the IC’s purchase of data—a prior data call from ODNI in early 2021 did not return comprehensive results, and the data call for the ODNI SAG report is based on just a sample of CAI acquisitions. Id. at 21.

[22] Id. at 22.

[23] Id.

[24] Id. at 16.

[25] Id.

[26] Unhelpfully, the agency with the “most mature set of standards and processes governing CAI” was entirely redacted. Id. at 26.

[27] Id. at 18.

[28] Id. at 23.

[29] Carpenter v. United States, 138 S. Ct. 2206, 2217 (2018) (quoting United States v. Jones, 565 U.S. 400, 415) (Sotomayor, J., concurring)).

[30] ODNI SAG Report, at 19.

[31] Id. at 1

[32] Id. at 35.

[33] Id.

[34] According to the report, among the issues that should be considered are: Mission analysis to identify need/value; Fit between mission and CAI data set; Proposed use; Vendor and data quality; Acquisition mechanics; Data security; Sensitivity and legal review; Auditing use of CAI; Periodic re-evaluation; and Other structural and procedural issues. Id. at 23–25.

[35] See id. at 23 (noting that these new standards and procedures can vary, “as long as they are consistent in principle”); id. at 21 (noting that an IC-wide cataloguing effort can help find and address any “[l]ogically inconsistent approaches to CAI”); id. at 26 (noting that “some” of the “considerable variation” in CAI approaches “makes sense” in light of varying use cases, and “much”—but not all—is “explainable in light of differences in historical experience with CAI”).

[36] See id. at 29–30 (discussing DIA’s approach).

[37] See id. at 31–33.

[38] Id. at 34.

[39] Id. at 34.

[40] Id. at 19.

[41] Id. at 25.

[42] Id. at 25–26.

[43] ODNI SAG Letter of Transmittal,at 2. The report also recommends that the IC develop more specific guidance for emerging CAI, such as “social media, biometrics, augmented reality/virtual reality, and the Internet of Things. ODNI SAG Report, at 35.

[44] ODNI SAG Report, at 27–29.