(The Center Square) – A Congressional hearing asking “Who’s selling your data?” took place in the Subcommittee on Oversight & Investigations, where Congresswoman Cathy McMorris Rodgers delivered her opening remarks calling for new laws to protect Americans from data brokers and stricter penalties for data breaches.
“We need a national data privacy standard that changes the status quo and ensures Americans regain control of their personal information,” said McMorris Rodgers, “Right now, there are no robust protections and current privacy laws are inadequate, leaving Americans vulnerable.”
“Congress has to act to protect us from data brokers because we individuals cannot do it ourselves,” said Moy, “Eighty-one percent of adults now say they have little or no control over the data collected about them by companies.”
Moy went further, addressing Americans’ vulnerability not just to corporate interests but to state actors.
“Law enforcement agencies sometimes turn to data brokers to make an end run around the fourth amendment, one of our most fundamental civil liberties, purchasing information that they wouldn’t be able to get through lawful order,” she continued before going on to point out the IRS has been purchasing large amounts of location data on American citizens, as well as one particular data broker “who claimed to have data on more than 250 million devices was selling to nearly two dozen [government] agencies.”
The Center Square previously reported on a similar type of data brokering when speaking with Professor Mark Hallenbeck, Director of the Washington State Transportation Center at the University of Washington, who is currently working on a report for the Washington State Legislature studying toll equity across income brackets.
Per RCW 47.56.795(b), “records identifying a specific instance of travel prepared under this chapter are for the exclusive use of the tolling agency for toll collection and enforcement purposes and are not open to the public,” which meant Hallenbeck had an anonymized set of toll data, but the law prohibited the state from sharing who that data belonged to.
Private data brokers or, as Hallenbeck put it, “apps on people’s phones.”
Through these brokers, Hallenbeck could legally purchase cell phone location data in the regions being tolled.
Armed with this new data, combined with the tolling data from the state and a statistical method called ecological inference, Hallenbeck was able to assign each of those anonymized toll trips a starting location, an ending location, and an income bracket to a very high degree of statistical significance.
“We work incredibly hard to make sure we can’t identify individuals in the dataset,” said Hallenbeck via phone to The Center Square.
Of course, this is all adults with drivers licenses who have willingly granted permission to apps on their phones to collect this data. What about cases of youth, the elderly, or fraud, where people hand over data unwittingly?
Marshall Erwin, Fellow at the Center for Internet and Society at Stanford Law and Chief Security Officer at Mozilla, author of the popular Firefox Web Browser, addressed this in his testimony to the committee.
“Once a consumer has been tricked into handing over their data there’s nothing [we] can do,” said Erwin, speaking about software like web browsers protecting consumers, adding “We can’t solve every problem with a technical fix.”
“Unfortunately, the privacy regulation has not kept up with this progress, and it’s time for federal policy to step in and protect consumers,” said Erwin near the close of his statement to the committee.