Summary: President Joe Biden on Wednesday signed an executive order that aims to protect Americans’ sensitive data by limiting its large-scale transfer to “countries of concern,” including Russia and China. Comments below from a Duke University expert are available for use in your coverage.
Justin Sherman
Quotes:
“A single executive order isn’t going to address all of the risks posed by data brokerage — far from it. That’s the role of congressional and state legislation,” says Justin Sherman, a senior fellow at Duke University’s Sanford School of Public Policy, where he leads its data brokerage research project. “But introducing some regulations to tackle the low-hanging fruit of the problem, where foreign adversaries can quickly and easily access sensitive personal data, will absolutely improve on the status quo of data sales.”
“The multi-billion-dollar data brokerage ecosystem is composed of thousands of companies gathering, analyzing and selling people’s data. In addition to risks to consumer privacy, personal safety, and civil rights and freedoms, the highly unregulated industry also poses risks to national security.”
“Our major study last fall made this clear. Our Duke team purchased individually identified health conditions, financial data, and even information on religion and children about active-duty military personnel, from US data brokers with little to no vetting for as cheap as 12 cents a service member.”
“Unlike academic researchers, intelligence agencies in China and Russia have no IRB process and can lie and deceive all they want. It would be child’s play for a foreign government to tap into the data brokerage ecosystem to buy data on U.S. government employees or military personnel, getting access to highly sensitive, individually identified, and pre-packaged data that they may not be able to get by breaking into a government database.”
“In the coming months, key details of these regulations will include how terms like ‘data broker’ are defined, what kinds of controls and best practices might be required for data brokers to ‘know their customers,’ and how the U.S. government plans to enforce these regulations given the scale and speed of the data broker market.”
Bio:
Justin Sherman is a senior fellow at Duke University’s Sanford School of Public Policy, where he leads its data brokerage research project. He is the founder and CEO of Global Cyber Strategies, a Washington, DC-based research and advisory firm. Sherman has testified before Congress as an expert witness on the sale of Americans’ sensitive data by brokers and the need for legislative action.
For additional comment, contact Justin Sherman at:
justin.sherman@duke.edu
—
Media Contact
Steve Hartsoe
steve.hartsoe@duke.edu