Fed, intel and military groups warn data broker practices may threaten national security
Vertigo3d/Getty Images
The groups wrote a letter concerning a CFPB rule, which is still in development, that would require certain data brokers to follow the Fair Credit Reporting Act.
A coalition of former officials and groups representing federal employees and military servicemembers is asking the Consumer Financial Protection Bureau to consider the national security implications of a rule it’s developing that would direct data brokers to comply with the Fair Credit Reporting Act, according to a letter sent Thursday.
The forthcoming rule — first floated in April by agency chief Rohit Chopra — was born out of an executive order signed by President Joe Biden this year, focused on preventing masses of Americans’ sensitive personal data from falling into the hands of foreign adversaries that could use it for intelligence collection or exploitation.
The rule would designate firms that sell certain types of peoples’ data under the definition of “consumer reporting agencies” which, in essence, would require them to comply with FCRA. The letter — undersigned by former intelligence officials and workforce orgs including the National Federation of Federal Employees — argues that CFPB needs to adequately address the national security risks tied to the collection, aggregation and sale of Americans’ personal data by data brokers.
The letter suggests that while the CFPB is focusing on consumer privacy and data protection, it may not be considering how these data practices also expose sensitive information about U.S. citizens — especially government employees, military personnel, and law enforcement — to exploitation by foreign adversaries.
“The sale of Americans’ financial data is particularly valuable to malicious actors, because it provides exploitable insights — that in some cases, are not found elsewhere — into personal debts, gambling problems, marital fissures, overseas bank accounts, and other sensitive matters that can be opportunities for blackmail, pressure, and recruitment, ” they write.
Myriad hacking incidents over the past decade have exposed the personal data of federal employees, military members and ordinary American citizens. A storied breach of the Office of Personnel Management that surfaced in 2015 helped galvanize attention to the issue after hackers pilfered data on millions of current and former federal workers.
A documented 2017 hack at Equifax also compromised the data on some 150 million Americans and received harsh congressional oversight. It was later attributed to Chinese nation-state operatives.
The Biden administration as part of its executive order is seeking to prohibit transactions that data brokers make to “countries of concern” on grounds that such data can be surreptitiously processed by foreign hackers or intelligence operatives, enabling myriad national security risks and exposing American citizens to surveillance, blackmail and other privacy violations. A sweeping DOJ rulemaking proposal tied to the EO was released last week.
“The national security risks posed by data brokers are a serious threat and the CFPB will soon be proposing rules to ensure Americans’ financial data and contact information are kept out of the hands of foreign governments (as well as hackers and scammers at home),” a CFPB spokesperson told Nextgov/FCW when asked about the letter.