By Jim Harper

In a report for the cyber policy program at Duke University’s
Sanford School of Public Policy, analyst Justin Sherman writes that data
brokers “openly and explicitly” advertise their sale of data about US
individuals, including current and former members of the US military. In a write-up of the report on the Lawfare blog, Sherman calls
data brokering a “secretive industry.” Somehow, in both its openness and its
secrecy, the data brokering industry is in the wrong.

Is data brokering wrongful? Or might it have a place as an
information industry alongside credit reporting, which makes otherwise
worthless personal information valuable? The answer requires less implication
and more articulation than the report provides. Data brokering can gain
legitimacy by making sure its practices are aboveboard.

Something about the data brokering industry’s frankness
strikes Mr. Sherman. Eight times in 16 pages he describes data brokers as
“open” and “explicit” about what they sell. Wrongdoing happens in the shadows,
so remarking on their openness seems to suggest that data brokers, as
wrongdoers, are flaunting their activity contrary to type. Perhaps data brokers
are shockingly devoid of conscience. But maybe they regard their products and
services as legitimate and valuable. This would also be consistent with
openness.

The report surveys 10 major data brokers, cataloging in some
detail the personal information they sell. Their practice of selling such data,
it says, “Threatens civil rights, national security, and democracy.” The report
recommends that Congress create export control authorities aimed at limiting
the availability of data about US individuals to foreign governments and
non-state actors with ties to foreign intelligence and security agencies. The
report also argues that data brokerage should be a “central part” of “robust”
federal privacy legislation giving the Federal Trade Commission more authority
to investigate data brokers.

Quite a bit more is needed to justify these steps. The
threat to civil rights when data brokers help government agencies evade
restrictions on their access to data might be laid at the feet of those
selfsame agencies, for example. It is doubtful that generic information about
present or past military service is terribly useful to foreign enemies. If
information about particular dimensions of military service is both useful and
routinely brokered, one wonders why it is available to the data brokers in the
first place. And if data brokering allows foreign governments to microtarget
election disinformation, our fragile democracy might need shoring up
irrespective of the role data brokerage may have in disseminating information
more efficiently.

Efficiency belongs mostly on the “benefits” side of the
ledger. It is almost certainly true that data brokerage allows commercial
enterprises to reach potential customers more efficiently. That wrings expense
out of marketing systems and raises productivity, which increases returns to
shareholders while lowering prices to consumers. The dynamics are the same
whether marketers and sellers are foreign or domestic. What would we give up —
what would consumers give up — if these commercial benefits were cut off to
address trumped-up risks?

This is no argument that all is sweetness and light in data
brokering. The techniques by which data brokers acquire information are
particularly worthy of consideration — and of introspection on the part of
industry. Many systems, including smartphone apps, collect information and
place it into the brokered data “stream.” To the extent the data is wrongfully
collected through fraud, misrepresentation, unfair advantage, breach of
contract, and so on, data brokers should not acquire, use, or sell it. The
obligation is on them to know the full provenance of the data they have so they
do not profit from others’ misdeeds.

To this report’s credit, more people should know about data
brokering, the companies that do it, the data they have, and where it goes.
There are models — some good, some bad — for giving people greater control of
information about themselves. But data brokering can only be “open and
explicit” and “secretive” at the same time because it is unfamiliar. In this
sense, it is like credit reporting, which was a “shadowy” industry decades ago.
Today, much more than before, credit bureaus face
consumers and work
with them. But the defects in credit reporting have not been alleviated by 50
years under a consumer-protection regulation regime. That should
give pause to those arguing that administrative regulation would cure what ails
data brokering.

The post What if data brokers aren’t doing anything wrong? appeared first on American Enterprise Institute – AEI.