Data on active-duty servicemembers is a available for purchase online, report says

A new report found that it is easy to find personal data on U.S. military servicemembers available for purchase online, costing as low as 1 cent to obtain select records through data brokers.

Conducted by researchers at Duke University, the study Data Brokers and the Sale of Data on U.S. Military Personnel examined the availability of sensitive U.S. military personnel data, including names, home addresses, emails and specific branch information being sold on third party data broker platforms.

After scraping hundreds of data broker sites and purchasing the data for sale from other brokers, researchers explored how freely available military service information could pose national security threats.

Researchers found only minimal identity verification protocols when buying potentially sensitive data online. 

“We found a lack of robust controls when asking some data brokers about buying data on the U.S. military and when actually purchasing data from some data brokers, such as identity verification, background checks or detective controls to ascertain our intended uses for the purchased data,” the report reads. 

Researchers were able to purchase demographic characteristics including religious practices, health information and financial data of thousands of both active-duty members and veterans. Some datasets available for sale were so specific that they could list the office of service, such as the U.S. Marine Corps and Pentagon Force Protection Agency. 

While the U.S. has grappled with the absence of federal law governing data broker practices, the report places unregulated data sales online into a national security context. 

“The inconsistencies of controls when purchasing sensitive, non-public, individually identified data about active-duty members of the military and veterans extends to situations in which data brokers are selling to customers who are outside of the United States,” the report reads. 

The report concluded with policy recommendations focused on passing legislation that would bring regulatory guardrails to online user data privacy. 

Despite multiple efforts, Congress has still not managed to pass a national data privacy law. Lawmakers chimed in following the release of the report, with Sen. Ron Wyden, D-Ore., reiterating the call for comprehensive privacy legislation.

“The researchers findings should be a sobering wake-up call for policy makers that the data broker industry is out of control and poses a serious threat to U.S. national security,” Wyden said in an emailed statement to Nextgov/FCW. “As I have been warning for years, consumer privacy is a national security issue. The United States needs a comprehensive solution to protect Americans’ data from unfriendly nations rather than focusing on ineffective Band-Aids like banning TikTok.”

On the House side, Rep. Frank Pallone, D-N.J., echoed Wyden’s national security concerns.

“These findings are yet another terrible example of the harms posed by the data broker industry and underscore the need to pass comprehensive national privacy legislation and regulate data brokers,” Pallone said in a statement. “Congress needs to pass legislation that minimizes the amount of information that can be collected on Americans, cracks down on the abuses of data brokers and provides consumers with the tools they need to protect their information.”