Tech

Feds label Big Data ‘security threat,’ expand data programs anyway

Daily Caller News Foundation logo
Brendan Bordelon Contributor
Font Size:

While the government assures Americans that the mountains of personal data it’s amassing are safe from internal abuse and outside tampering, the Pentagon’s research wing is raising the alarm over the threat metadata represents to privacy and national security.

Foreign Policy writes that the Defense Advanced Research Projects Agency, or DARPA, recently released a request for researchers to examine whether aggregations of public data available online constitute “a national security threat.”

The researchers are also tasked with developing “tools for the rapid anonymization and de-anonymization of data sources,” along with technologies designed to assess the national security impact of public data and defend against its use by hostile actors.

DARPA says it’s concerned that the aggregation of public data into a few vulnerable electronic storage spaces could “provide a determined adversary with the tools necessary to inflict nation-state level damage.”

Despite the surveillance scandals now sweeping Washington, DARPA claims that a 2009 Netflix contest was the impetus for their new focus on metadata security.

Netflix provided interested researchers with data on consumer preferences that was supposedly “anonymized” and untraceable back to the individual in question. “An unintended consequence of the Netflix Challenge,” DARPA writes, “was the discovery that it was possible to de-anonymize the entire contest data set with very little additional data.” After two researchers proved how easily the data could be traced back to its owners, one woman sued Netflix for a breach of privacy.

Many federal agencies are now mining and storing massive quantities of “anonymized” personal data through various government programs.

The National Security Agency’s collection of “anonymized” cellphone metadata from Verizon and other carriers is perhaps the most high-profile, but the Consumer Financial Protection Bureau and the Centers for Medicare and Medicaid Services are also enacting programs that store huge amounts of private information under one virtual roof.

The Daily Caller News Foundation reported that the CFPB is collecting data on millions of Americans’ financial transactions, including monthly credit card data with the individual’s age, postal code and census block identifier attached. Deputy Director Steve Antonakes told Congress in July that “the vast majority of the data we collect is anonymized.”

But DARPA isn’t the only one worried that “anonymized” doesn’t necessarily mean safe. “‘Anonymized’ itself is a weasel word,” said CFPB expert John Berlau during an interview with The Daily Caller News Foundation.

“It’s not ‘anonymous,’ it’s ‘anonymized,’ so how exactly is it anonymized? There are basic questions that they haven’t answered,” he said.

“We don’t know how secure or what safeguards the CFPB is taking because they haven’t told us,” he continued, pointing out a letter from Idaho Republican Sen. Mike Crapo that asks the Government Accountability Office to investigate how the data is secured.

A March report from the Federal Reserve’s Inspector General found that at least one CFPB database insufficiently protected private consumer data.

Meanwhile, CMS continues to aggregate mounds of private information from seven different agencies into a single “data services hub,” a new computer system designed to support and enact various portions of Obamacare.

Experts have called the data hub the “largest consolidation of personal information in the history of the republic,” and warn that the information it contains will be vulnerable to hackers.

Pennsylvania Republican Rep. Pat Meehan previously told TheDCNF that the database “was created by people who are just trying to effect the Affordable Care Act. They’re not addressing what’s happening every day with cyber intrusions.”

The Obama administration is on a fast-approaching October 1 deadline to complete the hub, and a memo released by the HHS Inspector General concedes that the creation of adequate privacy safeguards is running behind schedule.

“CMS is working with very tight deadlines,” it notes. “If there are additional delays in completing the security assessment and testing, CMS may have limited information on the security risks and controls before the exchanges open.”

DARPA’s focus is on the security of private data hubs instead of public ones, but even here government influence predominates. One of the data collections deemed a potential security risk is Amazon EC2, a cloud service the CIA wants to use to create a $600 million data cloud for American intelligence services.

DARPA will begin accepting proposals on how to secure and anonymize massive private databases starting August 26.

Follow Brendan on Twitter

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.