Data Gathering 'A Security Threat'

John Lister's picture

A former diplomat says the amount of data shared and sold in the US puts the country at security risk. Karen Kornbluh said businesses gathering data on a large scale created a "national security loophole."

She also points to a recent warning that China was attempting to gather data, both legally and illegally, about US citizens' health. The country is thought to be looking for blackmail material, for example on people in positions of power who have been treated for mental illness or embarrassing physical complaints. (Source: dni.gov)

Kornbluh previously held senior roles at the Federal Communications Commission (FCC) and was US ambassador to the Organization for Economic Co-operation and Development. She was speaking at a Federal Trade Commission hearing into commercial surveillance and data gathering. (Source: theregister.com)

Data Sold Or Stolen

According to Kornbluh, US businesses gathering data and using tracking software on individuals isn't just a threat to people's privacy. She says it's a threat to US security.

Her argument is that there's a double risk with such large scale gathering. Firstly, when businesses collect and sell data, there's no guarantee it won't be bought or passed on to foreign governments.

Secondly, there's a risk that businesses which store data won't adequately secure it, leading to it being stolen in a cyber security breach. Often the most sophisticated attacks come from hackers which have the financial backing and resources of a foreign government.

Sensitive Data 'Should Be Deleted'

Kornbluh made three suggestions for regulators such as the FTC to reduce risk among business that collect data. The first is a series of extra checks by businesses before sharing or selling data.

The second is a legal change that means anyone who buys or receives data should be under the same legal responsibilities to protect it as the organization that originally collected the data. This would include making sure it isn't passed on again to anyone inappropriate or who poses a security risk.

The third suggested change is a legal principle that any sensitive data be deleted immediately after use, even where the user consented to the data collection. That would reduce the chance of it being passed on by mistake or stolen in a breach.

What's Your Opinion?

Do you share Kornbluh's views? Should the US have tighter rules on data protection? Do you feel you can make informed choices about providing personal data to businesses?

Rate this article: 
Average: 4.4 (7 votes)