Skip to Content
Policy

The US military’s privacy problem in three charts

Researchers were able to purchase all kinds of information about military members, from their net worth to their homeowner status. That’s a national security disaster.

November 13, 2023
soldiers in uniform packed into a shopping cart
Stephanie Arnett/MITTR | Getty, iStock, Envato

This article is from The Technocrat, MIT Technology Review's weekly tech policy newsletter about power, politics, and Silicon Valley. To receive it in your inbox every Friday, sign up here.

Highly personal and sensitive data about military members, such as home addresses, health and financial information, and the names of family members and friends, is easily accessible to anyone who wants to buy it. It’s for sale for as little as $0.12 per record by US-based data brokers. 

That’s the finding of a new report from Duke University researchers that shows how data brokers are selling this sort of information with minimal vetting to customers both domestically and overseas—creating major privacy and national security risks. I wrote about the report for a story this week. 

The research was concerning to members of Congress, including Senators Elizabeth Warren and Ron Wyden, who commented in the piece. Then on November 7, Senator John Cornyn cited my story in a hearing on the harms of social media.

If you want to learn more about the study and what it means for US national security, take a read through my piece.

But I want to give you a more in-depth sense of just what kinds of data is for sale by these brokers, as well as their economic model, using charts. (All charts are based on data provided by the Duke researchers and available in the report.)

First, take a look at just how personal the information is that the researchers were able to purchase—from people’s net worth to whether they have diabetes. The Duke team purchased a total of eight different data sets from three brokers (which they don’t identify by name in the report). The chart below is sorted by data set, and you can see that some information, like emails and home addresses, is widely accessible through multiple providers. I, for one, was surprised to see how frequently information about their children and homeowner status came up.

(If you click on the chart, you’ll be taken to interact with it and see more information about which data was given to buyers with emails both domestic and foreign.)

Another “concerning” finding, to use the lead researcher’s word, was the brokers’ willingness to sell this information to clients outside the US. The researchers, who were particularly interested in the national security risk created by the industry, set up an email address from a US-based domain, and one from an Asia-based domain, which they sent from an IP address in Singapore. As I detail in the story, these brokers conducted minimal vetting regardless of where the inquiry came from, and almost all of them ultimately provided many of the same types of information no matter the geographic source of the request.

Here, I’ve broken out what types of data were available based on the origin of the request. It's worth noting that these results are just a reflection of the data the researchers purchased and do not provide a comprehensive view of what the industry sells and to whom. That is to say, just because the researchers did not get health data when inquiring from an Asia-based domain doesn’t mean it’s not possible to purchase this data through other providers. Additionally, the specific fields do vary across the different categories.

The part of the report that was perhaps most astonishing to me concerns the economic model of the brokers, which incentivizes clients to buy in bulk and greatly erode people’s privacy. The more data someone purchases, the cheaper it gets. One broker sent pricing options to the researchers to demonstrate how this model works, which you can see in the graph below.

The data the Duke researchers purchased ranged from $0.12 to $0.32 per record—mere pennies to violate the privacy of US military members. 

As one of the report authors, Hayley Barton, told me, “In practice, it seems as though anyone with an email address, a bank account, and a few hundred dollars could acquire the same type of data that we did.”

What else I'm reading

  • This story about the changing trust and safety industry from Wired’s Vittoria Elliott was a great read! There have been a lot of changes to how Big Tech is approaching their own accountability mechanisms, and outsourcing seems to be the path of the future. 
  • Here’s a long, buckle-in read about Peter Thiel’s politics and his attempts to live forever, from Barton Gellman at the Atlantic. It’s a fascinating, and a tad excruciating, peek into the ego of one of tech’s overlords. 
  • New research from startup Vectra found that chatbots like ChatGPT make things up at least 3% of the time. As my colleague Melissa has reported, it’s important to remember that “predictive systems … are generating the most likely words, given your question and everything they’ve been trained on,” which clearly doesn’t make them accurate.

What I learned this week

What do some of the most brilliant people think the hardest problems are today, and what do they think we should do about them? MIT Technology Review queried scientists, journalists, politicians, entrepreneurs, activists, and CEOs like Bill Gates, Lina Khan, and Fei-Fei Li, and published a sample of the best responses as part of our magazine issue on hard problems. 

One of my favorite responses was from NYU professor and author Meredith Broussard, who said, “We should focus on problems of racism, sexism, and ableism—but we should not expect tech or technologists to deliver complete solutions. Computers are machines that do math—no more, no less.” 

Deep Dive

Policy

Is there anything more fascinating than a hidden world?

Some hidden worlds--whether in space, deep in the ocean, or in the form of waves or microbes--remain stubbornly unseen. Here's how technology is being used to reveal them.

A brief, weird history of brainwashing

L. Ron Hubbard, Operation Midnight Climax, and stochastic terrorism—the race for mind control changed America forever.

Africa’s push to regulate AI starts now        

AI is expanding across the continent and new policies are taking shape. But poor digital infrastructure and regulatory bottlenecks could slow adoption.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.