It’s shockingly easy to buy sensitive data about US military personnel

November 21, 2023

new report exposes the privacy and national security concerns created by data brokers. US senators tell MIT Technology Review the industry needs to be regulated.


data brokers in the US are selling sensitive private data about active-duty military members and veterans, including their names, home addresses, geolocation, net worth, and religion, and information about their children and health conditions.

In a unsettling study published on Monday, researchers from Duke University approached 12 data brokers in the US and asked what would be necessary to buy this kind of information; they ultimately purchased thousands of records about American service members, finding that many brokers offered to sell the data with minimal vetting and were willing to deal with buyers using email domains based in both the US and Asia.

The year-long study, which was funded in part by the US Military Academy at West Point, highlights the extreme privacy and national security risks created by data brokers. These companies are part of a shadowy multibillion-dollar industry that collects, aggregates, buys, and sells data, practices that are currently legal in the US. Many brokers advertise that they have hundreds of individual data points on each person in their database, and the industry has been criticized for exacerbating the erosion of personal and consumer privacy.

The researchers say they were “shocked” at the ease with which they were able to obtain highly sensitive data about members of the military. “In practice, it seems as though anyone with an email address, a bank account, and a few hundred dollars could acquire the same type of data that we did,” Hayley Barton, a coauthor of the study and a graduate student researcher, says.

The authors hope the study serves as a warning to US lawmakers and are calling on Congress to pass a comprehensive privacy law that restricts the data broker industry.

“What we really need is regulation of this ecosystem,” the report’s lead author, privacy researcher Justin Sherman, says. “At the end of the day, this is a congressional problem—because we need new legal authorities to deal with these risks, and regulatory agencies need more resources.”