Georgetown Law
Technology Review

The first panel of The Georgetown Law Technology Review’s 2022 symposium, “The Impact of Public-Private Data Sharing on Law Enforcement,” addressed an increasingly relevant question in today’s information economy: what should be done about U.S. law enforcement agencies that skirt government surveillance rules by accessing personal data through third-party brokers?

Professor Sarah Lamdan from the CUNY School of Law began the conversation, noting that law enforcement agencies have been turning to data brokers for decades. Acting as “the middlemen of surveillance capitalism,” data brokers are private firms that collect, purchase, and sell information about individuals. As a solution to this troubling trend of public-private data sharing, Lamdan proposed updating the Privacy Act of 1947. Originally enacted to restore trust in government after the Watergate and Counterintelligence Program (COINTELPRO) scandals, the Act outlines requirements for the notice, consent, collection and use of data records  with which law enforcement must comply. In order to circumvent these rules, law enforcement often outsources the operation of data systems to third-party brokers instead of running their own systems. Lamdan argued that the Act should be revised to cover brokers that collect and sell data dossiers and companies that sell predictive and prescriptive analytics capabilities. Extending the reach to cover such vendors would improve transparency and due process in data-sharing.

Julie Mao, Co-Founder and Deputy Director of Just Futures Law, continued the conversation by explaining the role that tech companies play in the deportation regime executed by the Immigration and Customs Enforcement (ICE). In her view, data brokers, analytics firms, biometrics, and cloud storage providers all contribute to ICE’s surveillance apparatus.  These vendors have begun buying data from private companies and then reselling it to ICE.  Mao argued that this puts us “in a constitutional no man’s land,” and stressed the importance of federal and state regulation to combat this trend. To illustrate this, Mao pointed to a recent news story about a nationwide group of utility companies that shared their consumers’ data to Equifax, which then sold it to large data brokers like LexisNexis and Thompson Reuters. ICE was buying the data from these brokers until the practice was discovered and blocked two months ago. Stories like these should urge consumers to organize and hold these companies accountable for their practices.

Next, Professor Rebecca Wexler from UC Berkeley described what she calls “ignorance-based secrecy”: secrecy from the public around data-gathering that exists because of government ignorance, rather than in spite of it. An example of this is when law enforcement routinely purchases surveillance data from private companies without knowing how their algorithms work or the codes used to parse through and analyze the data to generate predictions. This enables law enforcement to surveil people without knowing if the underlying methods violate the Fourth Amendment or the Brady Rule. Wexler warned that by purposefully obtaining less information instead of more, state actors will continue to circumvent civil liberties protections.

In the Q&A that followed, each panelist elaborated on her arguments and reiterated that legislative and regulatory reform is necessary. Professor Laura Moy (Georgetown University Law Center), moderator of the discussion, concluded the session by suggesting that the data brokers—and their surveillance products and services—are influencing the direction law enforcement takes in policing strategies and in deciding which crimes they choose to investigate. The panelists also noted that law enforcement’s willingness to spend its budget on private data sharing schemes—which in turn feed tech companies’ profit-driven motivations—together lead to a destructive feedback loop that harms citizens’ privacy interests. As Professor Lamdan put it, “private companies may be the tail that is wagging the dog.”.

As long as personal data is treated as a valuable commodity to be bought and sold, and as long as there are private entities that are happy to fill law enforcement’s demand for surveillance products and services, the problem will naturally sustain itself in the information economy. Effective government intervention, as championed by the panelists and other privacy scholars, seems urgently needed. Professor Lamdan’s suggestion to extend the reach of the Privacy Act is especially appealing because it doesn’t involve creating a statute or regulation from scratch—the accountability measures currently imposed on government agencies would transfer over to their vendors and contractors. Expanding the sphere of responsibility to encompass third-party data brokers would not only increase transparency into data sharing agreements and force law enforcement to abandon the kind of ignorance-based secrecy described by Professor Wexler, but also slow down agencies’ use of such vendors due to increased liability risk.

The panelists’ discussion highlighted both a troubling problem and a reason for optimism: while there’s much work to be done to safeguard data privacy in the age of surveillance capitalism, existing mechanisms can be updated to serve as effective interventions in the area of public-private data sharing between law enforcement and data brokers.