Prohibit Governmental Purchase of User Data and Private Information from Third Parties

Purpose: This policy aims to protect the privacy rights of individuals by prohibiting government entities from purchasing user data or private information from third-party vendors. This includes data such as location tracking, internet browsing history, social media information, biometric data, and financial transactions. By curbing government access to third-party-purchased personal information, this policy reinforces the necessity of due process and limits surveillance without appropriate judicial oversight.

Background: Government agencies have increasingly relied on private data brokers to obtain personal information about citizens without a warrant, often bypassing legal requirements for due process and judicial authorization. This practice allows governmental entities to acquire vast amounts of sensitive information, including location and online behavior, that would otherwise require substantial legal justification to obtain. It presents serious privacy concerns, undermines public trust, and circumvents Fourth Amendment protections against unreasonable searches and seizures.

This policy addresses these issues by strictly limiting government access to third-party-sourced personal data, thereby reinforcing constitutional rights and establishing transparency in data acquisition practices.

Key Objectives:

  1. Prohibit Government Access to Purchased Personal Data:
  • Enact a blanket ban on all federal, state, and local government agencies’ purchase of personal data from third-party vendors without a judicially authorized warrant.
  • Restrict access to only publicly available information that is legally obtainable by all citizens, ensuring that government entities do not have broader data access than the public.
  1. Require Judicial Oversight for Any Data Access:
  • Mandate that any government access to personal data, particularly from private sources, be approved by a court of law.
  • Ensure that this oversight applies regardless of the intended use or the sensitivity of the data, reinforcing due process protections.
  1. Define Scope of Restricted Data:
  • Clarify that restricted data includes, but is not limited to, personal identifiers, location data, internet and communication metadata, purchase histories, biometric data, and social media activity.
  • Regularly review and update the types of data covered to reflect advancements in technology and emerging categories of personal information.
  1. Introduce Transparency and Public Reporting Requirements:
  • Require annual reporting on government data acquisition methods, detailing any exemptions to the policy, such as for national security purposes with appropriate judicial authorization.
  • Establish a public audit mechanism that allows citizens to review government compliance with this policy, maintaining transparency and accountability.
  1. Enforce Strong Penalties for Non-Compliance:
  • Impose strict penalties for government agencies or contractors found in violation of the policy, including fines, loss of budget allocations, and, for repeat offenses, disqualification from certain types of federal grants or contracts.
  • Hold accountable any private third-party data brokers that facilitate unauthorized government purchases, subjecting them to penalties for enabling government circumvention of due process.
8 Likes

Once we can do the same with China, Russia, Iran, and N. Korea, then we need to follow suite. Until then, nope. they need to have access to same information as those nations that seek to harm us and we can not touch except by war.

I’m not sure what you mean; can you expand on your comment?

1 Like

A site we can check to see who has been looking at us, to make sure no one as been spying.

Right now, the data that Intelligence buys is being bought by China, Russia, Iran and N. Korea. They put up companies that buy it and then turn it over to their governments.
As such, I do not want to handicap our intelligence against theirs.

What is needed is to focus on the companies that collect it AND SELL IT.
Used to be that Google never sold individuals data. Instead, you bought access to individuals that matched what you were looking for. Sadly, Under Pechei, Google now sells individuals data.

1 Like

Thanks for the clarification; I have other policy suggestions that address that. see Restricting Cross-Border Data Transfer and Storage of User Data OR Proposal to Affirm the Right to Privacy as Including the Right to Anonymity

but you’re right, due to our existing structure, just about anyone in the world can start a data brokerage company in the US and send it all back to their country. We can’t stop the formation of companies; but we can keep our data on shore. To me, offshoring data and gov’t purchases are separate topics, so I’ve created separate suggestions.

3 Likes

Lets do 1 better, a digital bill of rights, your data is private and many not be sold under any circumstance’s. I know this will destroy digital advertising, IDGAF

2 Likes

that is the most ideal option, for sure.

The right way to do this, is to secure our communications.
We need x.509 Digital Certs so that we can secure our communications as well as being able to vet others on social media if they wish to communicate securely (so that you are not phished).

How would you go about doing that?

1 Like

Oh yeah

Ironically, I just promoted Estonia on a blockchain policy less than an hour ago. Obviously I don’t understand the network protocols enough, but I like the idea of the transparency. I’m still wary of the privacy implications. I dont plan on getting a REAL ID, and I’m convinced theres a 9th amendment argument against drivers licenses. I’m open to being proven wrong however. I’m also not convinced the Founders would advocate for any national identification system, including the ones we currently have. That said, any system that removes power from the government and back to the people, in this case transparent blockchain systems, I’ll vote for as long as it can guarantee privacy and individual liberty.

Sigh.
First off, Estonia does not use blockchain for security or ID. They are handing out VETTED X.509 D.C. to citizens, businesses AND even visitors. YOU AND I can get these as well. It will let us communicate SECURELY with businesses and locals without having regular crackers, Russia, China, N. Korea, Iran, in fact, most any government crack your communication. With this, there are 2 parts to a key: the private and public. You generate the key and give the public to the government, which creates a VETTED certificate or ideally a packet of certificates. This can be used to sign the communication, even though the msg is in clear-text. It is the equivalence of a signature.

You can even send it through a number of stamping sites so that it is the equivalence of a notary public.
https://freetsa.org/index_en.php

You can encrypt your message using the receiver’s public key. Then only they can decrypt it.

Now, some of the issues that ppl bring up. One of the first is they want anonymity while at the same time, they want to know who everybody else is so that cryptoattacks, email attacks, personal attacks, mis/dis-information can not happen. Do you see any issue here? With the above, I do not.

  1. there is no true anonymity on the Internet UNLESS you know what you are doing on the dark web. Most ppl on it are still be tracked. The ones who are not are government hacking groups, along with ‘professional’ hacking groups. It is possible to be truly anonymous there, but difficult. And simple VPNs will no longer cut it.

  2. If you obtain digital certs through any private means (ping, ID.me, etc), they want your ID. Front and back. And then they vet with your government. So now, you government, and at least 1 private company knows your ID. However, those private companies REGULARLY offshore the work, send it to crackers, or are not fully secured. IOW, your ID is stolen from these companies, REGULARLY. But it gets worse, many employees have sold that information to other companies and esp to foreign governments (china gets a lot this way). And of course, the companies sell them.
    This is why I suggest having DHS (for America) issue packet of DCs with our REAL ID, and then have up to 3 american-owned, secured companies acting as certificate authorities for these. You get to pick which one to go with, otherwise, it will be allocated to the 3.

  3. YOU had opportunity to create the public/private keys and keep your private key…private. Even from the feds.

So, lets see how this plays out.
If you want to send/receive authenticated and/or secured communication with someone/some business/some government entity, you can simply use your private key to sign and also give your information about your certificate. This works great not just for communication protocols, but also for vetting you at a web site. Website will have ability to set up however they want, just like they can choose to have https or http ( BTW, the S on https, etc, uses x.509 digital certificates for authentication and encryption ).
So, imagine that you go to Cnn or Fox and they want you to be able, but not required, to vet yourself. It does not mean that your name is displayed, but you might have multiple log-ons for different purposes. However, in order to post to me, or talk to me, I might require that you be vetted, or be a friend of a vetted, or even anonymous. If the first, then if I block vetted on account A, then all of their accounts are blocked. If logon is not vetted, then person can talk via other logons.
Where this is handy is when getting into sites with controversial conversations such as politics or where security is important, such as working on Open Source Software like Linux at kernel.org. For general BS, such as reddit/flying, or reddit/dad jokes/etc, I might let in anonymous so that I read it.

Interesting that you say that the 9th may preclude use of drivers license . I do not see how it can. Driving is a privilege, not a right.

Now, you say that you do not want REAL ID. That is your business.
BUT, you know that you can not fly starting next year (and this will not be extended due to terrorist issues from the open border). I am guessing that it will be extended to rail as well. More so, I suspect that Trump will end up requiring REAL ID not just for travel, but for jobs (with e-verify), home loans, rentals, etc, so as to run out and keep out, illegal aliens, and be able to track them, along with terrorists.

I am guessing that you have not traveled to dangerous undeveloped nations, been in the military or worked in intelligence. If you had done this, then you would understand that ALL nations, but esp. the west due to our openness, are under constant attack.

Thank you for explaining that so thoroughly and politely to us laypeople. Everyone that reads it will benefit. Addressing things I understand first; the first amendment protects freedom of movement, Shapiro V Thompson 1969, reiterated the right to travel as protected under the 14th amendments equal protection clause, the Due Process clause also protects individual liberty which includes freedom of movement and travel, additionaly, the lack of licensing and federal identification is deeply rooted in our nations history and tradition. The right to privacy was a result of a 9th amendment challenge to marital privacy and contraceptive use in Griswold v Connecticut in 1965 using the just about exact same arguments. Unfortunately there arent many 9th amendment challenges and most legal scholars dont take it seriously enough. You are free to assume all you want. I understand how paper thin our defences are and just how ridiculous the illusion of safety is we are all living in. As far as REALID, I have a passport, so a realid is redundant and less useful. I’m enjoying this conversation; I hope you are as well.

1 Like

LOL.
Yeah, that was a long reply. Sorry about it, but …

Interesting post.
I used to be Libertarian, which I am guessing that you are (I am now a GDI as in GD…Independent :slight_smile: ), and you sounds like a lawyer as well. I get all that, but guaranteeing right of movement does not give you right to fly, ride the rail, or even the roads.

If you have a valid passport, then you have already gone through REAL ID.
ALL passports since sometime in 00s are REAL IDed IOW, you were vetted in DHS.

BTW, I also think that states should require a REAL ID to vote, but also require voter registration to be updated by DHS upon updates to passport, drivers license, state ID, etc.

1 Like

Well, I dont believe the earth is flat or whatever fringe libertarians believe, but I do like porcupines. Right now I’m for whatever the founders intended for this country. As the supreme law of the land, the constitution and bill of rights have been wholly ignored for a very long time, and as a result we’ve created complex problems that never should have happened. The public private keys sound like a great idea; lets start pushing for it on here. I have a drivers license, but I disagree with you that i need permission from the government to travel freely on public roads or railcars- the method or mode of transportation shouldnt matter. Airlines are private, so they get a pass. If i own my own mode of transportation, then I should have no government requirements or permissions to travel. The passport is a better option than realid. You get more benefits from it. To me, the realid is just another layer of overcomplicated bureaucracy. Why wouldnt the govt just force everyone to get passports instead? People are now spending a whole lot of money just to be able to fly domestically that they couldve spent to fly globally. It doesnt make any sense to me. Although from a constitutional perspective, Im not sure if they could get away with that. Interesting.

This is a useful topic to build upon and refine as it touches upon a core problem as mentioned here in the Policy to Establish the Separation of the Corporatocracy and the State (Addressing Corporate Personhood)