Data collection, private corporations, Russian hacking, national security, Russian espionage | Homeland Security Newswire

Considered opinion: Data & national securityCorporate data collection and U.S. national security: Expanding the conversation in an era of nation state cyber aggression

By Carrie Cordero

Published 4 June 2018

What has the Russia investigation revealed about risks inherent in mass private data collection? Carrie Cordero writes that one thing we learned from the Russia investigation is that we may be framing the conversation about corporate data collection too narrowly. “Based on what we have learned publicly so far about the Russian election interference, it is worth pausing to reflect on the national security implications of corporate data collection and aggregation as it relates to the collection of individual, private citizens’ data,” she says. “Although the Senate Select Committee on Intelligence (SSCI) and special counsel investigations are not yet complete, we know enough already about Russia’s interference in the 2016 election to understand that data collected from private companies and organizations can be accessed, exposed and potentially misused in a way that is harmful to the country’s institutional stability. At the very least, its misuse sows distrust and confusion. At worst, it shreds the institutional and societal fabric that holds the country together.”

What has the Russia investigation revealed about risks inherent in mass private data collection?

In remarks delivered at the Georgetown Law Cybersecurity Law Institute luncheon on 24 May 2018, Carrie Cordero, an adjunct professor at Georgetown Law, where she previously served as Director of National Security Studies, said that one thing we learned from the Russia investigation is that we may be framing the conversation about corporate data collection too narrowly.

Cordero, who spent the first part of her career in public service — including as Counsel to the Assistant Attorney General for National Security; Senior Associate General Counsel at the Office of the Director of National Intelligence; Attorney Advisor at the Department of Justice, where she practiced before the Foreign Intelligence Surveillance Court; and Special Assistant United States Attorney – noted that, “Traditionally, concerns about corporate data collection have been viewed through the lens of consumer privacy. Meanwhile, concerns about government surveillance have focused on the threats posed to privacy and civil liberties and protection from government overreach. But the 2016 election suggests that we should think more seriously about the national-security consequences of corporate data collection, as well.”

Cordero adds: “Based on what we have learned publicly so far about the Russian election interference, it is worth pausing to reflect on the national security implications of corporate data collection and aggregation as it relates to the collection of individual, private citizens’ data. My goal here is to weave together some themes that are playing out in our public debates over surveillance, cybersecurity, privacy, and, the ongoing investigation into Russian interference in the 2016 election. Recent events should push us to consider more carefully how data of and about individual persons, by the private sector, may constitute a collective national security threat.”