In this blog, Sara Carlson, Senior Corporate Counsel at Fivecast, explores the nuances of Publicly and Commercially Available Information (PAI and CAI). With extensive legal expertise in defense and national security law, Sara provides insights into the legal factors influencing OSINT.
The shift from paper to Digital
When everyday questions arise, most of us reach into our pockets and pull out our smart phones to search for the answers. What restaurant near me is open for lunch? What is the public bus schedule in my neighborhood? How do I get to the airport? Phonebooks and paper maps continue to become relics of the past as technology provides instant results from the convenience of your pocket instead of a desk drawer at home.
digital trails
When we use our smart phones to search for publicly available information (PAI), we leave a digital “trail” behind which informs how businesses and marketing companies send information and advertisements back to our devices. Consumers of digital devices such as smart phones often grant permission for the collection and use of “their” data as a condition to use the device or the application. Commercial vendors, sometimes referred to as data brokers, collect and sell this commercially available information (CAI) for profit often without the consumer ever knowing. All of this digital activity creates bits of data which, when aggregated, paint very informative pictures of who we are, what interests we have, how we think about the world around us, where we travel, and how we live our lives.
The Value of data: commercial advantage or foreign intelligence threat?
Who is using consumers’ data and what pictures are they painting? At a very basic and purely commercial level, commercial entities leverage these data trails to identify products you are interested in and locations you visit so they can tailor the advertisements they send back to your device. At a more sophisticated and nefarious level, foreign adversaries use this information to conduct foreign intelligence activities. These activities include identifying and targeting individuals to feed disinformation intended to sway public opinion, influence elections, and generally interfere with our domestic democratic processes. When our adversaries use publicly available information (PAI) to know how we think and then shape information in a way that appeals to us but benefits them, the power of open-source intelligence (OSINT) becomes very real.
The Value of modern osint tools
The value of this information extends far beyond the modern conveniences we enjoy every day. In the current strategy for the U.S. Intelligence Community (IC), Open Source Intelligence (OSINT) is defined as “intelligence derived exclusively from publicly or commercially available information that addresses specific intelligence priorities, requirements, or gaps.” Traditional OSINT often included researching printed news articles and books at the speed of a human analyst. As technology has continued to evolve, OSINT has as well. The massive amount of publicly available information in the digital ecosystem continues to grow exponentially making it physically impossible for a human being to manually identify, review, and interpret all of it. With the evolution of artificial intelligence (AI) and machine learning (ML), not only is identifying, reviewing and interpreting this data possible but relying on this vast data trove to inform and focus exquisite collection capabilities is the new normal in intelligence activities.
Request the privacy & compliance solution brief
the low barrier of entry for osint
With the advancement of AI/ML, the barrier to entry to conduct OSINT by collecting and understanding publicly available information is incredibly low in comparison to exquisite intelligence collection methods that involve expensive technology like satellites and sensors. Additionally, collecting and understanding PAI is significantly faster than time consuming and tightly controlled human intelligence networks. Because it is comparatively inexpensive, fast, and so much data exists, our adversaries actively conduct OSINT activities against us. If our adversaries are paying close attention to this information and using it to do things like covertly manipulate our citizens, it makes logical sense that those with the mission to protect and defend our nation should also understand the vast troves of data and how it is being used against us. However, hesitation to maximize the intelligence value of this domestic data exists throughout many organizations in the government.
balancing national security and privacy
To better understand what is driving this hesitation, we have to understand the historical backdrop and legal framework that exists to protect our citizens from overreach by their own government and we should also understand what, if any, legal limitations exist to protect our citizens from our adversaries. Legislation and national policy efforts run the gamut and range from overarching data privacy regimes to limitations on the use of artificial intelligence when analyzing vast amounts of data. To learn more about the legal and policy frameworks guiding government activities and understand how they work for or against government’s ability to leverage the vast information that is publicly or commercially available request our industry brief.
