On Point: Q&A With Maj. Jessica Dawson

Can you define “commercial surveillance economy”?

That means the modern economy is propped up by, and largely riding on, surveillance.

Google figured out how to use search information to serve ads, which, in theory, isn’t necessarily bad. But it gets more invasive when they—and this is not just Google—start tracking everything about you.

This isn’t just about sneakers. This is about your medical information, your mental health information, your kids’ mental health information, your kids’ medical information, private things that are none of anybody’s business.

Why is that an Army challenge?

There’s no entity in the Defense Department that has a defense on this because of authorities—with very legitimate reasons. The federal government entities with authorities typically only deal with this in terms of crime or critical infrastructure. No one is responsible for protecting individuals from massive data collection.

We’ve never had a problem at scale like this where you can target hundreds, if not thousands of people, instantly. It’s very easy in any ad platform to draw a geofence around any installation. You want to target people 18 to 35 years old, probably male, and you’ve just found an audience of military personnel to target for fraud, for crappy consumer loans, for wellness products that may or may not be healthy.

And you can use this from a counterintelligence perspective. Just look at traffic patterns around installations. When there’s an influx of traffic at a weird time, that’s an indicator that something’s going on. Trying to launch the 82nd Airborne Division is an example.

How can Russia or China use this data?

Look at the Senate intelligence report on influencing. Look at the reports of Russia stirring up protests in 2016. They’d stir up protests on one side, and then serve up a counter protest on the other to try to get folks to show up at the same time.

And they’ve targeted messages to Ukrainian soldiers?

Yep. They’ve tried to convince Ukrainian soldiers that their partners are back home cheating on them, and all that. You can imagine if you’re in a relationship where someone has been unfaithful, and maybe you’ve patched things up and are moving forward, picking the scab off that wound while you’re deployed, already in a high-stress situation. It could have real impacts.

How does ACI help?

We’ve been building case studies that identify specific examples. We funded research with Duke University last year. They published a report on how they were able to buy identified data—name, address, phone number, medical conditions, religious preferences, political preferences—on military members. They were able to buy this data posing as a domestic company and as a foreign company, with very little to no oversight, with almost half of the brokers they approached.

Should the Army have a digital force protection strategy?

Obviously, I think so, but the authorities get real tricky, real fast. I’ve never found a historic analog where we’ve tried to protect military personnel from commercial entities. That’s the big challenge: we’re not trying to protect necessarily from foreign companies. These are domestic entities doing this, and it’s not illegal in most cases.

What can be done?

This problem is going to require national privacy legislation.

I can just speak to how I try to manage this. I signed up for the identity monitoring from the [Office of Personnel Management] hack. We just discovered that my youngest daughter’s social security number is being used by someone in California, so after I get off this phone call, I’m on my way to the police and AT&T to figure out what we do about that.

This column has been edited for concision and clarity.