Topic Guide
What Is Data brokers?
Data brokers is a subject covered in depth across 1 podcast episode in our database. Below you'll find key concepts, expert insights, and the top episodes to listen to β all distilled from hours of conversation by leading experts.
Key Concepts in Data brokers
Data broker
Companies that gather vast amounts of information about individuals from various sources (public records, social media, phone trackers, purchasing history) and compile it into profiles to sell to other businesses, law enforcement, and government agencies [27:30]. This episode highlights their pervasive, often hidden, operations and the ethical dilemmas surrounding their legal status, as Hieu Minh Ngo exploited and later impersonated users of such services.
Computer fraud and abuse act (cfaa)
A US federal law that criminalizes unauthorized access to computer systems [67:15]. The episode critiques its broad application, particularly how it's used to prosecute individuals for violating website terms of service, arguing it disproportionately punishes such actions as federal crimes rather than civil issues, referencing the tragic case of Aaron Swartz [69:21].
Chip dumping
A money laundering technique where stolen funds are deposited into an online gambling account, and then the account owner intentionally loses hands to an accomplice's account at a poker table [13:46]. The accomplice then cashes out the "won" chips, effectively laundering the stolen money into legitimate cash, as Hieu and his partner did with stolen credit card funds.
Third-party doctrine
A legal principle in the US that states individuals have no reasonable expectation of privacy in information they voluntarily share with third parties, such as banks or app developers [30:34]. Law enforcement can often access this data without a warrant because it's considered "commercially available," bypassing Fourth Amendment protections against unreasonable searches and seizures.
What Experts Say About Data brokers
- 1.Hieu Minh Ngo, a Vietnamese hacker, transitioned from stealing internet accounts and credit cards to building a "people search engine" that sold US citizens' personal data to cybercriminals on the clear web [38:54].
- 2.Hieu gained API access to data broker Court Ventures by impersonating a private investigator, which gave him access to "almost 200 million US identity" records, making over $2.5 million in profit from reselling searches [46:10], [47:11].
- 3.The US Secret Service lured Hieu to Guam and arrested him after discovering his site enabled criminals to commit "tax returns" fraud, causing over "$60 million USD" in damages, particularly in New Hampshire [60:57], [65:07], [66:10], [71:33].
- 4.Hieu was charged with three violations of the CFAA (Computer Fraud and Abuse Act) for "unauthorized access" by violating a data broker's terms of service, which host Jack Rhysider argues is an overly broad application of federal law [67:15], [68:18].
- 5.Data brokers legally collect vast amounts of personal data from public records, social media, phone trackers, and purchasing history, selling it to entities like law enforcement and marketers without widespread public knowledge or consent [27:30], [29:31], [32:39].
- 6.Jack Rhysider criticizes data brokers for their lack of transparency, failure to protect data from breaches (Hieu successfully hacked four companies), and not notifying victims when their data is compromised, despite operating legally [79:03], [86:27].