Stay up to date with the latest OSINT news around the world.
This week in open-source intelligence (OSINT) news: A new report reveals a major OpSec failure on the South African parliament website, copyright lawsuits mount against AI firms and how the relationship between OSINT and spying is changing.
This is the OSINT news of the week:
Major OpSec fail put South African parliament at major risk
A recently released, detailed analysis by OSINT.industries revealed the South African parliament website publicly listed personal contact information of its legislators. Findings from the report show thousands of profiles connected to about 600 of the publicly listed personal and government email addresses. This massive oversight created significant operational security vulnerabilities that left members at risk of espionage attempts, targeted influence campaigns and spying by malicious actors.
While most government email addresses are limited to registering for specific job-related accounts, some South African parliament members used their government and personal email addresses to register for various social media profiles, popular music apps, health and fitness apps and even pornographic media sites. The report also finds that legislators used their officially listed email addresses to post over 1,800 public reviews since 2015, revealing personal information about their travel, dining preferences and medical care. When combined with real-time GPS location data through the popular running app Strava, the publicly available information gives significant insight into their lives, enabling malicious actors to potentially weaponize it against them.
“What people do not realize is that the information you willingly share publicly can, in some cases, be massive and, if you’re a public figure, trivially easy to weaponize against you.”
Nathaniel Fried, CEO of OSINT.industries
“Publicly available” = free reign for AI firms
Leading AI companies such as OpenAI, Google, Meta and Microsoft consistently use the same phrase to describe the data source used to train their models: publicly available. Although publicly available information (PAI) sounds similar to public domain, the public domain is specific to information no longer subject to copyright protection or otherwise made freely available. Publicly available data includes copyright and pirated material made available without the permission or consent of its creators, sparking a legal battle.
Many authors, publishers and copyright holders have sued AI companies on grounds of massive copyright infringement in the training and operation of their AI products and services. In response to the lawsuits, AI companies developed two primary legal defenses. The first argues that their general use of copyrighted material is legal under the doctrine of “fair use,” with many AI firms looking to the Google Books decision that allowed Google to use text snippets to catalog published works. The second argument asserts that because AI models do not copy material and instead “learn” from the material, copyright is not an issue. As these lawsuits progress and gain momentum, AI companies continue to use publicly available information but refuse to say exact sources.
“Many of the 'publicly available' books they took were from websites known for pirated content… The receipt and subsequent commercial misuse of stolen property won't play well before a jury.”
Timothy K. Giordano, Clarkson Law Firm partner
New ethical guidance on commercial data purchases
Department of Defense (DoD) associate deputy general counsel for intelligence, Lindsay Rodman, revealed the Office of the Director of National Intelligence (ODNI) will be releasing new ethical guidelines to assist the intelligence community (IC) in considerations when purchasing commercially available data. The nine principles provide a framework for the IC to identify privacy concerns when datasets available for purchase include sensitive personal identifiers. Rodman explained the nine principles are “nearly complete” and “set to be released any day now.”
Tensions continue to rise as lawmakers and privacy advocates describe data purchasing by intelligence agencies as an evasion of the Fourth Amendment, which prohibits unreasonable search and seizure. Most DOD and IC operations have nothing to do with U.S. person information but there are particular cases where these purchases are required. Causing even more turmoil, the ODNI released a report last year that found the IC buys copious amounts of Americans’ data without much oversight.
“When [commercially available data] presents the kinds of privacy and sensitivity concerns that we’re talking about, then there’s basically a whole rubric of requirements for doing that analysis and then putting appropriate safeguards in place.”
Lindsay Rodman, associate deputy general counsel for intelligence for the DoD
Spying and OSINT’s future relationship
A recent report on Russia's missile production capacity by Rhodus, an open-source intelligence company, has reignited the conversation on the need or lack thereof for a new Australian government agency dedicated to OSINT. An argument against it claims that many non-government OSINT organizations like Rhodus and Bellingcat produce high-quality reports despite lacking access to classified information.
The opposition argues that without a dedicated Australian OSINT agency, there is a major disconnect between open-source and secret intelligence. However, a significant benefit of independent OSINT is the comparison of it and secret intelligence to determine the value of each and setting budgets accordingly. The article raises the question, If espionage is a response to information deficit but we are living in a world of information abundance, what does the future of spying look like?
“There’s no stopping the tsunami of unclassified data, and open-source intelligence will inevitably become a more important tool for understanding it.”
Sam Roggeveen, Director of the Lowy Institute’s International Security Program
Every other week, we collect OSINT news from around the world. We’re also gathering information on cyberthreats, federal intelligence strategies and much more. Follow us on X and share the OSINT news you’re keeping up with.
To keep up to date on the latest OSINT and cybersecurity news, join our newsletter below.
