Balancing National Security and Privacy: Examining the Use of Commercially Available Information in OSINT Practices

Open source intelligence (OSINT) researchers utilize specialized tools to access vast amounts of data from multiple sources simultaneously. These tools, equipped with (paid) modules, allow users to tap into aggregated data sets containing commercially available information, such as location data from mobile phone users. The utilization of commercially available information from OSINT tools by intelligence and security services impacts fundamental rights and freedoms; more specifically, the right to personal data protection. Drawing from prior experience working on this topic within a Dutch oversight committee on the intelligence and security services and international developments in OSINT practice, insights are provided on this new OSINT practice and the responses of oversight authorities. Rather than advocating for a categorical ban, a more refined approach to process commercially available information from OSINT tools is suggested. Building on the work of a Dutch oversight authority and the work of the U.S. Office of the Director of National Intelligence, four recommendations are provided to intelligence and security services to responsibly handle commercially available information in OSINT practices.