The US National Security Agency is buying Americans’ internet browning information from commercial brokers without a warrant, according to a letter between US Senator Ron Wyden (D-OR) and the Director of National Intelligence Avril Haines.
Wyden, who made the letter from Thursday public, called for US intelligence officials to cease purchasing Americans’ data unless it has been obtained in a “lawful manner”.
“As you know, U.S. intelligence agencies are purchasing personal data about Americans that would require a court order if the government demanded it from communications companies,” writes Wyden.
“Such location data is collected from Americans smartphones by app developers, sold to data brokers, resold to defense contractors, and then resold again to the government. In addition; the National Security Agency (NSA) is buying Americans' domestic internet metadata,” he continues.
He added that “until recently, the data broker industry and the intelligence community’s (IC) purchase of data from these shady companies has existed in a legal gray area”. And that app and advertising companies did not disclose their sale and sharing of personal data with brokers nor did they “obtain informed consent”.
“The secrecy around data purchases was amplified because intelligence agencies have sought to keep the American people in the dark. It took me nearly three years to clear the public release of information revealing the NSA's purchase of domestic internet metadata,” the senator emphasized.
The senator then points out that the Federal Trade Commission (FTC) brought an action against the data broker X-Mod Social earlier this month. Wyden says that lawyers for the company admitted that they were selling data collected from phones in the US to “US military customers, via defense contractors”.
The FTC then emphasized that the sales of location data is dangerous as it can be used to track people to “sensitive locations, including medical facilities, places of religious worship, places that may be used to infer an LGBTQ+ identification, domestic abuse shelters, and welfare and homeless shelters”. They add that consumers should be made aware that their data is being sold to “government contractors for national security purposes”.
17 November 2023, 02:52 GMT
Under Secretary of Defense Ronald S. Moultrie defended the methods of government data collecting in a separate letter released by Wyden.
“I am not aware of any requirement in U.S. law or judicial opinion… that DOD obtain a court order in order to acquire, access or use information, such as CAI, that is equally available for purchase to foreign adversaries, U.S. companies and private persons as it is to the U.S. government,” he wrote.
Army General Paul M. Nakasone, the director of the NSA, also justified the agency’s actions by explaining that the NSA acquires “commercially available information” but that those acquisitions are limited. Adding that they don’t include location data from phones “known to be used in the US”, and that the “non-content” data they do buy is located abroad and is critical for the US Defense Industrial base, according to a separate letter.
“NSA understands and greatly values the congressional and public trust it has been granted to carry out its critical foreign intelligence and cybersecurity missions on behalf of the American people,” Gen. Nakasone wrote.
In the end of his letter, Wyden wrote that the US government should not be “funding and legitimizing shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal”. He then requested that Haines direct each IC element to take on a list of actions he outlined, including taking an inventory of the information they have already collected and to discard any information that does not meet consent laws.