Wyden Releases Documents Confirming the NSA Buys Americans' Internet Browsing Records
January 26, 2024
PRESS RELEASE
Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., released documents confirming the National Security Agency buys Americans’ internet records, which can reveal which websites they visit and what apps they use. In response to the revelation, today Wyden called on the administration to ensure intelligence agencies stop buying personal data from Americans that has been obtained illegally by data brokers. A recent FTC order held that data brokers must obtain Americans’ informed consent before selling their data.
“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal,” Wyden wrote in a letter to Director of National Intelligence (DNI) Avril Haines today. “To that end, I request that you adopt a policy that, going forward, IC elements may only purchase data about Americans that meets the standard for legal data sales established by the FTC.”
Wyden fought for nearly three years to publicly release the fact that the NSA is purchasing Americans’ internet records. He succeeded in obtaining public confirmation of that fact after placing a hold on the nomination of Lt. General Timothy Haugh to serve as NSA director. Web browsing records can reveal sensitive, private information about a person based on where they go on the internet, including visiting websites related to mental health resources, resources for survivors of sexual assault or domestic abuse, or visiting a telehealth provider who focuses on birth control or abortion medication.
Wyden, a senior member of the Senate Intelligence Committee, has revealed how multiple federal government agencies have bought and searched Americans’ private records — including location data, internet records and more — without a warrant — in effect using their credit card to circumvent the Fourth Amendment. In 2021, for example, Wyden revealed the Defense Intelligence Agency was buying and using location data collected from Americans’ phones.
“Until recently, the data broker industry and the intelligence community’s purchase of data from these shady companies has existed in a legal gray area, which was in large part due to the secrecy surrounding the practice,” Wyden wrote. “App developers and advertising companies did not meaningfully disclose to users their sale and sharing of personal data with data brokers nor seek to obtain informed consent.”
Wyden urged the DNI to direct U.S. intelligence agencies to stop purchasing Americans’ private data that was obtained unlawfully in violation of new rules outlined by the Federal Trade Commission this month. Through this case, the FTC announced that Americans must be told and agree to their data being sold to “government contractors for national security purposes,” for the practice to be allowed. Wyden, who has spent seven years investigating the data broker industry, is not aware of any company that provides such a warning to users before collecting their data.
Wyden also asked the DNI to direct intelligence agency elements to take three actions to ensure they are complying with the FTC’s latest rulings:
Conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata. The cataloging of IC acquisition of commercially available information was also a recommendation of the Office of the DNI’s Senior Advisory Group Panel on Commercially Available Information in its January 2022 report.
Determine whether each data source identified in that inventory meets the standards for legal personal data sales outlined by the FTC. This, too, is consistent with the Senior Advisory Group’s recommendation to “identify and protect sensitive [Commercially Available Information] that implicates privacy and civil liberties concerns.”
Where those data purchases do not meet the FTC’s legal standard for personal data sales, promptly purge the data. Should IC elements have a specific need to retain the data, such need, and a description of any retained data, be conveyed to Congress and, to the greatest extent possible, to the American public.
The text of the letter and the records provided by the NSA and Defense Department are here.
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024