According to a letter from NSA director Paul Nakasone to Wyden, the agency purchased Netflow data and information from electronic devices used both domestically and internationally.
The US National Security Agency (NSA) has confirmed purchasing American users’ internet browsing records without warrants, according to Oregon Democratic Senator Ron Wyden. Congressman Wyden, a staunch privacy advocate, spent three years attempting to disclose the NSA’s practice, including purchasing smartphone location data without a warrant.
These “warrantless purchases” included information about websites visited and apps used, explained Wyden. This means, that US government agencies frequently access commercial marketplaces to gather sensitive information about Americans without obtaining court warrants.
According to a letter from NSA director Paul Nakasone to Wyden, the agency only purchased Netflow data and information from electronic devices used both domestically and internationally. The data, mainly related to Internet communications, did not include American communications content. The NSA claims to use commercially available Netflow data for cybersecurity and foreign intelligence missions, to defend US military networks from foreign hackers, minimizing the collection of U.S. personal information through technical filters.
In a letter to the Director of National Intelligence (DNI), Avril Haines, Wyden has urged the Biden administration to stop this “warrantless surveillance of Americans” through internet data purchases. He argues that the US government should not fund and legitimize a shady industry, raising questions about its legality.
“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal.”
Collecting user browsing habits metadata is a risky practice as it can expose personal information on websites related to mental health, sexual assault, domestic abuse, and telehealth, posing a significant privacy risk.
It must be noted that the Federal Trade Commission (FTC) has banned Outlogic (previously called X-Mode Social) and InMarket Media from selling location information without users’ informed consent, also barring Outlogic from collecting location data for sensitive locations like medical clinics and religious places.
Purchasing data from companies falling in the legal gray area is unethical as consumers/users are unaware of how it’ll be shared or used. Third-party apps incorporating SDKs from these brokers do not inform users about location data sales for advertising or national security purposes, either.
The revelation comes amid growing concerns about foreign governments acquiring US citizens’ data. The Biden administration is already preparing an executive order to curb such purchases, reports CNN. But the government itself is involved in such practices.
However, the NSA has a history of mass surveillance practices, therefore, Wyden’s disclosure doesn’t seem surprising. Back in 2015, a lawsuit was filed by Wikipedia against the NSA to protect the rights of its 500 million monthly users, arguing that their mass surveillance potentially violates the Fourth Amendment and First Amendment and that their activities exceed the authority granted by the Foreign Intelligence Surveillance Act.
Ex NSA contractor Edward Snowden’s 2013 revelation of a secret NSA mass surveillance program, which has been secret for over a decade created havoc globally, exposing the agency’s spying practices.
In 2015, a three-judge panel of the Second Circuit Court of Appeals ruled that the agency’s telephone metadata collection program, which gathered millions of American citizens’ phone records daily, is illegal under the Patriot Act.