Oregon’s senior US Senator, Ron Wyden, tends to be extra vigilant on the Internet and privacy fronts. But there’s been a noted uptick in activity from his office lately. Recently, he helped illuminate the potential risks around push notification data. And now, he’s sharing that the NSA has been buying data on individuals from data brokers.
In describing the data laundering network of which the NSA is taking advantage, Wyden shared:
Signed Wyden letter to DNI re NSA purchase of domestic metadata and FTC order on data brokers with attachments
As you know, U.S. intelligence agencies are purchasing personal data about Americans that would require a court order if the government demanded it from communications companies. I first revealed in 2021 that the Defense Intelligence Agency (DIA) was purchasing, storing, and using domestic location data. Such location data is collected from Americansβ smartphones by app developers, sold to data brokers, resold to defense contractors, and then resold again to the government. In addition; the National Security Agency (NSA) is buying Americansβ domestic internet metadata.
https://www.wyden.senate.gov/imo/media/doc/signed_wyden_letter_to_dni_re_nsa_purchase_of_domestic_metadata_and_ftc_order_on_data_brokers_with_attachments.pdf
βThe U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americansβ privacy are not just unethical, but illegal,β Wyden wrote in a letter to Director of National Intelligence (DNI) Avril Haines today. βTo that end, I request that you adopt a policy that, going forward, IC elements may only purchase data about Americans that meets the standard for legal data sales established by the FTC.β
But, isn’t this technically legal? Maybeβ¦? It’s definitely a gray area in terms of legality. But it’s clearly trending toward the unethical according to Techdirt:
Sure, the government can pretend the Third Party Doctrine applies here. But chances are that most of this data being collected by phone apps and other services isnβt being collected with the full knowledge of device users. This is the sort of thing thatβs hidden in the deep end of Terms of Use boilerplate, suckering people out of all kinds of data because they made the mistake of assuming a seemingly-innocuous match-3 game wouldnβt attempt to ping their phoneβs location and tie it to specific device IDs.
For a deeper dive into the reveal, see “Well, Thatβs Everyone: Senator Wyden Letter Confirms The NSA Is Buying US Personsβ Data From Data Brokers,” read the press release from Senator Wyden, and read the letter to the US Director of National Intelligence (PDF). As well as this coverage from Wired.
