Oregon’s senior US Senator, Ron Wyden, tends to be extra vigilant on the Internet and privacy fronts. But there’s been a noted uptick in activity from his office lately. Recently, he helped illuminate the potential risks around push notification data. And now, he’s sharing that the NSA has been buying data on individuals from data brokers.
In describing the data laundering network of which the NSA is taking advantage, Wyden shared:
Signed Wyden letter to DNI re NSA purchase of domestic metadata and FTC order on data brokers with attachments
As you know, U.S. intelligence agencies are purchasing personal data about Americans that would require a court order if the government demanded it from communications companies. I first revealed in 2021 that the Defense Intelligence Agency (DIA) was purchasing, storing, and using domestic location data. Such location data is collected from Americans’ smartphones by app developers, sold to data brokers, resold to defense contractors, and then resold again to the government. In addition; the National Security Agency (NSA) is buying Americans’ domestic internet metadata.
https://www.wyden.senate.gov/imo/media/doc/signed_wyden_letter_to_dni_re_nsa_purchase_of_domestic_metadata_and_ftc_order_on_data_brokers_with_attachments.pdf
“The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal,” Wyden wrote in a letter to Director of National Intelligence (DNI) Avril Haines today. “To that end, I request that you adopt a policy that, going forward, IC elements may only purchase data about Americans that meets the standard for legal data sales established by the FTC.”
But, isn’t this technically legal? Maybe…? It’s definitely a gray area in terms of legality. But it’s clearly trending toward the unethical according to Techdirt:
Sure, the government can pretend the Third Party Doctrine applies here. But chances are that most of this data being collected by phone apps and other services isn’t being collected with the full knowledge of device users. This is the sort of thing that’s hidden in the deep end of Terms of Use boilerplate, suckering people out of all kinds of data because they made the mistake of assuming a seemingly-innocuous match-3 game wouldn’t attempt to ping their phone’s location and tie it to specific device IDs.
For a deeper dive into the reveal, see “Well, That’s Everyone: Senator Wyden Letter Confirms The NSA Is Buying US Persons’ Data From Data Brokers,” read the press release from Senator Wyden, and read the letter to the US Director of National Intelligence (PDF). As well as this coverage from Wired.