In a letter to Senator Ron Wyden, the agency’s head affirmed the practice.
It has been revealed by the head of the National Security Agency that the agency purchases the web browsing data of American citizens from independent brokers without first obtaining warrants. Senator Ron Wyden, a Democrat from Oregon, obstructed the confirmation of Timothy Haugh to the position of deputy director of the National Security Agency (NSA) until the agency provided answers to his queries concerning the collecting of location and Internet data from Americans. For the past three years, Wyden has been working toward the goal of “publicly releasing the fact that the National Security Agency is purchasing internet records of Americans.”
Wyden received confirmation from the current Director of the National Security Agency, Paul Nakasone, in a letter dated December 11 that the agency does, in fact, make purchases from brokers. “NSA acquires various types of [commercially available information]for foreign intelligence, cybersecurity, and other authorized mission purposes, to include enhancing its signals intelligence (SIGINT) and cybersecurity missions,” Nakasone explained. “This may include information associated with electronic devices being used outside and, in certain cases, inside the United States.”
Going on to assert that the National Security Agency (NSA) “does not buy and use location data collected from phones known to be used in the United States either with or without a court order,” Nakasone continued his statement. In a similar vein, the National Security Agency does not purchase and make use of location data that is gathered from automobile telematics systems using automobiles that are known to be situated in the United States.
A representative for the National Security Agency (NSA) told Reuters that the agency only makes limited use of such material, but that it is of significant importance for the sake of national security and cybersecurity. “At all stages, NSA takes steps to minimize the collection of US [personal]information, to include application of technical filters,” according to the spokeswoman.
Wyden has referred to the practice as breaking the law. “Such records can identify Americans who are seeking help from a suicide hotline or a hotline for survivors of sexual assault or domestic abuse,” added the researcher.
Avril Haines, the Director of National Intelligence, was urged by the senator to send an order to the United States intelligence agencies to stop purchasing the private information of Americans without their agreement. In addition to this, he requested that Haines instruct intelligence agencies to “conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata.” It is recommended, according to Wyden, that any data that does not conform with the rules set forth by the Federal Trade Commission regarding the selling of personal data be erased.
According to Wyden, a settlement reached by the Federal Trade Commission (FTC) this month prohibited a data broker from selling location data. The agency asserted that the information, which it claimed was sold to purchasers including government contractors, “could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship, and domestic abuse shelters.” The agency also claimed that the information was sold to buyers.
In the complaint that the Federal Trade Commission filed against the broker, which was formerly known as X-Mode Social, the FTC stated that the broker “failed to provide information material to consumers and did not obtain informed consent from consumers to collect and use their location data.” This was due to the fact that the broker “failed to fully inform consumers how their data would be used and that their data would be provided to government contractors for national security purposes.”
A data broker was involved in the settlement, which was the first of its type. Wyden, who has been conducting research on the data broker industry for a number of years, issued a statement in which he stated that he was “not aware of any company that provides such a warning to users [regarding their consent]before collecting their data.”
The problem of federal agencies in the United States purchasing phone location data is not exactly a new one. It was discovered in the year 2020 that Customs and Border Protection had been acting in this manner. In the year that followed, Wyden asserted that the Defense Intelligence Agency and the Pentagon had purchased and utilized location data from personal mobile devices belonging to American citizens.