U.S. Senator Ron Wyden said last week that the U.S. National Security Agency (NSA) admitted buying internet browsing records from data brokers to identify the websites and apps Americans used, otherwise it would require a court order.
“The U.S. government should not be funding and legitimizing a shady industry that blatantly invades Americans’ privacy and is not only unethical,” Wyden said in a letter to Director of National Intelligence Avril Haines. and illegally.” Take steps to “ensure that U.S. intelligence agencies only purchase data on Americans that was obtained legally.”
Metadata about a user’s browsing habits can pose serious privacy risks, as this information can be used to collect personal details based on the websites a person frequently visits.
This might include offering resources related to mental health, websites offering support for survivors of sexual assault or domestic abuse, and telehealth providers specializing in birth control or abortion-inducing medications.
In response to Wyden’s inquiry, the NSA said it has a compliance system in place and “takes steps to minimize the collection of U.S. personal information” and “continues to obtain only the most useful data relevant to mission requirements.” ”.
However, the agency said it will not purchase and use location data collected from cellphones used in the United States without a court order. It also said it does not use location information obtained from telematics systems of vehicles located in the country.
Ronald S. Moultrie, the undersecretary of defense for intelligence and security, said Department of Defense (DoD) agencies obtain and obtain information in a manner that “adheres to high standards for privacy and civil liberties protections.” Use commercial information (CAI) to support lawful intelligence or cybersecurity missions.
The revelations are yet another sign that intelligence and law enforcement agencies are purchasing potentially sensitive data from companies that require court orders to obtain the data directly from communications companies. In early 2021, news broke that the Defense Intelligence Agency (DIA) was purchasing and using domestic location data collected from smartphones through commercial data brokers.
The revelations about the unauthorized purchase of personal data come after the Federal Trade Commission (FTC) banned Outlogic (formerly X-Mode Social) and InMarket Media from selling precise location information to their customers without their informed consent.
As part of the settlement with the FTC, Outlogic is also prohibited from collecting location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, domestic abuse shelters, and places of religious worship.
Buying sensitive data from these “shady companies” has always been a legal gray area, Wyden noted, adding that the data brokers who buy and resell the data are not known to consumers, who often have no idea who owns their data. . Share with others or use wherever.
Another noteworthy aspect of these shadow data practices is that third-party apps that integrate the software development kits (SDKs) of these data brokers and ad tech vendors do not notify users of the sale and sharing of location data, either. For advertising or country data. Safety.
“According to the FTC, it is not enough for consumers to simply consent to an app or website collecting such data; consumers must be informed and consent to their data being sold to ‘government contractors for national security purposes,'” said the Oregon Democrat.
“I’m not aware of any company that would issue such a warning to consumers before collecting their data. So the violations may be industry-wide and not limited to this particular data broker.”
