The recent revelation of the National Security Agency (NSA) purchasing the sensitive internet data of Americans did not feel like a bombshell despite its potential to shake public trust in government surveillance practices.
No front-page headlines blared with outrage; no politicians clamored for accountability. It seemed as though the acceptance of ubiquitous surveillance had dulled our collective sense of shock. Let’s talk about this shocking revelation and its profound implications for our data security.
The NSA's Purchasing of Browser Data: A Breach of Legal Protocol
In the digital age, where our every click and keystroke can be tracked, privacy often feels like a distant memory. But what if the very guardians of our freedoms were covertly peering into our online lives without the necessary checks and balances?
Recently, a revelation shook the foundations of trust in government surveillance. But the surprising aspect is there wasn't a bombshell or a breaking news alert. Rather, it was a quiet unveiling of documents that painted a stark picture of the NSA's covert activities.
Senator Ron Wyden disclosed that the National Security Agency has been purchasing Americans' web browsing data from commercial data brokers without warrants.
This means that government agencies regularly spy on Americans by acquiring confidential information, bypassing the court orders intended to safeguard individual privacy rights.
What makes this revelation particularly damning is the hypocrisy it exposes. The United States has always been a symbol of freedom and democracy and was criticizing other states for surveillance practices. Yet, behind closed doors, it appears that the U.S. government was engaging in similar activities, albeit with a veneer of legality.
But perhaps what's most troubling is the nonchalance with which this revelation was met. It underscores a dangerous complacency, a tacit acceptance of surveillance as the new normal.
A Senator’s Call for Action
Wyden fought for almost 3 years to publicly release the fact that the NSA is buying Americans’ internet records. He has even succeeded in obtaining public confirmation of that fact after placing a hold on the nomination of Lt. General Timothy Haugh to serve as NSA director.
Following Senator Wyden's previous efforts that compelled the FBI to admit its purchase of sensitive data, he is now urging all intelligence agencies to halt buying personal data acquired illegally by data brokers.
Expressing concern, Wyden emphasized that the government should not support an industry that blatantly violates Americans' privacy, branding such actions as both unethical and illegal. He addressed a letter to Avril Haines, Director of National Intelligence, urging for the adoption of policies aligning with the legal standards set by the FTC for data sales.
Questioning the Legality of Data Acquisition
NSA officials briefed Senator Wyden, revealing that the agency not only purchases data on Americans within the US but also acquires their Internet metadata.
Senator Wyden expressed concern about the implications of this revelation. He explained that accessing such data could expose personal and sensitive information, such as individuals' online activities, including visits to websites offering mental health support, resources for survivors of abuse, or providers of reproductive health services like birth control or abortion medication.
The Role of Intelligence Agencies in Data Broker Violations
Wyden highlighted the possibility that intelligence agencies might inadvertently aid data brokers in violating FTC regulations, which mandate clear disclosures and informed consent from users before their data is sold. Despite his seven-year investigation into data brokers, Wyden noted the absence of any company providing such warnings to users prior to data collection.
Wyden referred to the case of X-Mode, a data broker recently scrutinized by the FTC for its questionable practices. This case appeared after the company admitted to selling sensitive location data without user consent, even after consent revocation.
He described the FTC's order as establishing "new rules," although it primarily serves as a form of common law through settlements, indicating unacceptable practices under the FTC Act.
X-Mode's violations of the FTC Act encompassed various infractions, including unfairly selling sensitive data, disregarding consumers' privacy choices, and deceptively collecting and using location data without consent verification.
However, the FTC did not provide clarification on whether the order extends to data purchases by intelligence agencies. It's also important to mention that the FTC order includes exemptions for data collected outside the US for security or national security purposes by federal agencies or entities.
Wyden Calls for Compliance with FTC Regulations
Senator Wyden urged the Director of National Intelligence (DNI) to instruct US intelligence agencies to cease purchasing Americans' private data obtained unlawfully, as per the new rules outlined by the FTC quite recently.
The FTC's recent ruling stipulated that Americans must be informed and give consent for their data to be sold to "government contractors for national security purposes."
Also, to address this issue, Wyden called for intelligence agencies to conduct a thorough inventory and promptly erase any illegally obtained data on Americans without proper authorization. He argued that failing to do so allows agencies like the NSA and FBI to bypass constitutional protections like the Fourth Amendment effectively.
Wyden's Recommendations to Ensure Compliance
In addition to urging compliance with the FTC's regulations, Wyden proposed three actions for intelligence agency elements to ensure adherence to the latest rulings:
- Conduct Inventory of Purchased Personal Data
Intelligence agencies should compile an inventory of the personal data purchased about Americans, encompassing aspects like location and internet metadata. This recommendation aligns with the suggestion made by the Office of the DNI's Senior Advisory Group Panel on Commercially Available Information in its January 2022 report.
- Assess Data Sources Against FTC Standards
Each data source identified in the inventory should be evaluated to determine whether it meets the standards outlined by the FTC for legal personal data sales. This aligns with the Senior Advisory Group's recommendation to identify and safeguard sensitive Commercially Available Information that raises privacy and civil liberties concerns.
- Purge Non-Compliant Data
If the data purchases do not meet the FTC's legal standards, intelligence agencies should promptly purge the data. Any specific need to retain such data should be communicated to Congress, and the details of retained data should be made known to the American public to the greatest extent possible.
Wyden's call for intelligence agencies to inventory and purge unlawfully collected data signifies a crucial step toward accountability and rectification. By holding agencies accountable for their actions, we can mitigate the adverse impacts of unwarranted surveillance on individuals' rights.
Responses to Waden on Shady Data Broker Dealings
In reply to Wyden's letter, Ronald Moultrie, the Under Secretary of Defense for Intelligence & Security, assured that the Department of Defense (DoD) strictly follows rigorous standards for privacy and civil liberties when obtaining Americans' location data.
He stated that there is no existing legal obligation for the DoD to acquire court orders for commercially available information accessible to foreign adversaries, US companies, and private individuals.
In another response to Wyden, General Paul Nakasone, the leader of the NSA, said that the agency takes measures to limit the collection of data on US individuals and only acquires essential information relevant to its missions.
This includes some commercially available data on Americans involved in international communications, crucial for safeguarding the US Defense Industrial Base and supporting military weapons systems.
But Wyden is still not convinced. He’s still concerned about the widespread unethical practice of data brokers selling Americans' information without their consent, emphasizing the urgent need for regulation.
No reason can be enough to justify the support of intelligence agencies for companies engaged in intrusive surveillance, as identified by the FTC.
Though Moultrie indicated that the DNI determines which information sources are suitable for intelligence activities, Wyden is more concerned about secret data acquisition. Americans must be told and allowed to opt out of such secretive data collection. The lack of transparency from intelligence agencies surrounding data purchases is raising many red flags.
Final Words
It has been all over the internet for the last few years that the NSA has bought the browsing data of Americans. But quite recently, all these speculations have turned into reality as Senator Wyden has finally succeeded in getting the truth out of the NSA after 3 years of consistent efforts.
Now, Wyden is demanding intelligence agencies remove all the sensitive data that should not be attained by anyone without a warrant.
Additionally, Wyden pointed out that, according to the FTC's order, Americans should be informed and consent to their data being sold to government contractors for national security purposes. This requirement aims to safeguard individuals' privacy rights amidst concerns about data exploitation.
While the FTC has taken action against a handful of data brokers, the questionable practice of selling data without obtaining Americans' consent is a widespread issue requiring regulation. Instead of being customers in this questionable market, intelligence agencies ought to cease funding companies accused of engaging in intrusive and unregulated surveillance of Americans.