NSA buys Internet data from Americans without warrants, the letter said
The National Security Agency purchases certain logs relating to Americans' domestic Internet activities from commercial data brokers an unclassified letter from the agency.
The letter, addressed to a Democratic senator and obtained by The New York Times, offered few details about the nature of the data, other than to say it did not include the content of Internet communications.
Still, the revelation is the latest to highlight a legal gray area: Intelligence and law enforcement agencies sometimes purchase potentially sensitive and revealing domestic data from brokers that require a court order to acquire it directly.
It comes as the Federal Trade Commission has launched a crackdown on companies trading in personal location data collected through smartphone apps and sold without people's knowledge and consent about where it would end up and for what purpose it would be used .
In a letter to the director of national intelligence On Thursday, Senator Ron Wyden, Democrat of Oregon, argued that “Internet metadata” — logs that show when two computers communicated, but not the content of any message — “can be as sensitive” as the location data the FTC relies on focuses. .
He urged the intelligence community to stop buying Internet data on Americans if it is not collected according to the standard the FTC has set for location data.
“The U.S. government should not fund and legitimize a dark industry whose blatant violations of American privacy are not only unethical, but illegal,” Mr. Wyden wrote.
A representative for Director of National Intelligence Avril D. Haines did not respond to a request for comment.
The NSA made his specific disclosure under pressure in a letter sent to Mr. Wyden last month by outgoing director Gen. Paul M. Nakasone. The senator arrived in November placed a hold on President Biden's nominee to be the agency's next director, Lt. Gen. Timothy D. Haugh, to prevent the Senate from voting on his confirmation until the agency publicly announced whether it was purchasing Americans' location data and web browsing data.
In the letter, General Nakasone wrote that his agency had decided to disclose that it purchases and uses several types of commercially available metadata for its foreign intelligence and cybersecurity missions, including netflow data “pertaining to entirely domestic Internet communications.”
Netflow data generally means Internet metadata that shows when computers or servers have connected but does not include the content of their interactions. Such data can be generated when people visit different websites or use smartphone apps, but the letter does not specify the level of detail of the data the agency is purchasing.
Asked for clarification, an NSA official issued a statement saying the agency purchases commercially available netflow data for its cybersecurity mission to track, identify and thwart foreign hackers. It emphasized that “the NSA takes steps at all stages to minimize the collection of U.S. personal information,” including by using technical means to filter it.
The statement added that it limited its network data to Internet communications where one side is a computer address in the United States “and the other side is foreign, or where one or both communicants are foreign intelligence targets, such as a malicious cyber actor.” ”
While General Nakasone also acknowledged that some of the data the NSA is purchasing “is associated with electronic devices used outside – and in some cases within – the United States,” he said the agency has not purchased any domestic location data, nor from phones or internet-connected cars known to be in the country.
Mr. Wyden, a longtime privacy advocate and surveillance skeptic who has access to classified information as a member of the Senate Intelligence Committee, has proposed legislation that would ban the government from purchasing data on Americans that would otherwise require a court order.
In early 2021, he received a memo revealing that the Defense Intelligence Agency is purchasing commercially available databases containing location data from smartphone apps and has searched them several times without a warrant for Americans' previous movements. The senator has tried to convince the government to publicly reveal more about its practices.
The correspondence with Mr. Wyden, some of which was redacted as confidential, strongly suggested that other branches of the Defense Department were also purchasing such data.
Law enforcement and intelligence agencies outside the Defense Department are also purchasing data on Americans in ways that are gaining increasing attention. In September, the Department of Homeland Security's inspector general said has criticized some of its units for purchasing and using smartphone location data in violation of the privacy policy. Customs and Border Protection has also indicated this that it would stop buying such data.
Another letter to Mr. Wyden, by Ronald S. Moultrie, the Under Secretary of Defense for Intelligence and Security, said that obtaining and using such data from commercial brokers was subject to several safeguards.
He said the Pentagon used the data lawfully and responsibly to carry out its various missions, including tracking hackers and protecting U.S. military personnel. There is no legal barrier to purchasing data that is “equally available for purchase to foreign adversaries, U.S. companies and private individuals as it is to the U.S. government,” he added.
But in his own letter to Ms. Haines, Mr. Wyden urged the intelligence agencies to change their practices, pointing to the Federal Trade Commission's recent crackdown on companies that sell personal information.
This month, the FTC has banned a data broker formerly known as X-Mode Social of the sale of location data as part of a unique settlement. The agreement stated that the agency considers trade location data – collected without consumers' consent that it would be sold to government contractors for national security purposes – as a violation of a provision of the Federal Trade Commission Act that prohibits unfair and deceptive practices. practices.
And last week the FTC unveiled a proposed settlement with another data aggregator, InMarket Media, banning the company from selling precise location data if it has not fully informed customers and obtained their consent – even if the government is not involved.
While the NSA does not appear to be purchasing data that contains location information, Mr. Wyden argued that Internet metadata can also reveal sensitive things — such as whether someone visits websites about counseling related to topics like suicide, substance abuse or sexual abuse, or other private matters, for example if someone is looking for abortion pills by mail order.
In his letter, he wrote that the action against .”