The U.S. National Security Agency (NSA) has confirmed its practice of buying internet browsing records from data brokers, raising concerns about potential privacy violations. According to U.S. Senator Ron Wyden, the NSA’s admission came as part of efforts to identify websites and apps used by Americans without obtaining a court order.
NSA’s Admission and Privacy Concerns
Wyden expressed strong disapproval, stating that “The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical but illegal.” Wyden called for measures to ensure that intelligence agencies only acquire data on Americans through lawful means in a letter to the Director of National Intelligence (DNI), Avril Haines,
The acquired metadata about users’ browsing habits poses a significant privacy risk, as it could potentially reveal personal details based on the frequented websites. This information might encompass websites related to mental health, support for survivors of sexual assault or domestic abuse, and telehealth providers focusing on birth control or abortion medication.
Responding to Wyden’s concerns, the NSA claimed to have developed compliance regimes, emphasizing that it takes steps to minimize the collection of U.S. person information. The agency asserted that it acquires only the most useful data relevant to mission requirements and clarified that it does not purchase or use location data from phones in the U.S. without a court order.
Ronald S. Moultrie, under secretary of defense for intelligence and security, stated that the Departments of Defense (DoD) adhere to high privacy and civil liberties standards when acquiring and using commercially available information (CAI) to support lawful intelligence or cybersecurity missions.
The Purchase of Sensitive Data Not a New Issue
This revelation highlights a broader trend where intelligence and law enforcement agencies purchase sensitive data from companies, bypassing the need for court orders from communication providers. Earlier in 2021, it was disclosed that the Defense Intelligence Agency (DIA) was obtaining domestic location data from smartphones through commercial data brokers.
The disclosure comes in the wake of the Federal Trade Commission (FTC) taking action against companies like Outlogic and InMarket Media, prohibiting them from selling precise location information without user consent. Outlogic, formerly X-Mode Social, is now barred from collecting location data that could track visits to sensitive locations.
Privacy advocates, including Wyden, argue that the purchase of such sensitive data from “shady companies” operates in a legal gray area, leaving consumers uninformed about who their data is shared with and how it is utilized. Furthermore, the lack of notifications from third-party apps incorporating software from data brokers raises additional concerns about the industry-wide implications of these practices.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: