NSA Admits Secretly Buying Your Internet Browsing Data without Warrants



The U.S. National Security Agency (NSA) recently acknowledged its practice of purchasing internet browsing records from data brokers to identify Americans’ online activities without obtaining a court order, as revealed by U.S. Senator Ron Wyden. In response to this revelation, Wyden emphasized the need for the U.S. government to refrain from supporting an industry that engages in unethical and illegal violations of Americans’ privacy.

Senator Wyden conveyed his concerns in a letter addressed to the Director of National Intelligence (DNI), Avril Haines, urging measures to ensure that intelligence agencies only acquire data on Americans through lawful means. The NSA’s purchase of metadata related to users’ browsing habits poses significant privacy risks, potentially revealing personal details based on the websites they visit.

This sensitive information could include websites offering support for mental health, assistance for survivors of sexual assault or domestic abuse, and telehealth providers specializing in birth control or abortion medication. In response to Wyden’s inquiries, the NSA asserted that it implements compliance regimes and takes steps to minimize the collection of U.S. person information, acquiring only data essential to mission requirements.

However, the agency clarified that it does not procure or use location data from phones within the U.S. without a court order, and it refrains from using location information obtained from vehicle telematics systems in the country. Ronald S. Moultrie, Under Secretary of Defense for Intelligence and Security (USDI&S), emphasized that the Department of Defense adheres to high standards of privacy and civil liberties protections when acquiring commercially available information (CAI) to support intelligence or cybersecurity missions.

This revelation underscores a trend where intelligence and law enforcement agencies purchase potentially sensitive data from companies, bypassing the need for a court order that would be necessary when obtaining data directly from communication companies. Earlier in 2021, it was disclosed that the Defense Intelligence Agency (DIA) was acquiring domestic location data from smartphones through commercial data brokers.

The disclosure about the warrantless purchase of personal data comes on the heels of the Federal Trade Commission (FTC) prohibiting companies like Outlogic (formerly X-Mode Social) and InMarket Media from selling precise location information without users’ informed consent. Outlogic, as part of its settlement, is now restricted from collecting location data that could track visits to sensitive locations.

The purchase of sensitive data from these opaque companies operates in a legal gray area, with consumers often unaware of who their data is being shared with. Furthermore, third-party apps incorporating software development kits (SDKs) from these data brokers and ad-tech vendors fail to inform users about the sale and sharing of location data, whether for advertising or national security purposes.

Senator Wyden highlighted the lack of warnings provided to consumers before their data is collected, pointing out that industry-wide non-compliance with informing users about data usage for national security purposes is likely prevalent among these data brokers.

Other news

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code.

Read More

Apple Issues Patch for Critical Zero-Day in iPhones

Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.

Read More