In a startling admission, the U.S. National Security Agency (NSA) has acknowledged purchasing Americans’ internet browsing records through data brokers without obtaining a judicial order. Senator Ron Wyden revealed last week that the NSA procured internet browsing records from data brokers to identify websites and applications used by Americans, a move that would typically require a judicial order. Wyden asserted that the U.S. government should refrain from funding and legitimizing an opaque industry whose blatant privacy violations are not only unethical but also illegal.
Senator Wyden’s Call to Action
Senator Wyden, in a letter to the Director of National Intelligence (DNI) Avril Haines, urged the government to take steps to “ensure that U.S. intelligence agencies only purchase data about Americans that has been legally obtained.” The purchase of metadata regarding users’ browsing habits raises significant privacy concerns, potentially enabling the extraction of personal details based on the frequented websites. This information may encompass sites related to mental health resources, support for survivors of sexual assault or domestic abuse, and telemedicine providers specializing in birth control or abortion medication.
NSA ‘s Response and Privacy Safeguards
Responding to Wyden’s inquiries, the NSA emphasized the implementation of compliance regimes and “takes steps to minimize the collection of information about U.S. persons.” The agency asserted its commitment to acquiring only the most relevant data aligned with mission requirements. Notably, the NSA clarified that it does not purchase or use location data collected from phones used in the United States without a judicial order.
Defense Department’s Stance on Commercially Available Information (CAI)
Ronald S. Moultrie, Under Secretary of Defense for Intelligence and Security (USDI&S), highlighted that Department of Defense components acquire and utilize commercially available information (CAI) adhering to high standards of privacy protection and civil liberties. This utilization is in support of legal intelligence or cybersecurity missions.
Broader Implications and Industry Practices
The revelation underscores the trend of intelligence and law enforcement agencies acquiring potentially sensitive data from companies, circumventing the need for a judicial order. In early 2021, the Defense Intelligence Agency (DIA) disclosed its purchase and utilization of domestic location data from smartphones through commercial data brokers. The disclosure of non-judicial data purchase comes on the heels of the Federal Trade Commission (FTC) prohibiting Outlogic (formerly X-Mode Social) and InMarket Media from selling precise location information to clients without informed user consent. Outlogic, as part of the FTC agreement, is also barred from collecting location data that could be used to track visits to sensitive locations such as mental health clinics, domestic abuse shelters, and places of worship.
Balancing National Security and Privacy – NSA
The NSA’s admission of purchasing internet browsing data without judicial oversight raises critical questions about the balance between national security imperatives and individual privacy rights. As this revelation unfolds, it prompts a deeper examination of the regulatory landscape and ethical considerations surrounding the procurement of sensitive personal information by intelligence agencies. Stay tuned as we delve into the evolving dynamics of data privacy and national security.
