The US National Security Agency (NSA) has confirmed that it acquires data on internet browsing from data brokers in order to identify websites and applications used by Americans, bypassing the need for judicial permission. This confirmation comes following a statement by Senator Ron Wyden, who released documents revealing the NSA’s practice. Wyden criticizes this action, describing it as both unequal and illegal, stating that “the US government should not finance and legitimize a dubious industry that violates the confidentiality of Americans.” He calls for steps to be taken to ensure that intelligence agencies acquire data from citizens using legal means.
This revelation raises concerns as metadata about users’ internet habits can disclose personal information, including the use of resources related to mental health, assistance for victims of sexual violence, and telemedicine.
The NSA, however, assures the public that it has already developed compliance mechanisms and is working to minimize the collection of data on US citizens. It claims to only acquire the necessary data to perform critical tasks.
It is important to note that the NSA does not purchase or use data on the location of individuals from phones in the United States without a court order, nor does it use information about location from automobile telematic systems.
Ronald S. Multri, Deputy Minister of Defense of Intelligence and Security, emphasizes that components of the Ministry of Defense utilize commercially available information while adhering to high standards for protecting confidentiality and civil freedoms.
These revelations come after the Federal Trade Commission (FTC) banned Outlogic and Inmarket Media from selling accurate location information without the informed consent of users. Outlogic is also prohibited from collecting data that can be used to track visits to sensitive places.
Senator Wyden points out that the purchase of sensitive data exists in a gray legal zone, and consumers are often unaware of who is sharing their data.
Wyden further highlights that applications with software development kits (SDK) from these data brokers and advertising technologies fail to notify users about the sale and transfer of location data, whether for advertising or national security purposes.
Wyden emphasizes that the FTC requires clear user consent in order to sell their data to government contractors for national security purposes, but in reality, companies do not provide such warnings.