As NSA buys up Americans' browser records, Uncle Sam is asked to simply knock it off

If you could just not harvest our info unlawfully and without a warrant, that would be great

US Senator Ron Wyden on Thursday asked US Director of National Intelligence Avril Haines to stop US intelligence agencies from purchasing Americans' unlawfully collected personal data from data brokers.

In a letter [PDF] to Haines, Wyden (D-OR) said that not only are US intelligence agencies buying location data harvested from Americans' smartphones that would normallyrequire a court order, but the NSA has been purchasing Americans' domestic internet metadata, including their browsing habits. All seemingly without a warrant in sight.

The NSA for years has been intercepting phone metadata and internet communications through bulk data collection programs under Section 702 of the US Foreign Intelligence Surveillance Act. The rules are supposed to target foreign threats beyond America's borders, yet communications between US persons and foreign nationals get captured as part of this process.

The acquisition of Americans' personal data is even easier. This personal information flows from web and native apps on people's devices to app makers and their marketing partners, and then to data brokers who sell it on to others, and it can be had by Uncle Sam's agents without a warrant.

The Fourth Amendment of the US Constitution promises protection against unreasonable searches and seizures. Yet that promise means a lot less if authorities can conduct such searches through purchased data without seeking permission from a judge.

Data sales of this sort have been a legal gray area, said Wyden, thanks to the lack of disclosure by app makers and lack of informed consent by app users.

And the secrecy surrounding such data collection has been compounded by intelligence agencies' efforts to keep people in the dark about these practices, added Wyden, citing the three years it took to get an answer from the NSA about the agency's collection of domestic internet data.

But recent action by the US Federal Trade Commission suggests that buying and selling of unlawfully obtained data will no longer be tolerated. The gray area has been repainted as a red line.

"Although the intelligence agencies’ warrantless purchase of Americans’ personal data is now a matter of public record, recent actions by the Federal Trade Commission (FTC), the primary federal privacy regulator, raise serious questions about the legality of this practice," said Wyden.

Wyden pointed at the FTC's settlement with data broker X-Mode Social, which he called out back in 2020 upon learning from the firm's lawyers that it was selling phone data gathered from US military personnel. The FTC, he said, held that such sales are unlawful without the informed consent of folks.

Beyond asking Haines to ensure data gets acquired lawfully, Wyden asked the DNI to ensure that each intelligence agency: conducts an inventory of purchased personal data; determines whether that data was acquired with informed consent; and deletes data that does not meet that legal standard, or notifies Congress, and the public to the extent possible, if there's a specific need to retain it.

"Yesterday’s revelations make clear that the NSA knowingly buys data about Americans' internet activity, data that can be very revealing about their most intimate and private communications and associations," said Brendan Gilligan, legal fellow at EFF, in an email to The Register.

"These purchases currently evade regulations and effective oversight. And they come on top of all the data the NSA already intercepts under spying authorities like Section 702, which Congress is right now considering whether to reauthorize. Congress must adequately protect Americans’ online lives from NSA surveillance – regardless of whether the agency purchases data or intercepts it."

The NSA did not immediately respond to a request for comment. ®

More about


Send us news

Other stories you might like