Sen. Ron Wyden acknowledged last week that the U.S. National Security Agency (NSA) buys internet browsing records from data brokers to identify the websites and apps Americans use, but otherwise He said a court order would be required.
“The U.S. government should not fund and legalize a shady industry whose blatant invasion of Americans’ privacy is not only unethical, but illegal,” Wyden said in a statement to the Director of National Intelligence. DNI) in a letter to Avril Haines. It called for the government to take steps to “ensure that U.S. intelligence agencies only obtain data about U.S. persons obtained through lawful means.”
Metadata about a user’s browsing habits can pose significant privacy risks, as it can be used to determine an individual’s personal information based on the websites she visits. .
This could include websites that provide resources related to mental health, support for victims of sexual assault and domestic violence, and telehealth providers focused on contraception and abortion pills. There is a gender.
In response to Wyden’s inquiry, the NSA has developed compliance arrangements to “take steps to minimize the collection of U.S. personal information” and “collect only the most useful data related to mission requirements.” I will continue to do so.”
But the agency said it will not purchase or use location data from cell phones used in the United States without a court order. The company also said it does not use location information from the vehicle telematics systems of vehicles in the country.
Under Secretary of Defense for Intelligence and Security (USDI&S) Ronald S. Moultrie said that Department of Defense (DoD) components obtain commercially available information (CAI) in a manner that “meets high standards to protect privacy and civil liberties.” , said that it is used. Supporting legitimate intelligence or cybersecurity missions.
The revelations are another sign that intelligence and law enforcement agencies are obtaining sensitive data from companies that could require a court order to obtain directly from carriers. In early 2021, it was revealed that the Defense Intelligence Agency (DIA) had been purchasing and using domestic location data collected from smartphones through commercial data brokers.
Disclosure of unauthorized acquisition of personal information is subject to Federal Trade Commission (FTC) decisions.Outlogic (formerly known as Outlogic)
As part of a settlement with the FTC, Outlogic will provide access to location data that can be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, domestic violence shelters, and places of worship. Collection was also prohibited.
Buying sensitive data from these “shady companies” is a legal gray area, Wyden noted, and the data brokers who buy and resell this data are unknown to consumers. Others added that it often remains unclear who the data is being shared with or where it is used.
Another notable aspect of these shady data practices is that third-party apps, including the software development kits (SDKs) of these data brokers and ad tech providers, are able to access location data, whether for advertising or national purposes. Not informing users about the sale and sharing of. level of security.
“According to the FTC, it is not sufficient for consumers to consent to the collection of such data by apps and websites.” ’ must be informed and consent to be sold to,” the Oregon Democrat said.
“I’m not aware of any company that issues such a warning to consumers before their data is collected. Therefore, the violation is likely industry-wide and not limited to this particular data broker.” It’s not.”