The revelation that the U.S. National Security Agency (NSA) has been secretly buying internet browsing records from data brokers to identify the websites and apps Americans use is causing concern among privacy advocates.
U.S. Senator Ron Wyden raised the alarm last week, stressing that this practice not only raises ethical concerns but is also illegal. In a letter to the Director of National Intelligence (DNI), Avril Haines, Wyden urged the government to ensure that U.S. intelligence agencies only purchase data on Americans that has been obtained in a lawful manner.
The acquisition of metadata about users’ browsing habits poses a significant privacy risk, as this information could be used to glean personal details about individuals based on the websites they visit. In particular, sensitive information related to mental health, sexual assault or domestic abuse, and reproductive health could be exposed through this data acquisition.
In response to Wyden’s queries, the NSA mentioned that it has developed compliance regimes and that it “takes steps to minimize the collection of U.S. person information” and “continues to acquire only the most useful data relevant to mission requirements.” The agency also clarified that it does not buy or use location data collected from phones used in the U.S. without a court order.
This revelation is just the latest development in the ongoing concern about intelligence and law enforcement agencies purchasing potentially sensitive data from companies that would require a court order to obtain directly from communication companies. Earlier this year, it was revealed that the Defense Intelligence Agency (DIA) was buying and using domestic location data collected from smartphones via commercial data brokers.
The news about the warrantless purchase of personal data comes in the wake of the Federal Trade Commission (FTC) prohibiting Outlogic and InMarket Media from selling precise location information to their customers without users’ informed consent. Outlogic, as part of its settlement with the FTC, has also been barred from collecting location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, domestic abuse shelters, and places of religious worship.
Senator Wyden noted that the purchase of sensitive data from these “shady companies” has existed in a legal gray area, with data brokers not being known to consumers, who are often kept in the dark about who their data is being shared with or where it is being used.
Another troubling aspect of these practices is that third-party apps incorporating software development kits from these data brokers and ad-tech vendors do not notify users of the sale and sharing of location data, whether it be for advertising or national security.
These revelations have sparked concerns about the lack of transparency and consent in the collection and use of personal data by both private companies and government agencies. It’s evident that there is a need for clearer regulations and oversight to protect the privacy of individuals and prevent the abuse of personal data for surveillance or other purposes.
As discussions around data privacy and security continue to evolve, it is essential for consumers to stay informed about the potential risks and take steps to protect their online privacy. Following reputable sources and staying updated on the latest developments in cybersecurity can help individuals make informed decisions about the use of their personal information.
The implications of government agencies purchasing personal data from commercial brokers without proper oversight raise serious questions about the protection of civil liberties and privacy rights. As the conversation around data privacy continues, it’s crucial for policymakers, regulators, and technology companies to work together to establish clear guidelines and safeguards that protect the privacy and security of individuals in an increasingly digital world.