“U.S. Senator Ron Wyden, D-Ore., released documents confirming the National Security Agency buys Americans’ internet records, which can reveal which websites they visit and what apps they use. In response to the revelation, today Wyden called on the administration to ensure intelligence agencies stop buying personal data from Americans that has been obtained illegally by data brokers. A recent FTC order held that data brokers must obtain Americans’ informed consent before selling their data.  “The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal,” Wyden wrote in a letter to Director of National Intelligence (DNI) Avril Haines today. “To that end, I request that you adopt a policy that, going forward, IC elements may only purchase data about Americans that meets the standard for legal data sales established by the FTC.”…Wyden urged the DNI to direct U.S. intelligence agencies to stop purchasing Americans’ private data that was obtained unlawfully in violation of new rules outlined by the Federal Trade Commission this month. Through this case, the FTC announced that Americans must be told and agree to their data being sold to “government contractors for national security purposes,” for the practice to be allowed. Wyden, who has spent seven years investigating the data broker industry, is not aware of any company that provides such a warning to users before collecting their data.  Wyden also asked the DNI to direct intelligence agency elements to take three actions to ensure they are complying with the FTC’s latest rulings:

• Conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata. The cataloging of IC acquisition of commercially available information was also a recommendation of the Office of the DNI’s Senior Advisory Group Panel on Commercially Available Information in its January 2022 report.
• Determine whether each data source identified in that inventory meets the standards for legal personal data sales outlined by the FTC. This, too, is consistent with the Senior Advisory Group’s recommendation to “identify and protect sensitive [Commercially Available Information] that implicates privacy and civil liberties concerns.”
• Where those data purchases do not meet the FTC’s legal standard for personal data sales, promptly purge the data. Should IC elements have a specific need to retain the data, such need, and a description of any retained data, be conveyed to Congress and, to the greatest extent possible, to the American public.

The text of the letter and the records provided by the NSA and Defense Department are here.”