Web browsing data of American citizens have been disclosed to military intelligence officers, who purchased them from a data broker, U.S. Senator Ron Wyden revealed, citing whistleblower claims.
Wyden divulged that at least four agencies within the U. S. Department of Defense, which includes both the Army and Navy, have spent $3.5 million on a data monitoring tool that can provide access to immense amounts of email data and web browsing activity. This tool's developer, Team Cymru, which is based in Florida, flaunts that its tool can offer customers information on the "super majority" of all activity on the internet" and "visibility" into more than 90 percent of internet traffic.
Wyden ACLU Voice Concern that Pentagon Data Purchases from Brokers Used to Violate Privacy Rights
These previously unknown purchases were first revealed by Vice on Wednesday and had led to concerns from Sen. Wyden and the America Civil Liberties Union that the Pentagon might have been using this tool to get "extremely sensitive information about who we are and what we're reading online," Wyden said. The procurement shows U.S. government agencies can use constitutional cover to gather data from questionable data brokers and companies.
Probe Urged on Questionable Procurement of Citizen Data
Wyden urged inspectors general at the Departments of Defense, Justice, and Homeland Security to investigate their respective agencies' procurement of the data, stressing he had confirmed that they are purchasing such confidential, private data "without judicial authorization."
Wyden also said a whistleblower went to his office to disclose that formal complaints were filed "up and down their chain of command." According to Wyden, the complaints charged the Naval Criminal Investigative Service (NCIS) in purchase agreements to get netflow data without any warrant.
The NCIS and Wyden quoted the unnamed whistleblower as saying he/she was "purchasing access" from Team Cymru for the data, which includes netflow records and some communications content. Team Cymru, Wyden said, has been "a data broker whose data sales I have previously investigated,"
Wyden is the current Senate Finance Committee chairman and member of the Select Intelligence Committee.
These netflow records show what servers users connect to, thus revealing specific websites they visit. The logs may also show the volume of data sent or received and how long a user visits a site.
Team Cymru, a threat intelligence firm which was first reported by Vice's Motherboard in August last year, has been working with internet service providers to gain access to netflow records. The company informed Wyden at the time that it obtained "netflow data from third parties in exchange for threat intelligence."
Citing sources, Vice reported that Team Cymru granted clients access to a dataset, from which they could make "queries against virtually any IP to pull the netflows to and from that IP over a given point in time."
This would provide Team Cymru clients the ability to monitor Internet traffic through virtual private networks (VPN), with which users surf the internet privately.
Wyden further said that procurement records had confirmed the U.S. military's use of the Augury tool, which offers "petabytes" of network data from hundreds of collection points globally. According to Wyden, at least "100 billion new records," are collected each day, including email and web browsing data.
Wyden said a company named Argonne Ridge Group provides Augury. Argonne, he said, shares "the same corporate address" as Team Cymru, and has "overlapping corporate officers." Argonne, he added, has secured contracts with U.S. Cyber Command, the Army, the Federal Bureau of Investigation and the U.S. Secret Service.
Related Article : Yahoo, ACLU Press US Government Declassify Secret Surveillance Orders