Multiple military intelligence offices have paid a data broker for access to internet traffic logs, which could reveal the online browsing histories of U.S. citizens.
At least four agencies within the United States Department of Defense, including the Army and Navy, have collectively spent at least $3.5 million on a little known data monitoring tool with the reported ability to provide access to vast swaths of email data and web browsing activity The Florida-based cybersecurity firm behind the tool claims its product provides customers with a "super majority of all activity on the internet" and " visibility into more than 90% of internet traffic"
The Vice report that revealed the previously unknown government procurements triggered alarm bells from a prominent U.S. senator and the American Civil Liberties Union. The latest example of government agencies finessing their way around constitutional protections is the purchase.
Wyden wrote Wednesday to the inspectors general at the Departments of Defense, Justice, and Homeland Security, urging an investigation of their respective agencies' purchase of the data.
A number of formal complaints had been filed up and down the military's chain of command, according to Wyden. The Naval Criminal Investigative Service is implicated in deals to obtain netflow data without a warrant according to Wyden.
Wyden, the Senate Finance chair and a long time member of the Select Intelligence Committee, said that he had previously investigated data sales by Team Cymru, a data broker.
Netflow records can show which server users connect to. The amount of data sent or received may be revealed by the logs.
Team Cymru, a threat intelligence firm, was trying to get access to netflow records. Net flow data from third parties was obtained in exchange for threat intelligence, according to the company.
According to a source granted anonymity to speak candidly about industry practices, Team Cymru's clients were given access to a dataset, through which they could run queries against virtually any intellectual property.
Virtual private networks, services used by some users to browse the internet more privately, are said to be included.
Public contracting records show that the military uses a tool called Augury, which provides a huge amount of network data from over 500 collection points around the world. Email and web browsing data are collected each day.
Wyden said the tool is offered by the contractor which shares the same corporate address as Team Cymru. Records show that the Army, the Federal Bureau of Investigation and the U.S. Secret Service have contracts with the company.
The Defense Intelligence Agency, Defense Counterintelligence and Security Agency, and U.S. Customs and Border Protection are included in the letter. Wyden is still investigating the government's purchases.
According to the American Civil Liberties Union, more transparency is needed to understand how government agencies are using this information.
The deputy director of the American Civil Liberties Union's national security project said in an email that web-browsing records can reveal sensitive information about who we are and what we're reading online. We need to know how military and law enforcement agencies are able to access our private information without a warrant.
Customs and Border Protection did not respond to a request for comment. All questions are being directed to the inspector general of the Department of Defense. We are waiting to hear back.
Several federal lawmakers are investigating the U.S. government's acquisition of data that would otherwise require a warrant. Two top Democrats in the House of Representatives demanded that the FBI and DHS reveal details of alleged data purchases that reveal internet browsing activity and users' precise locations.
All Rights Reserved © 2024
