In a shocking report, a letter addressed to the US Director of National Intelligence exposes the National Security Agency (NSA) for allegedly acquiring personal data illicitly harvested from smartphone users through various apps. 

The sender of this open letter is none other than US Senator Ron Wyden, a member of the Select Committee on Intelligence, who fervently implores US security agencies to immediately cease this questionable practice. 

Furthermore, Senator Wyden urges the agencies to expeditiously eliminate any existing data procured through illegal means.

Illicit Data Trading Done by NSA

The core issue centers around app developers who, by legal mandate, are obligated to transparently disclose the utilization of personal information gathered from users.

However, a clandestine aspect of this process involves the surreptitious sale of users' data, encompassing sensitive details like location history, to entities such as the Defense Intelligence Agency (DIA) and NSA through data brokers. 

According to 9to5Mac, the Federal Trade Commission (FTC), acting as the de facto federal privacy regulator in the US, has declared this practice illegal. Legal actions were initiated against one implicated data broker, X-Mode Social, by the FTC. 

Despite these measures, the latest missive from Senator Wyden contends that both the DIA and NSA persist in procuring such data.

Related Article: [UPDATE] Deepfake Biden Robocall Linked to Silicon Valley's Top Voice-Cloning Startup ElevenLabs

Evasion of Warrant Requirements

Senator Wyden clarifies that if security agencies like the NSA sought to directly obtain this data from developers or internet service providers, it would necessitate a search warrant. However, the indirect acquisition of data through purchasing circumvents this stringent requirement, prompting Senator Wyden to call for an immediate cessation of such practices.

FTC's Stance on Illegitimate Data Sales

Referencing the FTC's prior ruling on the matter, Senator Wyden points out the illegality of these transactions since app users were kept uninformed about the data sale. 

Specifically, the FTC insists that developers must explicitly disclose not only the sale to data brokers but also the subsequent sale to US intelligence agencies for such practices to be considered lawful. 

The FTC contends that sensitive data sales violate the law unless users provide informed consent for such transactions.

Safeguarding Sensitive Information

Highlighting the profound privacy breach associated with location data, Senator Wyden highlights the FTC's concerns about its potential misuse. Location data, a highly sensitive aspect of personal information, can be exploited to track individuals to places such as medical facilities, religious institutions, and other locations that might disclose sensitive aspects of their identity.

Senator Wyden's Three-Point Directive

In his letter, Senator Wyden calls upon the US Director of National Intelligence to orchestrate a three-step initiative within the intelligence community:

1. Conduct a comprehensive audit of personal data held on US citizens.
2. Identify data that was unlawfully collected and subsequently sold.
3. Execute the prompt and complete purging of such unlawfully obtained data.

This is not the first time that the NSA has been involved in data leaks and access. Back in October 2023, a former NSA employee pleaded guilty to federal charges after admitting that he leaked classified information to Russia.

A decade ago, NBC News reported that the NSA had access to users' data on smartphones. Some of the personal data that the agency might have accessed were call lists, notes, and contacts to name a few.

Until the US remains soft when it comes to federal privacy laws, the data of the citizens will continue to get compromised-either within an agency or a group of cybercriminals.

Read Also: Security Researchers Unearth Compilation of Multiple Breaches, Citing it 'Mother of All Breaches'