U.S. federal agencies including the Defense Intelligence Agency (DIA), Customs and Border Protection (CBP), the Drug Enforcement Administration (DEA) and the Internal Revenue Service (IRS) have been purchasing access to large databases of phone location data and hiding their motives in what Sen. Ron Wyden (D-OR) described as “warrantless surveillance” of Americans.
In a Thursday letter to Defense Secretary Lloyd Austin, Wyden called on Austin to declassify all answers about the Department of Defense’s data collection practices. Wyden noted that of eight questions he raised with the DoD, he received unclassified answers to three questions, while the answers to the five remaining questions were offered in a classified manner.
“In February 2020, media reports revealed that U.S. government agencies are buying location data obtained from apps on Americans’ phones and are doing so without any kind of legal process, sich as a court order,” Wyden wrote. “I have spent the last year investigating the shady, unregulated data brokers that are selling this data and the government agencies that are buying it. My investigation confirmed the warrantless purchase of American’s location data by the Internal Revenue Service, Customs and Border Protection, the Drug Enforcement Administration, and the Defense Intelligence Agency (DIA).”
In his letter to Austin, Wyden included his questions to which DOD provided controlled or classified answers. Wyden asked the DoD to identify what other components military intelligence components were buying US phone data without a court order.
Another question Wyden raised was if DoD components are buying internet browsing data, including “netflow” and Domain Name Systems (DNS) records where at least one side of the internet activity is based in the U.S.. Those records could tell what level of internet activity is going to certain networks and when users look up particular domains. According to Vice, the combined netflow and DNS information could essentially form a record of internet browsing history.
Wyden also asked if DoD components have bought data on the automobile telematics of vehicles inside the U.S. Those automobile telematics could include information from onboard systems that communicate with a GPS system, and that communicate the vehicle’s speed and the vehicle’s other activities.
In another question, Wyden asked that if the answer to any of those previous questions is “yes” have those activities been reviewed by the DoD Inspector General, or has the DoD IG otherwise been notified of the activities.
In his letter to Austin, calling on the defense secretary to declassify the answers to those questions, Wyden said, “Information should only be classified if its unauthorized disclosure would cause damage to national security. The information provided by DoD in response to my questions does not meet that bar.”
Wyden’s letter also included some of the public answers he received from the DoD during his initial investigation.
Wyden asked whether the DoD had adopted the position that the 4th Amendment restriction to warrantless searches and seizures does not apply to cellular and online data that the government can purchase from third-party commercial services. The DoD responded in March that if a DoD component purchases data in connection with intelligence gathering, that DoD component is responsible to ensure the purchase is done “in accordance with existing law, regulation, and policy, including the Fourth Amendment.”
When Wyden asked if the DoD had signed off on the legal view that purchasing data from third party companies does not violate the 4th Amendment, the DoD again responded that its individual components are responsible for acting in accordance with existing laws and regulations. The DoD then added that “In this case, DIA’s Office of General Counsel provided the legal support for the DIA activity.”
In the third question Wyden received an unclassified answer to, he asked the DoD to provide a copy of the legal analysis in question that approved the DIA’s data purchase activities. The DoD responded, “In general, the collection and retention of data by the Defense Intelligence Components enable the conduct of authorized intelligence activities (specifically, foreign intelligence and counterintelligence activities), which are subject to applicable law, regulation, and policy, including the Fourth Amendment (s understood through the Carpenter opinion and other relevant case law) and the Attorney General-approved procedures in DoDM 5440.01. We understand that DIA has already provided Senator Wyden’s staff with a document that states DIA’s legal conclusions are regards the DIA activity in question. We have no other analyses to provide in response to this question.”
Wyden has recently proposed new legislation, called “The Fourth Amendment Is Not For Sale Act,” which would require government agencies to obtain a warrant to collect the data of any Americans, as well as other people in the U.S., without first obtaining a warrant or going through a FISA court review, and blocks the U.S. Attorney General from granting civil immunity to third party companies that hand over data not required or permitted by statute.
Wyden’s bill has the support of Sens. Rand Paul (R-KY), Majority Leader Chuck Schumer (D-NY) Sen. Mike Lee (R-UT), Sen. Steve Daines (R-MT), Sen. Edward Markey (D-MA)., Sen. Tammy Baldwin (D-WI), Sen. Elizabeth Warren (D-MA), Sen. Sherrod Brown (D-OH), Sen. Brian Schatz (D-HI) Sen. Cory Booker (D-NJ), Sen. Bernie Sanders, (I-VT), Sen. Jeff Merkley (D-OR), Sen. Jon Tester (D-MT), Sen. Martin Heinrich (D-NM), Sen. Mazie Hirono (D-HI), Sen. Patty Murray (D-WA), Sen. Maria Cantwell (D-WA), Sen. Patrick Leahy (D-VT), and Sen. Richard Blumenthal (D-CT)