At a glance.
- US senator says NSA's purchase of Americans' data is unlawful.
- Mexican banks targeted by AllaKore RAT.
- Trickbot developer sentenced to five years.
- Suspected Chinese threat actor uses backdoor from 2005.
US senator says NSA's purchase of Americans' data is unlawful.
US Senator Ron Wyden (Democrat of Oregon) yesterday sent a letter to Director of National Intelligence Avril Haines asserting that the US National Security Agency (NSA) is unlawfully purchasing US citizens' information from data brokers, the Record reports. Wyden states, "Although the intelligence agencies’ warrantless purchase of Americans’ personal data is now a matter of public record, recent actions by the Federal Trade Commission (FTC), the primary federal privacy regulator, raise serious questions about the legality of this practice." The FTC earlier this month barred two data brokers from selling Americans' location data.
Wyden adds, "According to the FTC, it is not enough for a consumer to consent to an app or website collecting such data, the consumer must be told and agree to their data being sold to 'government contractors for national security purposes.' I have conducted a broad probe of the data broker industry over the past seven years, and I am unaware of any company that provides such warnings to consumers before their data is collected. As such, the lawbreaking is likely industrywide, and not limited to this particular data broker."
Wyden requests that Haines direct the US intelligence agencies to conduct the following actions:
- "Conduct an inventory of the personal data purchased by the agency about Americans, including, but not limited to, location and internet metadata. As you know, the cataloging of IC acquisition of commercially available information was also a recommendation of the Senior Advisory Group Panel on Commercially Available Information in its January 2022 report.
- "Determine whether each data source identified in that inventory meets the standards for legal personal data sales outlined by the FTC. This, too, is consistent with the Senior Advisory Group’s recommendation to “identify and protect sensitive [Commercially Available Information] that implicates privacy and civil liberties concerns.”
- "Where those data purchases do not meet the FTC’s standard for legal data personal data sales, promptly purge the data. Should IC elements have a specific need to retain the data, I request that such need, and a description of any retained data, be conveyed to Congress and, to the greatest extent possible, to the American public."