The Pentagon is carrying out warrantless surveillance of Americans, according to a new letter written by Senator Ron Wyden and obtained by Motherboard.
Senator Wyden's office asked the Department of Defense (DoD), which includes various military and intelligence agencies such as the National Security Agency (NSA) and the Defense Intelligence Agency (DIA), for detailed information about its data purchasing practices after Motherboard revealed special forces were buying location data. The responses also touched on military or intelligence use of internet browsing and other types of data, and prompted Wyden to demand more answers specifically about warrantless spying on American citizens.
Some of the answers the DoD provided were given in a form that means Wyden's office cannot legally publish specifics on the surveillance; one answer in particular was classified. In the letter Wyden is pushing the DoD to release the information to the public. A Wyden aide told Motherboard that the Senator is unable to make the information public at this time, but believes it would meaningfully inform the debate around how the DoD is interpreting the law and its purchases of data.
"I write to urge you to release to the public information about the Department of Defense's (DoD) warrantless surveillance of Americans," the letter, addressed to Secretary of Defense Lloyd J. Austin III, reads.
Do you work for any of the agencies named in this piece? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
Wyden and his staff with appropriate security clearances are able to review classified responses, a Wyden aide told Motherboard. Wyden's office declined to provide Motherboard with specifics about the classified answer. But a Wyden aide said that the question related to the DoD buying internet metadata.
"Are any DoD components buying and using without a court order internet metadata, including 'netflow' and Domain Name System (DNS) records," the question read, and asked whether those records were about "domestic internet communications (where the sender and recipient are both U.S. IP addresses)" and "internet communications where one side of the communication is a U.S. IP address and the other side is located abroad."
Netflow data creates a picture of traffic flow and volume across a network. DNS records relate to when a user looks up a particular domain, and a system then converts that text into the specific IP address for a computer to understand; essentially a form of internet browsing history.
Wyden's new letter to Austin urging the DoD to release that answer and others says "Information should only be classified if its unauthorized disclosure would cause damage to national security. The information provided by DoD in response to my questions does not meet that bar."
The questions were specifically sent to the Under Secretary of Defense for Intelligence and Security in February 2021, Wyden's letter adds. Beyond the NSA and DIA, the Under Secretary of Defense for Intelligence and Security provides oversight to a range of agencies including the National Geospatial-Intelligence Agency (NGA) and the National Reconnaissance Office (NRO). A Wyden aide said it is not clear if the answers go beyond the agencies that act under the Under Secretary of Defense for Intelligence and Security.
The DoD did not respond to a request for comment.
Wyden's questions came in response to Motherboard's reporting on special forces purchasing location data, a Wyden aide said. Specifically, Motherboard previously revealed that U.S. Special Operations Command (SOCOM) bought access to a tool called Locate X that uses location data harvested from ordinary phone apps installed on peoples' phones. Motherboard also found that a National Guard unit tasked with carrying out drone strikes bought the same tool.
A Wyden aide said the office sent its original query to SOCOM's legislative affairs section. That department then said that the Under Secretary of Defense for Intelligence and Security would respond, the aide added.
As part of Wyden's office's own parallel investigation into the location data selling space, the DIA said in a memo its analysts have searched commercial databases of smartphone location data without a warrant in five investigations over the past two and a half years, The New York Times reported in January.
"Other than DIA, are any DoD components buying and using without a court order location data collected from phones located in the United States?" one of Wyden's questions reads. The answer to that is one that Wyden is urging the DoD to release.
The DIA memo said the agency believes it does not require a warrant to obtain such information. Following this, Wyden also asked the DoD which other DoD components have adopted a similar interpretation of the law. One response said that each component is itself responsible to make sure they follow the law.
Wyden is currently proposing a new piece of legislation called The Fourth Amendment Is Not For Sale Act which would force some agencies to obtain a warrant for location and other data. Current sponsors include Sen. Rand Paul, R-Ky., Majority Leader Chuck Schumer, D-N.Y. Sen. Mike Lee, R-Utah, Sen. Steve Daines, R-Mont., Sen. Edward Markey, D-Mass., Sen. Tammy Baldwin, D-Wisc., Sen. Elizabeth Warren, D-Mass., Sen. Sherrod Brown, D-Ohio, Sen. Brian Schatz, D-Hawaii, Sen. Cory Booker, D-N.J., Sen. Bernie Sanders, D-Vt., Sen. Jeff Merkley, D-Ore., Sen. Jon Tester, D-Mont., Sen. Martin Heinrich, D-N.M., Sen. Mazie Hirono, D-Hawaii, Sen. Patty Murray, D-Wash., Sen. Maria Cantwell, D-Wash., Sen. Patrick Leahy, D-VT., and Sen. Richard Blumenthal, D-Conn, Wyden's office previously told Motherboard.
Subscribe to our cybersecurity podcast CYBER, here.