The US military purchased a tool that enables them to monitor individuals browsing history and emails as well as gives them access to all the cookies stored on a device.
Several branches of the U.S. military have purchased a powerful tool that can monitor 90% of the world’s internet traffic. In some cases, it can also provide access to people’s email data, browsing history, and other sensitive information like internet cookies, according to contracting data and other documents. The revelation was made by government Senator Ron Wyden who said an anonymous whistleblower had contacted his office with a letter.
The individual expressed concern about the use and purchase of data by NCIS after filing an official complaint with the Department of Defense. According to Vice, the previously little-known monitoring tool called Augury is powered by data purchases from the private sector. It is developed by cyber security firm Team Cymru and bundles a massive amount of data and makes it available to corporate and government customers like the U.S military as a paid service.
In the private sector, internet security analysts use it to track the activity of hackers or attribute cyber attacks. Analysts can do the same for government departments, but agencies that deal with criminal investigations have also purchased the capability. While the various U.S military agencies did not detail their use of the tool, the sale highlights how Team Cymru obtained this controversial data and then sold it as a business.
This is something that has alarmed multiple sources in the cyber security realm. The network data includes information from over 550 collection worldwide points. This includes areas in Europe, the Middle East, Africa, and Asia, as well as North and South America.
It is also updated with about 100 billion new records each day, a description of the Augury platform in a U.S. military procurement document says. Additionally, it states that Augury provides access to “petabytes” of current and historical data.
It was also revealed that the Navy, Army, Cyber Command, and the Defense Counterintelligence and Security Agency collectively paid about $3.5 million to access Augury. This allows the U.S military to track people’s internet usage using a large amount of sensitive information. An investigation by Motherboard extensively examined how local agencies gain access to data, which would normally require a warrant, by easily purchasing data available commercially from private companies.
The news comes as several federal lawmakers are working to investigate the U.S military’s acquisition of data. Last month, two top Democrats in the House of Representatives (Jerrold Nadler and Bennie Thompson) demanded that the FBI and DHS disclose details of alleged data purchases that revealed internet browsing activity and users’ precise locations.
While a 2018 Supreme Court decision said that government cannot acquire sensitive location data without a warrant, several official agencies are accused of choosing to interpret the decision narrowly. In this instance, data that is commercially acquired was exempt. This means the government and U.S military are literally buying their way around the Fourth Amendment.
Interestingly, federal agencies like the U.S military are not the only ones buying data. Representative Anna Eshoo recently asked the Federal Trade Commission to investigate newly revealed police software, called Fog Reveal which allows law enforcement to map the movements of American citizens. That service doesn’t rely on Netflow data, but location data culled from hundreds of consumer apps for advertising purposes.