The FBI was a customer of a private company Team Cymru, a contract shows. The company is in the business of harvesting NetFlow – network protocol for collecting IP traffic information and monitoring network flow – data from ISPs in return for threat intelligence, and then selling it on.
The contract became public knowledge thanks to a Freedom of Information Act (FOIA) request filed by Motherboard which reveals that the federal agency’s Cyber Division spent “tens of thousands” of dollars to get its hands on this data.
The deal was worth $76,450 and was made in 2017.
NetFlow data provides information about traffic volume and flow on a network, such as servers communicating with each other. This is something that is known only to the server owner, or an ISP – and, thanks to deals companies like Team Cymru have with ISPs, also to the FBI and other buyers.
Team Cymru openly states that the product it sells can track traffic through VPNs, Motherboard writes. The company also offers data like visited URLs and cookies, however, the internal FBI document detailing the deal does not say if this was part of the package.
“Commercially provided net flow information/data – 2 months of service,” is what the document on what the FBI purchased states.
The FBI is not alone in showing interest in NetFlow data – the military does it as well, and according to a whistleblower who went to Senator Ron Wyden with their information, one of the customers is the Navy’s Naval Criminal Investigative Service (NCIS), a civilian federal law enforcement agency.
Several days ago, Wyden said that he asked the Department of Justice inspector general to look into how the FBI is buying and using metadata, also based on a whistleblower report, and now, concerning NetFlow data, the senator sees it as yet more proof that the FBI is buying metadata capable of showing “the websites Americans visit, as well as sensitive information such as what doctor a person sees, their religion or what dating sites they use.”
And for that, Wyden said in a statement, the FBI explained what data concerning Americans’ browsing history it buys and why.
“It is not acceptable for the government to go around the courts by using a credit card to buy private information, which is why I have proposed the Fourth Amendment is Not for Sale Act to ban the purchase of this kind of private data,” he concluded.
According to Motherboard, neither the FBI nor Team Cymru were in the mood to offer any comment at this time.