Senator Ron Wyden has written a letter to his Senate colleagues, calling out AT&T, Verizon, and T-Mobile for not notifying senators that their communications were being surveilled.

Senator Wyden is one of the more technologically savvy and privacy-focused senators, repeatedly fighting to protect the privacy rights of Americans citizens. In his letter to fellow senators, however, he takes the wireless carriers to task for not disclosing surveillance of the Senate.

Our Senate communications face serious cyber and surveillance risks, directly threatening the Senate’s independence and the separation of powers. An investigation by my staff revealed that until recently, Senators have been kept in the dark about executive branch surveillance of Senate phones, because the three major phone carriers — AT&T, Verizon, and T-Mobile — failed to establish systems to notify offices about surveillance requests, as required by their Senate contracts. While now rectified for Senate-funded lines, significant gaps remain, especially for the campaign and personal phones used by most Senators. I urge your support for legislative changes to allow the Sergeant at Arms (SAA) to protect Senators’ phones and accounts from cyber threats, both foreign and domestic. I also urge you to consider switching your campaign and personal phone lines to other carriers that will provide notice of government surveillance.

The letter then goes on to specifically highlight two incidents in which senators’ communications were monitored, with wireless carriers not notifying senators in either case.

Two troubling incidents last year exposed just how vulnerable the Senate’s communications are. First, in the Salt Typhoon hacks China reportedly intercepted the communications of specific Senators and senior staff. Second, the Department of Justice’s Inspector General revealed that the DOJ, as part of a leak investigation, collected phone records of Senate staff — including national security advisors to leadership, and staff from the Intelligence and Judiciary Committees. Democrats and Republicans were targeted in equal numbers. Together, these incidents highlight the vulnerability of Senate communications to foreign adversaries, but also to surveillance by federal, state and local law enforcement.

Senator Wyden acknowledges that all three carriers have made steps toward improved notification, a problem still exists when it comes to potential surveillance by the executive branch.

Executive branch surveillance poses a significant threat to the Senate’s independence and the foundational principle of separation of powers. If law enforcement officials, whether at the federal, state, or even local level, can secretly obtain Senators’ location data or call histories, our ability to perform our constitutional duties is severely threatened. This kind of unchecked surveillance can chill critical oversight activities, undermine confidential communications essential for legislative deliberations, and ultimately erode the legislative branch’s co-equal status. Recognizing such dangers, Congress enacted protections in 2020 for Senate data held by third parties, after which the SAA updated its contracts with the major wireless carriers to require these companies to inform the Senate when its records are demanded. However, my staff discovered that, alarmingly, these crucial notifications were not happening, likely in violation of the carriers’ contracts with the SAA, leaving the Senate vulnerable to surveillance. One carrier confirmed that it turned over Senate data to law enforcement without notifying the Senate, even after its SAA contract was updated to require notice. As a result of the oversight investigation conducted by my staff, AT&T, Verizon and T-Mobile have indicated that they are all now providing such notice.

Senator Wyden calls on the Senate to act and implement three specific measures.

Given these serious risks, I believe the Senate must act. First, I urge you to support common sense changes I have proposed via the annual legislative branch appropriations bill that would allow the SAA to protect Senators’ phones and accounts — whether official, campaign, or personal — against cyber threats, just as we have for Executive Branch employees.

Second, Senators and staff should seriously consider switching mobile carriers for their campaign and personal phones to carriers that will provide them with notice of government demands. While AT&T and Verizon only provide notice of surveillance of phone lines paid for by the Senate, T-Mobile has informed my staff that it will provide notice for Senators’ campaign or personal lines flagged as such by the SAA. Three other carriers — Google Fi Wireless, U.S. Mobile, and Cape — have policies of notifying all customers about government demands whenever they are allowed to do so. The latter two companies adopted these policies after outreach from my office.

Finally, I urge you all to request from the Government Accountability Office the most recent annual non-public report on cyber and surveillance threats to the Senate. While this report is not routinely distributed to all Senators, the report contains important information that every Senator should be aware of, and GAO has informed my staff that it will provide the report to any Senator upon request.

Senator Wyden’s letter underscores the growing challenges service providers face in the age of surveillance, and the risks high-profile groups face in keeping their communications secure.