Phone carriers AT&T, Verizon, and T-Mobile neglected to fulfill their contractual duties to alert the Senate about government surveillance targeting senators’ official devices, according to a May 21 letter from Senator Ron Wyden.
We obtained a copy of the letter for you here.
The Oregon Democrat disclosed that none of the three companies had set up notification systems required under Senate contracts, effectively allowing surveillance to occur without lawmakers’ knowledge.
“Our Senate communications face serious cyber and surveillance risks, directly threatening the Senate’s independence and the separation of powers,” Wyden wrote in the letter addressed to his Senate colleagues. He explained that an investigation by his staff revealed that “until recently, Senators have been kept in the dark about executive branch surveillance of Senate phones because the three major phone carriers — AT&T, Verizon, and T-Mobile — failed to establish systems to notify offices about surveillance requests, as required by their Senate contracts.”
Although the carriers have now adjusted their policies to comply with these notification obligations for Senate-funded lines, Wyden emphasized that “significant gaps remain, especially for the campaign and personal phones used by most Senators.”
Wyden pointed to two recent incidents that demonstrate the scale of the threat. The first was the “Salt Typhoon” cyber operation, in which “China reportedly intercepted the communications of specific Senators and senior staff.”
The second involved revelations from the Justice Department’s Inspector General, showing that the DOJ “collected phone records of Senate staff — including national security advisors to leadership, and staff from the Intelligence and Judiciary Committees” during a leak investigation. Both Democratic and Republican staffers were impacted.
According to Wyden, these episodes show that “executive branch surveillance poses a significant threat to the Senate’s independence and the foundational principle of separation of powers.” He warned that if government agencies can quietly access sensitive data, including lawmakers’ “location data or call histories,” it would “severely threaten” their ability to fulfill their constitutional roles.
“This kind of unchecked surveillance can chill critical oversight activities, undermine confidential communications essential for legislative deliberations, and ultimately erode the legislative branch’s co-equal status.”
The Senate enacted contractual protections in 2020 to mitigate these threats, requiring carriers to provide notice when Senate records are sought.
However, Wyden noted, “My staff discovered that, alarmingly, these crucial notifications were not happening, likely in violation of the carriers’ contracts with the SAA, leaving the Senate vulnerable to surveillance.” One provider, he wrote, “confirmed that it turned over Senate data to law enforcement without notifying the Senate, even after its SAA contract was updated to require notice.”
While the investigation prompted all three companies to begin issuing notifications for official lines, Wyden criticized the ongoing vulnerability of campaign and personal devices, which are frequently used by lawmakers for official communications under Senate ethics rules.
Because these lines are not covered by Senate contracts, “they are not subject to the contractual notice of surveillance for Senate-issued phones.”
He also expressed concern that the Sergeant at Arms “is currently barred from providing cybersecurity help for Senators’ campaign and personal phones and online accounts,” leaving them “incredibly juicy targets for foreign hacks and espionage.”
Wyden called for policy changes through the appropriations process, stating, “I urge you to support common sense changes I have proposed via the annual legislative branch appropriations bill that would allow the SAA to protect Senators’ phones and accounts — whether official, campaign, or personal — against cyber threats, just as we have for Executive Branch employees.”
He also encouraged colleagues to “seriously consider switching mobile carriers for their campaign and personal phones to carriers that will provide them with notice of government demands.” While AT&T and Verizon only offer notice for Senate-funded lines, T-Mobile has committed to notifying senators “for Senators’ campaign or personal lines flagged as such by the SAA.” Wyden noted that Google Fi Wireless, US Mobile, and Cape have all adopted notification policies “after outreach from [his] office.”
Finally, Wyden urged senators to request the Government Accountability Office’s confidential report on cyber and surveillance threats to the Senate, explaining, “While this report is not routinely distributed to all Senators, the report contains important information that every Senator should be aware of.”
He closed with a warning: “The security of our communications isn’t a luxury — it’s essential for protecting our ability to do our jobs, defend the Constitution, and serve the American people.”
