The previous bill brought opposition from privacy advocates who feared too much data would end up in the hands of the National Security Agency, which is aligned the with military and generally charged with spying overseas. Those arguments resonate more now that documents leaked by Edward Snowden showed that the NSA collects domestic calling records and that big Internet companies provide information on thousands of overseas customers.
NSA Director Keith Alexander stressed Wednesday that Google Inc, Facebook Inc and other technology companies revealed by Snowden as assisting the NSA were only doing what courts had ordered them to do in a “compelled relationship.” A half-dozen companies are petitioning US courts for the right to disclose more about how much they turn over, saying that early media reports exaggerated their role.
In the meantime, federal agencies are working to share more information with each other more rapidly and automatically where feasible, and officials are expanding a program to use secret data about emerging threats to protect private companies that are critical to the country’s economic health.
In another bid to make amends with the technology industry, the US National Institute of Standards and Technology is revisiting its past endorsement of a cryptology tool developed at the NSA that Snowden’s papers show was promoted because it was weak and could be broken by the NSA. EMC Corp’s RSA security division and others adopted the tool and have recently asked software writers to stop relying on it, but many programs using it are in wide circulation.
A NIST official told Reuters that the agency would work closely with outside cryptography experts to see whether other standards were problematic. “We are looking at reviewing our processes,” said Donna Dodson, deputy cybersecurity advisor at NIST.
Alexander and Mike Rogers, chair of the House Intelligence Committee, gave spirited defenses of the NSA programs, which Alexander said had helped prevent dozens of terrorist attacks, and said that most of the violations described in declassified court rulings were minor.
Alexander said that over the past decade, the NSA had self-reported 12 “willful” violations of its own spying rules overseas, and that the majority of those responsible had taken retirement afterward. Two were demoted and had their pay docked.