Technology Outpacing Policymakers, Needs Of NSA

Play associated audio

The controversy over the National Security Agency's surveillance programs has exposed a problem in the oversight of those programs: The development of the relevant technology has outpaced the laws and policies that govern its use.

"The technology is moving very fast," says Joel Brenner, a former NSA general counsel. "Legislation moves very slowly. Policy moves pretty slowly. The people who write policy don't always understand technology, and the people who write legislation almost never understand technology. And so in an era when the technology is moving quickly, it's really hard for the policy to keep up with it."

Examples of that mismatch arise from the NSA's main responsibility, which is to gather signal intelligence. Since the Sept. 11 attacks, its paramount mission has been to listen in when terrorists communicate. Anne Neuberger, a special assistant to NSA Director Keith Alexander, says the challenge can be summed up in a single sentence: "Our duty," she says, "requires us to attempt to collect terrorist communications wherever they traverse global infrastructure."

A key word there is "wherever." If a terrorist is using a particular communications system the NSA will go there to intercept it, even if means breaking an encrypted communication. Inevitably, this can raise privacy concerns.

"If the NSA wants to collect the emails or phone calls of a terrorist or a foreign diplomat, that target is probably using ... a BlackBerry or an iPhone," Brenner says. "That means that in order to collect that person's communication, the NSA has to be able to break the encryption that you or I might use."

And there may be no way around that fact, says Neuberger, whose job at the NSA is to work with the private tech companies that carry those communications.

"We'd love to magically segregate bad guys' 'comms,' as we call them, and good guys' 'comms,' " she says. "You can't technically do it. They're intermixed. Communications are fundamentally intermixed today."

Privacy Versus Security

If the NSA is going to intercept terrorist communications, it has to be capable of intercepting everyone's communications. This raises a conflict between ensuring privacy and ensuring national security. It's one of the problems that need to be sorted out as the country considers new surveillance rules.

Another conflict arises from NSA's efforts to break into the computer systems that foreign intelligence targets may use. To do that, NSA technicians may look for a software flaw in that computer system; a flaw, for example, in some commercial product used in that system. It's called a "vulnerability," and the NSA can take advantage of it to penetrate the system.

Christopher Soghoian, a technologist at the American Civil Liberties Union, says NSA officials therefore have an interest in not telling the commercial provider of that software about any flaw they find in the product.

"When they learn about those vulnerabilities, they have to sit on them and exploit them rather than telling Microsoft or Google or Apple or Facebook," Soghoian says.

In Soghoian's view, this means another conflict between the government's interest in ensuring the security of our networks against cyberattacks and the government's interest in being able to go into those networks to gather intelligence.

"If cybersecurity is, in fact, a big threat, then our government should be doing everything in its power to make sure that systems are as safe and secure as possible against all adversaries," Soghoian argues. "But what we've learned is that the NSA is willing to weaken the security of systems and software used by U.S. companies because it gives them an edge in surveillance."

'Defense Wins'

NSA officials insist that whatever they're doing with U.S. companies is within the law. And Neuberger says her boss, Alexander, says protecting U.S. computer systems is the priority.

"Gen. Alexander has given clear guidance," she says. "Defense wins."

But there is a tension. Right now, the agency with the cybersecurity mission — the U.S. military's Cyber Command — is co-located with the NSA. Alexander oversees both agencies. The NSA surveillance controversy has raised the question of whether the two should be separate. It's one of the many surveillance issues currently under debate by policymakers and legislators.

President Obama himself has welcomed the debate. In a recent interview with NBC News, Obama said the NSA's technology, budget and capacity have "outstripped the constraints. And we've got to rebuild those."

Copyright 2013 NPR. To see more, visit


Cult Survivor Documents 2 Decades Inside 'Holy Hell'

Will Allen directed the documentary Holy Hell, which depicts his experience as a videographer and member of The Buddhafield cult. Allen used his own footage, as well as his interviews with other former members, to make this documentary.

Evaporated Cane Juice? Puh-leeze. Just Call It Sugar, FDA Says

Companies cultivating a healthful image often list "evaporated cane juice" in their products' ingredients. But the FDA says it's really just sugar, and that's what food labels should call it.
WAMU 88.5

The Politics Hour - May 27, 2016

Congress votes to override DC's 2013 ballot initiative on budget autonomy. Virginia governor faces a federal investigation over international finance and lobbying rules. And DC, Maryland and Virginia move to create a Metro safety oversight panel.


After Departure Of Uber, Lyft In Austin, New Companies Enter The Void

Earlier this month, voters in Austin, Texas, rejected an effort to overturn the city's rules for ride-hailing companies. Uber and Lyft tried to prevent fingerprinting of their drivers, and now both have left town. A few other ride-share companies have popped up to help fill the void. NPR explores how people are getting around town without Uber and Lyft.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.