STEVE INSKEEP, HOST:
Now, the controversy over NSA surveillance has raised new questions about how the eavesdropping programs might be reformed. There are plenty of ideas: Bills are pending in Congress, and the White House has ordered two separate policy reviews. But here's the challenge: communication and surveillance capabilities have advanced faster than the rules for using them. NPR's Tom Gjelten looks at the race between technology and the law.
TOM GJELTEN, BYLINE: People who work at U.S. intelligence agencies often say how the mission of protecting the nation from terrorist attacks took on new urgency after 9/11. For the NSA, that meant listening in when terrorists communicate. Anne Neuberger is a special assistant to the NSA director.
ANNE NEUBERGER: So in one sentence: Our duty requires us to attempt to collect terrorist communications wherever they traverse global infrastructure.
GJELTEN: A key word there: wherever. If a terrorist is using a particular communications system the NSA will go there to intercept it. If that means breaking an encrypted communication, so be it. Joel Brenner, a former NSA Inspector General, says this inevitably presents a privacy problem.
JOEL BRENNER: If NSA wants to collect the emails or phone calls of terrorist or a foreign diplomat, that target is probably using the same encryption - well, he's using a BlackBerry or he's using an iPhone. That means that in order to collect that person's communication, NSA has to be able to break the encryption that you or I might use.
GJELTEN: And there may be no way around that fact, says Anne Neuberger. Her job at the NSA is to work with the private tech companies that carry those communications.
NEUBERGER: We'd love to magically segregate Bad Guys' Comms, as we call them, right, and Good Guys' Comms. You can't technically do it. They're intermixed. Communications are fundamentally intermixed today.
GJELTEN: So if the NSA is going to intercept terrorist communications, it has to be capable of intercepting everyone's communications. This raises a conflict between ensuring privacy and ensuring national security. That's one of the problems that need to be sorted out as the country considers new surveillance rules.
Here's another: In order to break into somebody's computer system, NSA technicians may look for a software flaw in that system; could be a flaw, for example, in some Microsoft product. It's called a vulnerability and the NSA can take advantage of it to penetrate the system.
Christopher Soghoian, a technologist at the American Civil Liberties Union, says NSA officials therefore have an interest in not telling the company about the flaw they have found.
CHRISTOPHER SOGHOIAN: When they learn about those vulnerabilities, they have to sit on them and exploit them rather than telling Microsoft or Google, or Apple or Facebook.
GJELTEN: In Soghoian's view, this means another conflict between the government's interest in ensuring the security of our networks against cyber attacks, and the government's interest in being able to go into those networks to gather intelligence.
SOGHOIAN: If cyber security is, in fact, a big threat, then our government should be doing everything in its power to make sure that systems are as safe and secure as possible against all adversaries. But what we've learned is, in fact, that NSA is willing to weaken the security of systems and software used by U.S. companies, because it gives them an edge in surveillance.
GJELTEN: NSA officials insist, first, that whatever they're doing with U.S. companies is within the law. And Anne Neuberger says her boss, NSA Director Keith Alexander, says protecting U.S. computer systems is the priority.
NEUBERGER: The General Alexander has given clear guidance: Defense wins.
GJELTEN: But there is a tension here. Right now, the agency with the cyber security mission - the U.S. military's cyber command - is co-located with the NSA. General Alexander oversees both agencies. The NSA surveillance controversy has raised the question of whether the two should be separated; that's one of the things being debated right now.
Joel Brenner, the former NSA Inspector General, points out that a big problem in regulating surveillance is that it's hard for anyone to keep up with the latest technology and how it can be used - by good guys and bad guys alike.
BRENNER: The technology is moving very fast. Legislation moves very slowly. Policy moves pretty slowly. And the people who write policy don't always understand technology, and the people who write legislation almost never understand technology. And so in an era when the technology is moving quickly, it's really hard for the policy to keep up with it.
GJELTEN: President Obama himself made that point last week in an interview with NBC. The NSA's technology, budget and capacity, he said, have, quote, "outstripped the constraints. And we've got to rebuild those."
Tom Gjelten, NPR News, Washington.
(SOUNDBITE OF MUSIC)
INSKEEP: You're listening to MORNING EDITION from NPR News.