The National Security Agency considers itself the world’s most formidable cyber power, with an army of computer warriors who constantly scan the wired world. Yet by law, the NSA collects intelligence abroad, and not inside the U.S.
U.S. rivals like Russia are aware of this blind spot and know how to exploit it, as the NSA director, Army Gen. Paul Nakasone, explained recently to the Senate Armed Services Committee.
“We may see what’s occurring outside of the United States, but when it comes into the United States, our adversaries are moving very quickly,” Nakasone testified on March 25. “They understand the laws and the policies that we have within our nation, and so they’re utilizing our own infrastructure, our own Internet service providers, to create these intrusions.”
In a major breach last year, hackers widely believed to be from Russia’s foreign intelligence service, the SVR, stealthily placed malware on a software update produced by the Texas company Solar Winds.
No one had reason to be suspicious, or the legal authority to monitor, as that software update was sent out electronically from SolarWinds to 18,000 organizations, including nine U.S. government agencies.
“It’s not the fact that we can’t connect the dots. We can’t see all of the dots,” Nakasone said.
The U.S. Constitution’s 4th Amendment bars the government from domestic surveillance unless a crime is suspected.
But in the digital age, these U.S. privacy protections have an unintended consequence. They help hide foreign intelligence agencies that can disguise their tracks and make it appear as if they are operating from inside the U.S.
This is fueling a debate on how the U.S. government and private tech companies can both protect computer networks and civil liberties.
None of the leading figures in this debate are suggesting that privacy laws protecting Americans should be rolled back. But they are saying the U.S. must find a better way to guard against foreign spy agencies.
SolarWinds was just one of several U.S. companies that the hackers tapped into to cover their tracks, said Glenn Gerstell, who was the NSA’s general counsel until he stepped down last year.
“The Russians rented a computer…