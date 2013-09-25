By Joseph Menn
| WASHINGTON, Sept 25
WASHINGTON, Sept 25 Senior U.S. officials on
Wednesday sought to mend fences with the technology industry as
they renewed their pleas for legislation to increase the flow of
information about cyber attacks between federal agencies and
private companies.
A plan to protect companies from privacy lawsuits if they
turn over data on electronic intrusions was a central feature of
the administrations cybersecurity agenda last year, but
legislation containing it failed to pass and it has not gained
momentum during this Congressional session.
The previous bill brought opposition from privacy advocates
who feared too much data would end up in the hands of the
National Security Agency, which is aligned the with military and
generally charged with spying overseas. Those arguments resonate
more now that documents leaked by Edward Snowden showed that the
NSA collects domestic calling records and that big Internet
companies provide information on thousands of overseas
customers.
"If we thought that information-sharing was moving slowly
before, now it's moving even more slowly," a senior
administration official said in an interview granted on
condition of anonymity.
The White House task would be easier with technology
companies' support, but some are reluctant to endorse anything
that would exacerbate the negative publicity from Snowden's
documents.
NSA Director Keith Alexander stressed Wednesday that Google
Inc, Facebook Inc and other technology companies
revealed by Snowden as assisting the NSA were only doing what
courts had ordered them to do in a "compelled relationship." A
half-dozen companies are petitioning U.S. courts for the right
to disclose more about how much they turn over, saying that
early media reports exaggerated their role.
"Industry has done the right thing, and we need industry to
work with us on cyber legislation," Gen. Alexander said in a
speech at Billington Cybersecurity Summit in Washington. "If we
can't share information with them, we won't be able to stop it."
The senior U.S. official said the White House wants security
legislation that would minimize data on Americans and limit what
the NSA could do with that data.
In the meantime, federal agencies are working to share more
information with each other more rapidly and automatically where
feasible, and officials are expanding a program to use secret
data about emerging threats to protect private companies that
are critical to the country's economic health.
In another bid to make amends with the technology industry,
the U.S. National Institute of Standards and Technology is
revisiting its past endorsement of a cryptology tool developed
at the NSA that Snowden's papers show was promoted because it
was weak and could be broken by the NSA. EMC
Corp's RSA security division and others adopted the tool
and have recently asked software writers to stop relying on it,
but many programs using it are in wide circulation.
A NIST official told Reuters that the agency would work
closely with outside cryptography experts to see whether other
standards were problematic. "We are looking at reviewing our
processes," said Donna Dodson, deputy cybersecurity advisor at
NIST.
Alexander and Mike Rogers, chair of the House Intelligence
Committee, gave spirited defenses of the NSA programs, which
Alexander said had helped prevent dozens of terrorist attacks,
and said that most of the violations described in declassified
court rulings were minor.
"It's not a privacy violation. It's a bureaucratic issue and
a technology issue," Rogers said at a cybersecurity event put on
by the U.S. Chamber of Commerce.
Alexander said that over the past decade, the NSA had
self-reported 12 "willful" violations of its own spying rules
overseas, and that the majority of those responsible had taken
retirement afterward. Two were demoted and had their pay docked.