White House, NSA weigh cybersecurity, personal privacy

The National Security Agency has pushed repeatedly over the past year to expand its role in protecting private-sector computer networks from cyberattacks but has been rebuffed by the White House, largely because of privacy concerns, according to administration officials and internal documents.

The most contentious issue was a legislative proposal last year that would have required hundreds of companies that provide such critical services as electricity generation to allow their Internet traffic to be continuously scanned using computer threat data provided by the spy agency. The companies would have been expected to turn over evidence of potential cyberattacks to the government.

NSA officials portrayed such measures as unobtrusive ways to protect the nation’s vital infrastructure from what they said are increasingly dire threats of devastating cyberattacks.

But the White House and Justice Department argued that the proposal would permit unprecedented government monitoring of routine civilian Internet activity, according to documents and officials familiar with the debate. They spoke on the condition of anonymity to describe administration deliberations. Internal documents reviewed by The Washington Post backed these descriptions.

White House officials cautioned the NSA that President Obama has opposed cybersecurity measures that weaken personal privacy protections. They also warned the head of the spy agency, Army Gen. Keith Alexander, to restrain his public comments after speeches in which he argued that more expansive legal authority was necessary to defend the nation against cyberattacks, according to several officials.

“We have had to remind him to at least be cognizant of what the administration’s policy positions are, so if he’s openly advocating for something beyond that, that is undermining the commander in chief,” an administration official said.

The debate, which is surfacing as Congress considers landmark cyber-legislation, turns on what means are necessary and appropriate to protect vital private-sector systems from attack by China, Russia or other potential adversaries. Even some criminal gangs and hackers, such as the self-styled activist group Anonymous, increasingly may acquire the tools to mount major assaults on the nation’s computer systems, U.S. officials say.

NSA officials said that they have issued warnings about such threats but that they have not sought to establish policy.

“As a major source of the nation’s technical expertise on cyber and cybersecurity, we have a responsibility to ensure our leaders are informed and aware of what is happening in the cyber-realm,” NSA spokeswoman Judith Emmel said. “We also work diligently to team with other agencies, industry and academia to find solutions to protecting our nation’s critical infrastructure.”

Protecting key industries

The proposal was intended to supplement an administration legislative package, unveiled in May, that NSA officials thought did not go far enough in protecting critical industries such as nuclear power, according to administration officials. The proposal was put forth by the Defense Department, which includes the NSA, and the Department of Homeland Security.