Changes are coming in the National Security Agency’s offensive and defensive intelligence programs.

They were run in relative secrecy by the NSA until June, when the first reports appeared based on documents that former NSA contractor Edward Snowden turned over to journalists.

Don’t expect the federal courts to lead the way to change. U.S. District Judge William H. Pauley III in his decision Friday had it just right, pointing out that “the natural tension between protecting the nation and preserving civil liberty is squarely presented by the government’s bulk telephony metadata collection program.”

Pauley said Snowden’s unauthorized disclosures had provoked public debate and litigation, but in the case before his court he concluded that the collection of Americans’ phone records — numbers called and the time and length of those calls — was “lawful.”

That was notwithstanding the opposite decision, released just a week before by U.S. District Judge Richard J. Leon.

Pauley, however, took it a step further. He wrote: “The question of whether that program should be conducted is for the other two coordinate branches to decide” — meaning the White House and Congress.

Forget for a moment the bulk metadata program and focus on two little-publicized proposals dealing with intelligence priorities and internal security offered by the President’s Review Group on Intelligence and Communications Technologies.

This five-member panel questioned whether the White House-led process for setting requirements for intelligence collection — and thus targets for agencies such as the NSA — has established needs beyond what is required for national security.

The National Intelligence Priorities Framework (NIPF), the process that sets the requirements, was a three-tier listing of about 30 intelligence targets seven years ago and has grown to five tiers today, according to the review group. The tiers represent degrees of importance, with tiers 1 and 2 reflecting “the priorities of the nation as articulated by the president” following a review of possibilities by the National Security Council, according to the review group.

Tiers 3, 4 and 5 “reflect information needed by other government agencies and programs to carry out their legal mandates,” the review group wrote.

Many intelligence priorities require collection on a global basis and go far beyond al-Qaeda and terrorist groups to include enforcement of sanctions, non-proliferation, human trafficking, illicit drugs and criminal cartels, and even violations of ethnic minority rights.

How great is the list? Snowden documents released to documentarian Laura Poitras and published online recently by Der Spiegel offer some insight.

An Aug. 26 article referred to a 12-page overview and major priorities that included countries such as Iran, North Korea, China and Russia.

The United Nations and the European Union also were listed for trade policy and foreign policy (each rated “3”) as well as energy security, food products and technological innovations (each rated “5’”), according to Der Spiegel.

In an Oct. 20 article, the German newsmagazine wrote that Mexico’s drug trade was a “1,” while that country’s leadership was a priority “3,” along with its economic stability, military capabilities and human rights record.

On Sunday, referring to leaked documents, Der Spiegel reported that an NSA unit, Tailored Access Operations (TAO), acts to gain access to the hardest targets. According to these documents, in 2010 TAO “conducted 279 operations worldwide,” Der Spiegel said.

One target was Mexico’s Secretariat of Public Security, which among other things is responsible for counter-terrorism. “TAO penetrated the target officials’ e-mail accounts, a relatively simple job. Next, they infiltrated the entire network and began capturing data,” according to Der Spiegel.

Why drill down so deep into a friendly country’s security agency?

As a former top Defense Department official told me recently, “What had been done laboriously ‘by hand’ decades ago [breaking codes] was suddenly relatively easy to do through NSA’s hardware and software. . . . How could you resist massive interceptions?”

Let’s be clear, as the president’s review group points out, “Most nations collect intelligence, often limited only by their ability and resources. Indeed, the U.S. is an intelligence collection target of many nations, including friendly and even allied countries. The president’s own communi­-cations are a collection target for many nations, friendly and otherwise.”

Nonetheless, the president’s panel recommends more oversight of the NIPF process and particularly the lower-tier priorities, implying that the NSA in some cases may be overdoing it.

Another recommendation by the president’s review group is to tighten up the intelligence community’s internal security — in effect trying to shut the barn door that Snowden blew open.

The panel proposes replacing “need-to-share,” which grew out of perceived failures before the Sept. 11, 2001, attacks, with a “work-related access” approach. This would halt what the review group said was “the profligate distribution of classified information to anyone with a security clearance and an interest in reading information,” i.e. Snowden.

Another recommendation calls for improvement of software that controls dissemination of classified data “in a way that provides greater restrictions on access and use, as well as an audit trail of such use.”

As national security adviser Susan E. Rice put it on CBS’s “60 Minutes” on Dec. 22, “The fact that we have not had a successful attack on our homeland since 9/11 should not be diminished, but that does not mean that everything we’re doing as of the present ought to be done the same way in the future.”

If the White House and Congress make changes now under discussion, it looks like the NSA may be collecting fewer dots and a smaller number of people will have access to all of them — so connections may be missed.

If there is another attack, today’s complainers may be as much at fault as the intelligence community, which nonetheless will get most of the criticism.

For previous columns, go to washingtonpost.com/fedpage.