WASHINGTON, July 9 - The head of the U.S. spy agency that eavesdrops on electronic communications overseas sought on Monday to reassure Americans that the National Security Agency would not read their personal email if a new cybersecurity law was enacted to allow private companies to share information with the government.
The House of Representatives in April approved a bill that would allow the government and companies to share information about hacking. But the White House and key Senate Democrats back a broader approach.
Critics have raised privacy concerns about the sharing of such information, concerned it would allow the National Security Agency, which also protects government computer networks, to collect data on American communications, which is generally prohibited by law.
“The reality is we can do protection of civil liberties and privacy and cybersecurity as a nation,” General Keith Alexander said in a speech at the American Enterprise Institute.
But to help protect the private sector, he said it was important that the intelligence agency be able to inform them about the type of malicious software and other cyber intrusions it is seeing and hear from companies about what they see breaching the protective measures on their computer networks.
“It doesn’t require the government to read their mail or your mail to do that. It requires them, the Internet service provider or that company, to tell us that that type of event is going on at this time. And it has to be at network speed if you’re going to stop it,” Alexander said.
He said the information the government was seeking was the Internet address where an email containing malicious software originated and where it traveled to, not the content of the email.
‘GET THIS RIGHT’
Alexander said it was important to write the legislation now rather than waiting until there is a crisis, which could cause the government to overreact and go too far.
“When something bad happens, we’re going to jump way over here where we don’t want to be,” he said. “So while we have the time, the patience and the understanding, let’s get this right. Let’s do it now.”
The U.S. government has blamed hackers from China for breaking into U.S. company computers and stealing proprietary information. Internet security firms say billions of dollars worth of intellectual property has been stolen.
“In my opinion, it’s the greatest transfer of wealth in history,” Alexander said.
But the U.S. government is also concerned about the possibility of a cyber attack from adversaries on critical infrastructure such as the power grid or transportation systems.
Alexander said so far a threat from al Qaeda in the cyber sphere had not materialized.
“I don’t personally believe they’re a viable threat in that realm right now,” said Alexander, who is also head of U.S. Cyber Command, the military combatant command responsible for activities in cyberspace.
But the tools to become a threat are available publicly “to anybody who has access to the web and who is semi-literate,” Alexander said. “So I am concerned that while I don’t see it today, that they could very quickly get to that.”
Alexander said the NSA’s vast new data center under construction at Camp Williams, Utah, does not “hold data on U.S. citizens,” but he declined to go into further detail about the 240-acre facility, which will have 100,000 square feet of computer space when completed next year.
He sought to dispel concerns that the National Security Agency was storing Americans’ emails.
“We don’t do that,” he said, noting that the volume of U.S. emails was about 30 trillion a year or more. He called speculation that somehow this information would be stored at the Utah data center “baloney.”
“We need the American people to know that is not true,” Alexander said.
Officials say the mission of the data center is to offer technical assistance to the Department of Homeland Security, providing intelligence and warning about cyber threats and to carry out cybersecurity operations.
They also say it is part of expanding efforts to defend Pentagon computer systems from cyber attack.