April 12, 2021

The National Security Agency is by nature the most formidable cyber power in the world, but US law has given it limited intelligence on the domestic front, and the Fourth Amendment of the US Constitution prevents the government from conducting domestic surveillance unless a crime is suspected.

Rivals of the US, like Russia, are aware of this blind spot and know how to exploit it.

Last year’s serious breach, in which hackers purporting to work for Russia’s SVR intelligence agency placed malicious software on software from Texas-based Solar Winds, showed that privacy protections in the US help to conceal foreign intelligence that could blur traces and create the appearance of operating from American soil.

This triggers a debate about how the US government and private technology companies can protect both computer networks and civil rights.

The Solar Winds hackers have been able to gain access to US government computer networks and dozens of private companies since March last year, and were only discovered in December 2020 by FireEye, a Californian cybersecurity firm that was again struck by the attack.

Kevin Mandia, CEO of FireEye and a former Air Force computer security officer, says the U.S. government needs a central location where both the private sector and government could deal with suspected hacks in a timely manner.

The Biden administration has not yet issued an official statement on the attack on Solar Winds, but is said to be working on ways for the government and the technology industry to share critical information to prevent another massive invasion of privacy. However, the administration has stressed that it does not seek expanded legal powers for greater digital surveillance at home.

For more information, you may view the original story from NPR.