Most computer networks are run by private companies, and the government must work closely with the private sector to improve cybersecurity. But companies have become reluctant to share security information with the U.S. government, fearing the NSA could use any information to hack into their systems. The National Security Agency (NSA) headquarters at Fort Meade, Maryland (AFP/Getty Images)
"When you want to go into partnership with somebody and work on serious issues — such as cybersecurity — you want to know you're being told the truth," Black said.
Google and one other cybersecurity firm discovered "Heartbleed" — a critical flaw in a widely used Internet encryption tool — in March. The companies notified a few other private-sector groups about the problem, but no one told the U.S. government until April.
"Information you share with the NSA might be used to hurt you as a company," warned Ashkan Soltani, a technical consultant who has worked with tech companies and helped The Washington Post with its coverage of the Snowden documents.
He said that company officials have historically discussed cybersecurity issues with the NSA, but that he wouldn't be surprised if those relationships are now strained. He pointed to news that the NSA posed as Facebook to infect computers with malware.
"That does a lot of harm to companies' brands," Soltani said.
The NSA's actions have also made it difficult for the U.S. to set international norms for cyberconflict. For several years, the U.S. has tried to pressure China to scale back its cyberspying operations, which allegedly steal trade secrets from U.S. businesses.
Jason Healey, the director of the Cyber Statecraft Initiative at the Atlantic Council, said the U.S. has "militarized cyber policy."
"The United States has been saying that the world needs to operate according to certain norms," he said. "It is difficult to get the norms that we want because it appears to the rest of the world that we only want to follow the norms that we think are important."
Vines, the NSA spokeswoman, emphasized that the NSA would never hack into foreign networks to give domestic companies a competitive edge (as China is accused of doing).
"We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line," she said.
Jim Lewis, a senior fellow with the Center for Strategic and International Studies, agreed that NSA spying to stop terrorist attacks is fundamentally different from China stealing business secrets to boost its own economy.
He also said there is widespread misunderstanding of how the NSA works, but he acknowledged that there is a "trust problem — justified or not."
He predicted that rebuilding trust with the tech community will be one of the top challenges for Mike Rogers, who was sworn in as the new NSA director earlier this month.
"All the tech companies are in varying degrees unhappy and not eager to have a close relationship with NSA," Lewis said.