Intelligence obtained in a surveillance program due to lapse this year helped U.S. investigators solve a 2021 cyberattack that prompted the shutdown of the largest conduit of fuel on the East Coast, and recover millions of dollars in ransom the pipeline’s operator paid to the perpetrators, reports the Wall Street Journal. The program, authorized under Section 702 of the Foreign Intelligence Surveillance Act, enabled confirrmation of the identity of the hacker responsible for the attack on the Colonial Pipeline, which caused a gasoline shortage, said unidentified federal officials. Disclosure of the law's use in pursuing the hackers behind one of the most disruptive cyberattacks ever on U.S. critical infrastructure—previously linked to a Russian criminal group—comes as part of a Biden administration campaign to gain congressional support for renewing Section 702 before it expires at the end of December, amid concern about the program’s risks to Americans’ privacy.

The program allows the National Security Agency to collect communications of foreigners living overseas from U.S. companies such as Google, Meta Platforms, Microsoft and Apple. Because of the global nature of communications, it also collects texts, calls, emails and other digital content belonging to private citizens. U.S. intelligence officials say the foreign surveillance program under the law, which Congress last renewed in 2018, is vital to national security interests, including counterterrorism, cybersecurity and strategic competition with China and Russia. Privacy advocates and skeptics of government surveillance have called for the overhaul or termination of the program over concerns it collects information on Americans that the FBI can search without a warrant. Section 702 authority attracted scrutiny last month, when a court opinion said the FBI had improperly searched intelligence gathered through the program for information on people suspected of participating in the Jan. 6, 2021, attack on the U.S. Capitol and the George Floyd protests in 2020. The FBI said those errors predated internal efforts to reduce misuse.