SAN FRANCISCO – The role played by the National Security Agency in its continued spying and infringement of basic personal freedoms, in the United States and abroad, has been well reported. But new revelations about the Heartbleed bug have left many people questioning the fundamentals of online security – and highlighted, once again, the growing angst involving technology, the surveillance state and citizens’ rights to privacy.

According to Michael Riley of Bloomberg, the NSA knew about the Heartbleed bug for years and had been using it as a means to gather even more personal data on Internet users.

The NSA, not surprisingly, has vehemently denied this. But if past indictments – including agency director James Clapper's bald-faced lies to Congress and the American public – are any indication, Bloomberg may be on to something.

“This is a serious issue and it is clear from a lot of research that the NSA exploited the bug without informing the public in order to gain access to a lot of personal information that people would rather not have been made public,” one Silicon Valley tech expert told Occupy.com, based on his close work with researchers at Google to understand the bug and its impact on the public.

The expert, who spoke on condition of anonymity, said U.S. citizens should be aware of the NSA's actions as they relate to privacy issues.

“At the core of this is the fact that the NSA uses a number of tracking means to get information about people, so using this bug would have been a likely means to do so without being blamed or facing scrutiny – because a lot of people and organizations could have done the same,” said the tech expert.

He suggested that since, at present, nobody has reported the use of their personal information from the Heartbleed bug, this could be further evidence that the NSA played a secretive, unconstitutional role in its overreach.

The question, now, that privacy and freedom of information advocates are demanding to know is a rather straightforward one: did the National Security Agency know about the Heartbleed bug that infected websites and potentially stole passwords, financial and private information?

Bloomberg reported that the NSA, in fact, knew about the existence of the flaw in websites for at least two years and had been using the bug as a means of gathering information and intelligence on people. Although the report did not name sources – amid fears of an NSA backlash that could reach far into the tech world – the citation by “two people familiar with the matter” has sparked a litany of online questions and conversations, reigniting outrage over the NSA's intrusion into the private lives of citizens.

In response to the report released Friday, the NSA categorically denied knowing about the online bug before it had been announced to the public, and merely urged Americans to change their passwords to protect themselves from potential trolls.

“The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services," said the agency in a statement published by National Public Radio. "This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”

But according to Bloomberg, the NSA kept its understanding and awareness of the Heartbleed bug a secret in order to pursue further “national security interests” using information it could meanwhile be gathering from the bug. The revelations open a potentially dangerous chapter that some say could be even more sinister and wide-reaching than the initial phone-tapping scandal unveiled by whistleblower Edward Snowden.

For now, the public relations battle remains in full swing as the National Security Agency attempts to deflect accusations and probings which threaten to further expose – and deligitimize – the surveillance techniques and manners of unconstitutional intrusion by government into people's lives.

In San Francisco and the Bay Area especially, the Heartbleed bug has put the issue of privacy and online security at the forefront of Internet activism – along with a growing sense that the high-powered tech world of Silicon Valley must do more to ensure the security of online users everywhere.