The anniversary of the attacks of Sept. 11, 2001, is a time to remember the 2,996 people killed and the lives changed forever, and to recognize the humanity and heroism of that awful Tuesday morning.

It is also an appropriate time to reflect on all that has been done in the wake of the 9/11 attacks in the name of security.

One of those items is very timely. Due to expire at the end of the year is a program that is aimed at spying on foreign citizens living outside of the United States but also has collected data of innocent Americans.

Congress, which is expected to renew the program in some form, should take the opportunity to tighten its privacy protections, so that it can continue on without threatening the rights of American citizens.

At issue is Section 702 of the Foreign Intelligence Surveillance Act, which was approved by Congress in 2008. It allows intelligence agencies to monitor the communications of foreigners they believe have information relevant to national security. It specifically bars spying on people living in the United States, citizens and noncitizens alike.

However, the program casts a wide dragnet, and phone conversations and emails of Americans are often picked up and stored, even if those Americans are not communicating with a foreign national identified as a target. An analysis by The Washington Post found that 90 percent of the information collected was not connected to a target, and much of it originated in the United States.

And unlike the aspects of the Patriot Act unmasked by Edward Snowden, Section 702 allows for the collection not only of metadata – who called who, when and for how long – but also of the actual contents of communications – phone conversations, the text of emails and instant messages, photos, family photos and medical records.

The data is stored in a National Security Agency database that is accessible by the FBI and other federal law enforcement agencies. It theoretically could be used to obtain information from a non-target that otherwise would have required a court-approved warrant.

Now, there is no evidence that the database has been misused. The NSA, too, has stopped collecting data involving Americans after the secret federal court that oversees FISA said it was a violation.

And there is wide agreement that Section 702 is a valuable intelligence asset. Members of Congress from both parties have come to its defense. It has been credited with stopping attacks and tracking terrorists, and in a 2014 report, the president’s Privacy and Civil Liberties Oversight Board said it “has enabled the discovery of previously unknown terrorist operatives as well as the locations and movements of suspects already known to the government.”

But it can be updated to better protect Americans without sacrificing its efficacy. Congress could say that the incidental collection of information from Americans is outlawed, putting on the books what the NSA says it is already doing, making sure that they cannot go back on their promise. Congress could also make the FBI and others obtain a warrant to search the database for items unrelated to national security.

At any rate, lawmakers should provide only short-term reauthorization, so that the law comes up for review every five years, allowing for changes that reflect the times.

Each of these minor changes would retain the meat of Section 702 while making it less likely that the rights of Americans are infringed upon. That’s a balance the United States has been trying to maintain since Sept. 11, 2001, and we shouldn’t stop trying to get it right.