Gen. Keith Alexander

NSA's Alexander to Black Hats: Trust us, we need you

National Security Agency director Gen. Keith Alexander’s appeal last week to a gathering of hackers, security professionals and researchers at the Black Hat Briefings in Las Vegas reflected not only the significance of intell-gathering programs but the weight the cybersecurity community carries with the NSA.

The importance he placed on the Black Hat venue was illustrated by the fact that Alexander chose to appear at the conference, while sending a deputy to testify before a Senate Judiciary Committee hearing that same morning at which declassified information about the programs was presented. He said the cybersecurity community’s understanding was essential to supporting the NSA’s credibility.

Alexander travelled to what he called “the world’s technical center of gravity” to plead his case that controversial surveillance programs established after Sept. 11, 2001, are targeted, limited and governed by strong technical controls, agency policy and judicial oversight that limit the ability of analysts to access data being gathered on domestic phone calls.

“The controls that go onto this database” are greater than on any other maintained by NSA, Alexander said in his keynote address. The agency gathers only metadata about domestic phone calls, he said. “They do not include the contents of the call,” or names and addresses or participants.

The programs, first leaked by expatriate and former NSA contractor Edward Snowden, have been described in news articles and congressional hearings, but Alexander said, “all the facts are not on the table,” and “I promise you the truth,” although not necessarily the whole truth. He added some details about how the programs are administered and controlled and their role in thwarting a dozen terrorist attacks in the United States.

He said the Snowden leaks have done “significant and irreversible” damage to national security.

“If you are not satisfied with the current situation, help us find a better solution,” he said.

Despite some skepticism, the talk was well received by the packed ballroom. There was a shouted expletive indicating disbelief when Alexander said “we stand for freedom,” which received scattered applause, but the greatest applause was for his measured response to the few hecklers.

Alexander described the limitations of the two programs. The Foreign Intelligence Surveillance Act Amendments Act of 2008 allows the NSA to sweep up metadata of phone calls from U.S. service providers, including the time of the call, the number called and the number called from, its duration and its origin. This is used to help connect the dots in information gathered from the second program, known as PRISM, under Section 702 of the act, a lawful intercept program that can be used to listen in on communications of foreign nationals.

Queries of the domestic call database must be authorized. Alexander said only 22 people at NSA can place a U.S. telephone number on the list of numbers that can be queried, and only 35 analysts are authorized to query those numbers. Alexander said that fewer than 300 numbers were placed on the query list in 2012, and these resulted in 12 reports to the FBI for follow-up within the United States.

“We stopped 13 terrorist related activities in the United States,” since the programs began in 2007, Alexander said. Twelve of those investigations used phone data gathered under the Section 215 program, which provided “good information” in eight of those cases.

One of the cases involved the 2009 arrest of Najibullah Zazi in a plot to bomb the New York subway system. Alexander said Zazi was identified when the NSA notified the FBI that a suspected terrorist in Pakistan had called Zazi’s Colorado phone number.

Alexander said repeatedly, “These are facts,” and emphasized that the surveillance programs are under strict oversight by the NSA’s own directory of compliance as well as the secret FISA Court and Congress. He said a Senate Select Intelligence Committee study of four years of operations found no NSA violations. “No one at NSA has ever gone outside the boundaries we’ve been given,” he said.

He offered little documented information about the classified programs to support his assertions, but the presentation generally received high marks, even if it did not convince everyone.

“There is nothing that he could do to persuade” hardcore skeptics in the audience, said John Dickson, former Air Force security officer and CTO of the Denim Group, an application security consultancy. But he did a good job of steering a middle path between preaching to the choir and confronting hostile listeners. “I thought he made a forceful argument,” Dickson said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • security in the cloud (ShutterStock image)

    Cloud security is the agency’s responsibility

Reader Comments

Mon, Aug 12, 2013

This article stinks of bias. The MAJORITY of the BlackHat audience hated the speaker and all he stood for. They were true patriots to display such distaste for blatant disregard of law and rights.

Tue, Aug 6, 2013 earth

As one heckler pointed out: “Why should we trust you when you have already been caught lying to congress?” Which goes a ways toward explaining why he sent an underling to congress this time instead of going himself? Convenient excuse that.
And as congress is the only publically checkable oversight, his assertions that the secret oversight is as well informed as to the facts as he made congress, lies remember, the public has no REASONABLE basis on which to believe him and his publically lying behavior as a reason not to.
I generally find that people advertise what they have been caught out on in the past. FORD: quality is job one (though marketing still has a veto). Alexander: “No one at NSA has ever gone outside the boundaries we’ve been given.” (not that he knows every little thing every person at the NSA has ever done.) Unqualified assertions like this are marketing statements and demonstrate the asserter as disingenuous. He can make a statement like this only if the “internal affairs” has never found an instance and that implies their “internal affairs” capability is either shamefully inadequate or intentionally self-delusional (the latter being a hallmark of our government lately).

Tue, Aug 6, 2013

In the article's 5th paragraph, this is printed "although not necessarily the whole truth." These words are not included in the General words he spoken. Why did the article writer include this?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group