LAS VEGAS -- Opening the Black Hat 2013 hacker confab with a widely anticipated keynote, Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency, spoke about two specific NSA surveillance programs -- tied to Patriot Act Section 215 and FISA Section 702, respectively -- and sought to provide clarity about the kinds of information the agency is really collecting.
The assumption is that people are out there just wheeling and dealing … while nothing could be further from the truth.
General Keith B. Alexander,
commander, U.S. Cyber Command
"The issue that stands before us today is: What can we do next? How can we start this discussion of defending our nation, while protecting our civil liberties and our privacy? The reason I'm here is because you may have some ideas of how we can do it better and we need to hear those ideas," he said. "But equally important, from my perspective, is that you get the facts. There's a reason why some of this information is classified and is stuff that we just don't put out there. How do we come up with a program to stop terrorism and to protect our civil liberties and privacy? This is perhaps one of the biggest issues facing our country today."
The speech came just hours after U.K.'s The Guardian newspaper revealed the existence of XKeyscore, an Internet intelligence-gathering tool that is reportedly capable of compiling emails, online chats and Web browsing data from virtually anyone. The story was based on documents provided to The Guardian by former Booz Allen contractor and fugitive whistleblower Edward Snowden.
General Alexander told the crowd: "We need to hear from you, because the tools and the things we use are very much the same as the tools many of you use in securing networks. The difference, in part, is the oversight and compliance that we have in these programs. That part is missing in much of the discussion. I believe it's important for you to hear that and for you to understand what NSA [National Security Agency] analysts need to do [in order] to do their job to defend this nation, and the oversight regime that we have within courts and Congress, and within the administration. I think you need to understand that to get the full understanding of what we do and what we do not do. I think it's important to take a step back and go back to the beginning."
Alexander went on to describe how the events of September 11, 2001, changed the nation's approach to intelligence gathering, noting that the 9/11 Commission's findings indicated the intelligence community failed to connect the dots to uncover the terrorist plot.
He also pointed out that more than 6,000 NSA employees have gone to Afghanistan and Iraq, and 20 cryptologists lost their lives there in service to their nation.
Oversight of NSA data gathering
Alexander explained the oversight process involved in the NSA surveillance programs. "Our government, Congress, the administration and the courts all joined together to come up with programs that would meet our Constitution and help us connect those dots in terrorist plots," he said. "I think it's important to understand the strict oversight that goes into these programs, because the assumption is that people are out there just wheeling and dealing … while nothing could be further from the truth."
He spoke about Cisco Systems Inc.'s NetFlow protocol, which is used widely among enterprises to capture and analyze network traffic, and why the NSA isn't interested in collecting all the information it can.
"We couldn't afford to and don't want to collect everything. If your intent is to go after terrorists, how do you do that? We have two programs to do that: one that helps us connect the dots in the least intrusive way that we can, and one that allows us to go into content," he said.
Alexander strove to make clear that Section 702 Authority is for foreign intelligence purposes and applies only to communications of "foreign persons who are located abroad, and it requires a valid, documented foreign intelligence purpose such as counter-terrorism," he explained. "We're not targeting any U.S. citizens anywhere in the world."
Another point he made is that communications infrastructure providers and other private companies aren't just voluntarily providing the NSA with information; NSA compels them to do so with court orders.
"Where all three branches of our government come together -- think about the lawful intersecting program we have here -- I think this is a standard for other countries, because we have the court overseeing it, we have Congress overseeing it and the administration," Alexander said.
And although some may perceive the Foreign Intelligence Surveillance Act (FISA) court as a "rubber stamp," Alexander strongly disputed that notion.
"I'm at the other end of that table with federal judges, and anybody here who's been up against a federal judge knows these are people with tremendous legal experience," he said. "They want to make sure what we're doing comports with the Constitution and the law.
"I've been in front of that court a number of times," Alexander added, "and I can tell you from the wirebrushings I've received. … They are not rubberstamping."
What types of information is the NSA collecting on calls and what can analysts really see? According to Alexander, it's not nearly as intrusive as we've been led to believe.
"You have the date and time of the call, the calling to and from number, the duration of the call, and we also put in the origin of the metadata, but this does not include the content of the communications. This does not include your phone calls and emails or mine. No SMS text messages. There are no names in the database, no addresses, no credit cards and no locational information is used," he said.
And he likened the database to a lockbox. "The controls on this database are greater than any other data repository in the government and the oversight is insane. There are only 22 people at NSA who can approve that number," he said. "And they have to prove that number meets a standard set by the court. Then, and only then, is that number added to a list that can be queried. Only those numbers on that list can be queried into that database. Only 35 analysts at NSA are authorized to run queries, and they have to go through three separate different training regimen and pass a test to be able to make queries," he said.
Alexander said fewer than 300 numbers were approved in 2012. Those queries resulted in 12 reports to the FBI and involved less than 500 numbers. The intent of this program is to identify a terrorist actor and to pass that intelligence to the FBI. The NSA's goal isn't to complicate things for the FBI by "giving them as many numbers as we can; it's to give them the right number," he said.
Alexander's keynote received mixed response
At various points throughout the speech, Alexander was heckled by loud, sporadic outbursts from the audience, including some derogatory terms and expletives. One listener shouted, "I'm saying I don't trust you. … You lied to Congress. Why would we believe you're not lying to us right now?"
Alexander cautioned people to listen to the facts and not be quick to believe everything reported in the press.
"This is the greatest technical center of gravity in the world," Alexander said. "I ask that you all look at those facts and read the congressional testimony. Look at what we're talking about here, because this is our nation's future. This is what we've done with these programs. In my opinion, that's not bull; those are facts. And what we see coming at our country is more of the same. So the question we have is: What do we do now? Let's begin that discussion by putting the facts on the table. … How do we defend this country? That's the question. We're trying to defend the country and protect civil liberties and privacy."