Tech

The NSA Director Asked Hackers for Advice, But Left a Lot Unanswered

2-A
Photos by the author

General Keith Alexander, the director of the NSA, spoke this morning in a Caesar’s Palace ballroom before a sea of cyber-security experts attending this year’s Black Hat security conference. It was time, he felt, to lay some items out on the table, and explain how those things (data-gathering technology, naturally) function within a legitimate legal framework.

Namely, Alexander spoke about Section 215 of the Patriot Act and FAA 702, the two laws on the books most widely used to justify the NSA’s activities. And despite the occasional “Bullshit!,” and “Freedom!” and “Read the Constitution!” plus a few frantic swings at more journalistic questions, there was no talk of Snowden’s most recent leak, XKeyscore.

Videos by VICE

After an introduction about how unfairly the NSA has been judged due to media coverage—and namely the blame placed in individual programs, when in actuality there are many processes required to cyber-defend the US from terrorism—Alexander told us some ins and outs of PRISM. His PowerPoint was much more visually striking than that mess Edward Snowden gave us.

He showed us what NSA analysts actually see on their screens when going through call records:

And listed what the NSA is not involved in obtaining:

  • Content of calls
  • NO voice communications
  • NO SMS/text messages
  • Subscriber information
  • NO names
  • NO addresses
  • NO credit card numbers
  • Locational information

He also said that only 35 analysts of a select upper-tier status have privileges to run queries. “The people that go through this have to pass courses and go through tests,” he said, saying that what the NSA does is 100 percent auditable. “We comply with court orders and we do this exactly right.”

He explained the post-9/11 need for such counter-terrorist data-sifting projects by saying that a lack of connectivity has hampered intelligence efforts before 9/11. “The intelligence community failed to connect the dots. What do I mean by that?” he said. “We had intercepts of one of the hijackers from Yemen, we didn’t know because we didn’t have the tools to see that he was in California. We couldn’t connect that foreign dot to that domestic plot.”

jbtyeoVeUr29Tj

He also explained that the New York City subway bombing that was planned for December 14th, 2009 was one of PRISM’s great successes, an argument the NSA has made previously.

Alexander said that since 2007, the programs have helped the NSA to “understand and disrupt 54 terror-related activities.” Of these terror-related activities, 13 were within the US, 25 in Europe, five in Africa, and 11 in Asia. “FAA 702 was the initial tip on 27 of those 54,” he said.

j8OkgxQFXlkYD

Alexander battled back against notions that judges—like those in the FISA court—are an easy lay. “I’ve heard that the court is a rubber stamp,” he said. “I’m on the other side of that table [with] anyone who’s been up against a federal judge. These are folks who have given their entire lives to the judicial system. These are tremendous judges. They are not a rubber stamp.”

“I want you to get a sense of the people at the NSA,” he said. “It’s been the greatest honor of my life to lead these noble folks… I believe these are the most noble people we have in this country. 20 lost their lives. These same people are the ones who run these programs. And we get all these allegations of what they could be doing.”

When one of the hecklers “Bullshit!” Alexander softly answered, “Thank you for that. I do think this is important for us to have this discussion,” as a slide behind him displayed the agency’s contact info: ideas@nsa.gov.

At times, it seemed like Alexander was arguing that there are far too many people, far too many agencies, far too many laws, and far too many judges and overseers for the media to focus a witch hunt on one agency and one director. Rather, hundreds of NSA workers—and a small slice of top-ranking analysts—are just the middle men between raw data and the FBI, Pentagon, and others.

But what did we not hear? I never heard the general talk of contracting private companies like Booz Allen Hamilton, nor about the values of corporate hackers versus US cyber-defenders. But the strangest omission remains that of any discussion of Snowden. I suppose the crowd let him off easy, but you could also tell people were waiting for him to say something on the next slide. I mean, why else were we all there?

Watch a video of Gen. Alexander’s keynote:

@danstuckey