LAS VEGAS — In order to defend NSA surveillance, agency chief General Keith Alexander spoke to a crowd of hackers and security professionals today, revealing just what information NSA employees see.
Last year, Alexander ran out on hacker conference Def Con’s stage with the jovial excitement of a recruiter looking for talent. He wore a T-shirt and jeans and sauntered around the stage as he explained what the NSA was looking for. But this year, a uniformed Alexander walked out onstage at Black Hat (Def Con’s sister security conference) with a somber face, armed with slides justifying the agency’s data-collection programs.
“[NSA employees’] reputation is tarnished because all the facts aren’t on the table,” said Alexander during his keynote at the conference. “I will answer your questions to the fullest extent possible. And I promise you the truth.”
Two of the NSA’s policies have been on the hot seat since former NSA contractor Edward Snowden released information on a government data collection program called PRISM in June. These are Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act.
Above: Screenshot of the NSA’s data-collection system.
Image Credit: Meghan Kelly/VentureBeat
Section 215 Alexander explained as the “metadata program” that collects phone numbers and other call log information. The public saw this section in action recently when The Guardian newspaper in the U.K. posted a leaked court order sent to Verizon demanding “all call data” for those customers making calling between U.S. and foreign entities and well as U.S. to U.S. calls.
He showed a screenshot [right] of the information collection system that an NSA analyst reviews when collecting this kind of data. In the form of an Excel spreadsheet, columns are labeled for the date and time the call was placed, the originating and terminating number, the length of the call, and where the data was collected from.
According to Alexander, only 22 people in the NSA can approve a number to be placed in the agency’s system that can be queried. After that, only 35 NSA employees are authorized to run queries.
“In 2012, there were less than 300 numbers approved for queries. Those queries resulted in 12 reports to the FBI. Those reports contained less than 500 numbers. Not millions, not hundreds of thousands, not tens of thousands — less than 500,” said Alexander. “NSA only has the fact of a number. FBI can take that, see where it connects to, use a national security letter, and the legal authority is given to them to take the next step.”
He then explained FISA 702, which is where many people believe the NSA has the capability to listen in on your phone calls. “That is not authorized under this,” explained Alexander.
He appealed to the patriots in the crowd, telling the story of the attempted bombing on the New York City subway system. Najibullah Zazi, a terrorist living in the United States, was found e-mailing a co-conspirator about building bombs. At the time, the NSA, suspecting Zazi was up to something, compelled his Internet service providers using section 702 to hand over the content of his e-mail. He was found e-mailing another man about building bombs and included a phone number. The NSA then ran that number against its list of numbers and found his co-conspirator. The NSA handed the information over to the FBI who was able to complete the rest of the equation and arrest Zazi while he was driving from Colorado to execute the attack in New York.
Alexander said that this kind of work has stopped 54 terrorist attacks around the world, 13 of them in the United States.
“It’s worth considering what would have happened if those attacks … if they were successfully executed. What would that means to our civil liberties and privacy?” asked Alexander.
The reaction from the crowd was surprisingly mixed, leaning toward the positive. Some in the crowd yelled at the general saying that he lied to congress, with some even responding to some of his comments with “Bullshit!” But other attendees quickly came to Alexander’s aid, yelling back, “Shut up!” and “Wait for the Q&A.”
The feeling in the room was one of tension — but also one of appreciation. Black Hat attendees appreciated that he even showed up, that he was willing to answer questions, and that he was defending his position. But Alexander was happy to offer some retorts of his own.
When one person yelled, “You should read the Constitution!” Alexander quickly quipped, ” I have, and you should, too.”