NSA Chief To Black Hat Attendees: Data Collection Saves Lives, Thwarts Attacks
The extent of the data collection activities at the National Security Agency have been "terribly" misconstrued, according to Army General Keith Alexander, the director of the NSA and the leader of the U.S. Cyber Command, who sought to "set the record straight" with several thousand security professionals at the Black Hat conference on Tuesday.
"The assumption is that people are just wheeling and dealing and nothing can be further from the truth," Alexander said. "We can audit the actions of our people 100 percent in this case and we do that."
Speaking to throngs of white hat hackers, penetration testers and other IT security professionals, Alexander said employees at his agency use many of the same security tools to mine intelligence data with the intent of thwarting terrorist attacks. These programs helped disrupt a plot to bomb the New York City subway system, which would have been the biggest attack since 9/11, Alexander said. NSA data collection programs helped understand and disrupt 54 terror-related activities.
[Related: Eugene Kaspersky: NSA Surveillance Issue 'Difficult ' For U.S. ]
"No one at NSA had ever gone outside the boundaries of what we have been given," Alexander said. "They take their role very seriously. Their intent is not to go after our communications. Their intent is to find the terrorist that walks among us."
The tenor of the General's audience in a packed auditorium at Caesars Palace was contentious at times. He was interrupted during his speech by a few people shouting that they didn't trust him or his agency's activities. Prior to the keynote, security guards confiscated a dozen eggs located under a chair near the General's podium after being alerted by an attendee.
"I've never sensed this level of tension or apprehension in the security community since the crypto wars in the 1990s," said Jeff Moss, the founder of Black Hat, which is owned and operated by UBM, CRN's parent organization, speaking to attendees prior to the General's keynote. He added that offensive tactics appear to be winning over defensive technologies. "Right now a lot of people are thinking what does this mean for my business."
Alexander has been publicly defending the NSA's foreign surveillance operations and the Patriot Act, which have come under fire following the leak of thousands of documents that outline the agency's data collection activities that were leaked to the media by NSA whistleblower Edward Snowden, a former government contractor for the NSA based in Hawaii. Snowden, who is currently in Moscow, is now a fugitive wanted by the United States.
Snowden's documents outline two NSA surveillance programs: Section 702 of the Foreign Intelligence Surveillance Act, which has a secret court that authorizes access to records and other items of foreigners located outside the U.S.; and Section 215 of the Patriot Act, which grants NSA authority to collect data on phone calls that occur inside the U.S. and between the U.S. and other countries. Alexander said the NSA collects the date and time of calls, the address from which calls were made and the length of calls. Content of the communications are not collected, he said.
NEXT: Strict Program Controls And Oversight In Place, Says Alexander
Alexander said strict controls are in place on the database that contains the call data collected under the Patriot Act. Twenty-two people have approval power to mine the database for a specific number. Thirty-five analysts at the NSA are authorized to run queries, he said. In 2012, 300 numbers were approved for queries. The queries resulted in about a dozen reports to the FBI, Alexander said. "The Intent was to find a terrorist actor and identify that to the FBI," he said.
In addition to an Inspector General inspection, the data collection programs face judicial scrutiny and are also regularly reviewed by Congress and the current Administration, Alexander said, calling the data collection programs a model for other nations. A congressional review of its collection programs over a four-year period found no willful or knowledgeable violations of the law, under the program, he said.
"No one at NSA had ever gone outside the boundaries of what we have been given," Alexander said. "If they did, our auditing tools would detect them and they would be held accountable. They know that from the courses they take and the pledge that they have made to this nation."
Alexander said the world has changed, forcing the need for better intelligence gathering capabilities, beginning in 1993 with the World Trade Center bombings, the USS Cole bombing and 9/11, which transformed the nation. "The intelligence community, according to the administration failed to connect the dots," Alexander said, adding that the finding created the need to develop the data collection programs.
The NSA is clashing with members of Congress who have filed the House amendment to reel in the agency's authority to collect and analyze massive amounts of communications data. The amendment, authored by Rep. Justin Amash, a Republican from Michigan, is expected to get a vote this week. If passed, it would be attached to the Pentagon's spending bill and ends authority for "blanket collection" of data under the Patriot Act. It would bar the NSA and other agencies from collecting records on individuals not subject to electronic surveillance under Section 215 of the Patriot Act.
PUBLISHED JULY 31, 2013