LAS VEGAS –NSA director Gen. Keith Alexander’s keynote today at Black Hat USA 2013 was a tense confessional, an hour-long emotional and sometimes angry ride that shed some new insight into the spy agency’s two notorious data collection programs, inspired moments of loud applause in support of the NSA, and likewise, profane heckling that called into question the legality and morality of the agency’s practices.

Loud voices from the overflowing crowd called out Alexander on his claims that the NSA stands for freedom while at the same time collecting, storing and analyzing telephone business records, metadata and Internet records on Americans. He also denied lying to Congress about the NSA’s capabilities and activities in the name of protecting Americans from terrorism in response to such a claim from a member of the audience.

For the first 40 minutes of his talk, Alexander made the case for the agency’s authority under Section 215 of the Patriot Act and 702 of the FISA Act, backing that up with specific examples of terrorist plots such as the New York City subway bombings that were disrupted because of intelligence gathered in the two programs. He also talked about the training agents must pass before having access to the databases housing the collected data, as well as the auditing and compliance associated with those requests.

“The tools and things we use are very much the same tools you use in securing networks. The difference is the oversight and compliance that we have in these programs. That part is missing in much of the discussion,” Alexander said. “I believe it’s important for you to hear that, for you to understand what these people have to do to do their job to defend the nation and the oversight regime we have with the courts, Congress and the administration. You need to understand that to get a full understanding of what we do and do not do.”

All of this happened under the backdrop of new revelations from whistleblower Edward Snowden. The Guardian UK disclosed today, some three hours before Alexander took the stage, new details about another of the spy agency’s top secret data collection programs, this one called XKeyscore. The details, provided to the newspaper by Snowden, indicate that analysts have access to databases housing the online activities of millions, including browsing history, email messages and online chats.

U.S. intelligence leaders today also testified before a Senate Judiciary Committee and released previously classified documents on data collection activities.

The Snowden documents, the Guardian report says, back up a claim made by the former Booz Allen contractor that he as an analyst could “wiretap” any individual. Snowden, who reportedly remains in the Moscow airport awaiting asylum somewhere, shared training materials for XKeyscore with the Guardian. The documents instruct analysts how to mine intelligence databases for information on anyone in the U.S. The Guardian report says analysts need only to fill out a short on-screen form requesting the search; the form is not looked at nor approved by a court or NSA officials.

Alexander, meanwhile, said the two programs were birthed in 2007 largely because of the failures of intelligence agencies to connect the dots on information prior to the September 11 terrorist attacks. He reiterated that Internet companies share data only when compelled to do so by a court order. Alexander then shared a screenshot of the business records the NSA has access to through Section 215; the interface showed the date and time a record was collected, the from and to address of the call, length of the call, source and origin of metadata record. He said the NSA does not collect content such as voice or text message, nor does it gather subscriber names, addresses or locational information. If there is a suspicion of a terrorist connection, Alexander said the business record is passed on to the FBI, which then will investigate deeper.

As for PRISM, or Section 702 of the FISA Court, Alexander said this is the United States’ lawful intercept program, under which service providers can be compelled via a court order to hand over data to the intelligence agency. Alexander said agents are not authorized to listen to communications and that a Senate Select Committee review of the program found no “willful or knowledgeable violations of the law under this program,” he said, adding that the agency’s auditing tools would detect unauthorized access to records and the agent would be held accountable.

“There are allegations [the NSA] listen to all our emails; that’s wrong. We don’t,” Alexander said, adding that of 54 different terrorist-related activities identified through PRISM, 42 of which were disrupted, including 13 in the U.S., and 25 in Europe. “And if we did, we would be held accountable. There is 100 percent auditability on what we do.”

Alexander then answered questions from Black Hat general manager Trey Ford, which the conference solicited from its advisory board and select people in the security community. The questions, Ford said, were evaluated and ranked, though Alexander had no knowledge of them, according to Ford. During the Q&A, Alexander said the Snowden leaks had done significant and irreversible damage to the U.S.

“We’re talking about future terror attacks and the success we’ve had the last 10 years. What will we have in the next 10? What if the 42 of 54 were executed, what would that have meant to our civil liberties and privacy?” Alexander said; a response that was met with loud applause.

Categories: Privacy

Comments (13)

  1. RK
    1

    This program is a packet capture device located at specifically targeted aggregation points across the Internets’ core infrastructure.

    These packet captures can record everything from Web Browsing Sessions, Cookies, Tokens and raw data involved, Voice over IP, email and any other network traffic content.

    With this approach, the NSA can target data going directly to Google, Yahoo, or any other service without gaining authorization from these content providers. That session has already traversed the internet and recorded by these initiatives.

  2. Cinnamon
    2

    So the wolf told the sheep what they wanted to hear and added that they had nothing to fear. Behhh…

  3. See
    3

    Paid to lie. Fairly similar to drug/alcohol addicts that eventually lies themselfs into a corner.

  4. StickItToThem
    4

    “What will we have in the next 10? What if the 42 of 54 were executed, what would that have meant to our civil liberties and privacy?”

    The biggest threat to our civil liberties and privacy is a government that has this much power over it’s citizens and of the rest of the world… I’d rather have taken my chances with the terrorists then have privacy removed in every facet of life. We have gov’t spying, cameras everywhere, tracking from corporations, etc…

  5. Phil
    5

    Let’s set aside the fundamentally flawed logic here and call out the claim about transparency and auditing. Who does the audits? In other words, who watches the watchers?
    In normal practice for something as dangerous as this, audits must be done by an independent bodies. The auditor must not be chosen by the agency being audited.
    If we are to allow this sort of thing, to balance things out, government should create National Privacy Agency with powers to audit and select auditors for all NSA records. Appropriate legal and financial ramifications for misuse should be put in place, applying to both, individuals and the agency.
    If this was in place, perhaps we could begin believing the presented benign nature of the blanket surveillance. As things stand, the sorry excuses presented here give no confidence this operation is kosher.

    • USALegion2k13
      6

      Well said and a fantastically intelligent idea. Now if we can find some people who are willing to donate their time, money and talents to make that happen…utopia!

  6. j noonan
    7

    I feel that the NSA is the National Security threat as they destroy the reputation of our companies in the high tech sector.

  7. L Lennon
    8

    If attacks happened and people died, the people complaining about the NSA would be first ones to come back saying the NSA did nothing to protect us.

  8. Robb McCune
    10

    So were they lying to us when they said they dint have the capabilities that they clearly do or are they lying now when they say they have the capabilities but dont leverage it? Even the NSA is having a tough time putting this cat back in its bag.

  9. Zinc
    11

    The ubersecurity infrastructure is losing its grip. It wouldn’t surprise me if their next step is to stage an incident in order to scare everyone back in line…

  10. Anon
    13

    Prove it! Provide us examples of the times you “saved us” from the terrorists with this scheme! You can’t, can you? No, no, Mister Superman no home…

    The Patriot Act, The Patriot Act… The Patriot Act which is expressly forbidden by the fourth amendment to the Constitution Of The United States Of America… When are we going to wake up and tell these fools to go choke on the same kool-aid they’re trying to force down our throats?

    This is ridiculous. I either drop off the grid completely or I allow the NSA access to my entire digital footprint should they so choose.

    Furthermore, and this is the laughable part… If you find something suspicious, you are handing it off to the FBI? SERIOUSLY?! “Here Bureau, here bureau, good bureau. GET THE STICK BOY, GO GET THE STICK!”

    Can’t lie your way out of this one, feds. Anyone with the slightest bit of independent thought is going to see through you.

Comments are closed.