The summer of 2013 is turning out to be a rough one for the NSA and other government security entities: highly classified cybersecurity programs made their way into the public sphere after former NSA contractor Edward Snowden leaked the information to the British newspaper, The Guardian. Further, at a congressional inquiry, the Director of National Intelligence, James Clapper, said the NSA and the federal government wasn’t collecting information on U.S. citizens. That claim turned out to be false, thanks further revelations made by Snowden.
And now General Keith Alexander, Commander, U.S. Cyber Command (USCYBERCOM) and Director of the NSA, must reconcile the NSA’s apparent transgressions with the one community it cyber spooks love and fear the most: the U.S. security and hacking community.
The good general confronted crowds at the annual Black Hat security conference, a convergence of security experts, hackers, agents, and security agencies in Las Vegas, Nevada. General Alexander didn’t confess to any sins while speaking in Sin City, claiming, rather, that the NSA programs exposed by Snowden have performed wonderfully at their tasks: saving the lives of American citizens and other innocents across the world.
But Gen. Alexander’s speech didn’t go without its bumps, as one member of the audience, identified by Forbes as 30-year-old security consultant Jon McCoy, interrupted the general’s keynote speech on how NSA stands with respect to civil liberties while also providing security, shouting, “Freedom!”
Gen. Alexander, quick to respond, said “exactly — we stand for freedom.”
McCoy retorted “Bullshit.”
Confrontational barbs aside, the general sought to stress the difficult position the NSA finds itself in after the Snowden revelations: a U.S. agency colloquially known as “no such agency” trying to balance civil liberties with the security of U.S. citizens. Alexander told the crowd of hackers the U.S. government needs help to make its surveillance systems better, and said if they disagreed with what the NSA is currently doing, they ought to help them “twice as much.”
The general was surprisingly candid in his keynote speech regarding the NSA and PRISM scandals, rebutting some claims — like the NSA allegedly having direct access to the servers of U.S. companies — and offered details of how inquires are checked and scrutinized when the NSA delves deeper in to Internet records investigations are approved.
According to General Alexander, to investigate a phone number’s metadata, one of 22 people at the NSA have to approve of the number’s scrutiny. Only 35 analysts in the NSA have authorization to investigate those numbers. According to various outlets, the general claimed that fewer than 300 numbers were placed on the list in 2012, the FBI was involved only 12 times — though there’s no word on the preceding years.
The NSA is authorized to send information on numbers to the FBI, which can, in turn, issue a National Security Letter to demand more details — such as name and address — from carriers, who are obliged to comply. But the agency, Gen. Alexander said, cannot spy on any American citizen regardless of where they are in the world.
The programs, specifically the PRISM program, the general noted, helped in preventing a 2009 terrorism plot by Najibullah Zazi. Zazi plotted to bomb a portion of the subway in New York City with the guidance of Al-Quaeda entites. Access to Zazi’s emails and communications helped to apprehend then unknown co-conspirator, Adis Medunjanin.
The general made a specific nod to the 9/11 Commission, which criticized the intelligence community for not being able to “connect the dots” leading up to the September 11 attacks. Alexander said these programs have helped the intelligence community to respond to such threats, apparently preventing 13 terrorism plots within the U.S.
Some members of the audience were apparently receptive to this line of reasoning, while others, like McCoy, were not. It remains to be seen, especially in the wake of even more leaked NSA programs, if the American people agree.