At Black Hat, U.S. general offers a modest glimpse into NSA protocols

Keynote speaker Gen. Keith Alexander insists programs have checks and balances in place to prevent abuse

Page 2 of 2

Alexander said the NSA does not collect and store every email, phone call, and other communication passing through the Internet or over phone lines. "What comes out is we're collecting everything. That is not true. Think about netflow and amount of information out there. You can't afford to collect everything and don't want to collect everything," he said.

To provide numerical context, Alexander said that fewer than 300 phone numbers were approved for queries for 2012. The queries resulted in 12 reports to the FBI, which in turn contained fewer than 500 numbers. Additionally, he said that only 35 analysts at the NSA are authorized to run queries in the first place. As to how the NSA works with the communications industry to obtain data, Alexander stressed that "the industry doesn't just dump stuff to us and tell us, 'Hey, here are some interesting facts.' "They are compelled by a court order to comply."

Alexander acknowledged it would be technically possible for agents to misuse the system, such as to obtain data or email from individuals without going through the proper channels. However, he said that just as in the corporate world, the NSA's systems have auditing capabilities in place such that every query an agent makes is trackable, and agents who can't justify certain queries face consequences.

"If they did [misuse the system], our auditing tools would detect them, and they would be held accountable, and they know that from the courses they take and the pledge they've made to this nation," he said. "We get all these allegations of what they could be doing, but when people check, like the Senate Intelligence Committee, they found zero times this has happened. And that's no bulls**t. Those are facts."

All told, according to Alexander, the programs have helped to thwart 54 terrorist-related activities: 13 in the United States, 25 in Europe, 11 in Asia, and five in Africa. Among them was the plot to bomb the New York City subway system. "We had some insights on [an Al Qaeda operative's] communications and what he was doing. We took his name to a 702 court and compelled a service provider to give us his emails. In those emails, we saw him working with an individual unknown to us discussing an imminent terrorist attack," he said.

Though Alexander insisted that the programs are essential for protecting the county, he called on the security community to offer the NSA guidance as to how the programs could be improved. "Terrorists use our communications. They live among us. How do we come up with a program to stop terrorism and to protect our civil liberties and privacy?" he said. "We need to hear from you, because the tools we use are very much the same as the tools you use to secure networks."

Alexander specifically called on critics of the surveillance programs to provide feedback, resulting in the following exchange with an audience member. "If you disagree with what we're doing, tell us what we should be doing," Alexander said to the crowd.

"Read the Constitution!" yelled an attendee.

Without missing a beat, Alexander replied, "I have. You should too."

This story, "At Black Hat, U.S. general offers a modest glimpse into NSA protocols," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

| 1 2 Page 2