Modernizing Authentication — What It Takes to Transform Secure Access
LAS VEGAS: On the same day the Obama administration released formerly classified records related to the National Security Agency's once-secret surveillance programs, General Keith Alexander defended the actions of his agency during an address at the Black Hat security conference.
In a keynote address here, the NSA director stressed that everything the NSA does has proper legal oversight and is in compliance with the U.S. Constitution.
"The reason why some of the things we do is classified, the big reason from my perspective, is that the terrorists use our communications systems and they live among us," Alexander said.
The challenge for his agency is coming up with programs that protect against terrorism while also ensuring civil liberties and privacy, Alexander said.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
"From my perspective, it's important to first understand what NSA people do and how they do it," Alexander said. "Our job is defending this country and saving lives."
Alexander emphasized that the NSA can and does audit the actions of its personnel. He refuted media reports that the NSA is collecting everything on everyone as simply not being true. The NSA focuses on programs that go after content that might represent a threat to the U.S., he said.
"We have a metadata program that helps us to connect the dots in the least intrusive way we can," Alexander said.
NSA Director Keith Alexander addresses Black Hat
The NSA operates at least two key programs that Alexander detailed. One he referred to as Section 215 Authority Business Records FISA. The metadata program helps identify the communications of persons suspected to be associated with terrorists. Alexander stressed that this program does not include the content of phone calls or emails.
That's where PRISM comes in. Alexander referred to PRISM as Section 702 FISA AMENDMENT. He stressed that it operates with full oversight and is a lawful intercept program for foreign intelligence. He added that the 702 program does not allow the NSA to unilaterally obtain information from U.S. companies.
"Congress reviewed the program over a period of four years and they found no violations of the law or intent of the law," Alexander said.
He added that the NSA's auditing tools would detect any violations.
"The intent is not to go after our communications; the intent is find the terrorist that walks among us," Alexander said. "The nation needs to know that we're going to do the right thing. If we make a mistake, we hold ourselves accountable and report it to everyone."
As a proof point, Alexander said that Section 702 activities were directly responsible for stopping Najibullah Zazi from trying to bomb the NYC subway system. In total, some 54 terrorist-related activities have been halted as a result of Section 702/PRISM, he said.
Black Hat General Manager Trey Ford, in a controlled question and answer session, asked Alexander if the NSA could listen in to calls he makes to his mother.
"We have technical controls to limit that, then there is policy too," Alexander said. "Can I intercept my daughter's emails? No. You may be able to."
Alexander was interrupted by a heckler who yelled out, "Read the Constitution!"
Alexander responded, "I have, and you should too!"
"The whole reason i came here is to ask you to help us make it better," Alexander told the Black Hat crowd. "If you disagree, then you should want to help us twice as much."
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.