AwS Saturday: They Might Be Listening, But Probably Not To You

Na-na-na-na-na-na-na-na-NSA.

Na-na-na-na-na-na-na-na-NSA. (satirical graphic by Jessica L. Tozer)

Contrary to popular belief, the National Security Agency is not Batman.

They don’t have some intricate system of wires and cameras that allow them unfettered access to the hearths, homes, and cell phones of the American people.  That might work for the caped crusader, but in real life?  Not so much.  I’m talking, of course, about the recent headlines regarding the NSA.

You know what I mean.

The recent developments that brought to light certain foreign-intelligence collection programs that have been, if I may be so bold, categorically misunderstood.

At this point, I think many people have already established their opinions on the NSA, PRISM, Snowden, what have you, but I’m not entirely sure that everyone knows exactly what they’re having opinions about.  What is the NSA actually doing?  Did we lose all of our digital privacy years ago?  Are they really reading all of our emails?

The short answer is no.  The long answer is something that I think you need to hear (or read) from the man who knows best.

Army Gen. Keith Alexander is the current director of the National Security Agency, Chief of the Central Security Service, and commander of United States Cyber Command.  Recently he spoke at the national Black Hat convention to address these somewhat touchy topics.

In spite of Internet-wide disbelief, and in the face of actual hecklers, Gen. Alexander explained to an audience of hackers – and other denizens of the tech world – just what the NSA is doing.

The truth?  It may actually surprise you.

“The issue that stands before us today is one of what do we do next,” Gen. Alexander said.  “How do we start this discussion on defending our nation and protecting our civil liberties and privacy?  It’s equally important, from my perspective, that you have the facts.”

Those facts start with understanding why the NSA wasn’t out there blogging out their daily activity to everyone.  That answer should not come as a surprise…to anyone.

You know the conference is exciting when even the logo is incognito.

You know the conference is exciting when even the logo is incognito.

There are good reasons why some of this is classified, and why some of this is stuff that we just don’t put out there,” he explained.  “The big reason, from my perspective, is because terrorists use our communications.  They live among us.  How do we come up with a program to stop terrorism, and to protect our civil liberties and privacy?  This is perhaps one of the biggest issues facing our country today.”

Times have changed, the general pointed out.  Threats to our nation can come in many forms, and the people who work for the NSA, “their reputation is tarnished because all the facts aren’t on the table.”

To fix that, Gen. Alexander said he wants people to articulate the truth.   “It is important to understand [the role of the NSA] so the people know what we do, and what we do not do.”

A good example of this, he said, can be demonstrated in the recent history of terrorism.  Starting with the attack on the World Trade Center in 1993, through 9/11 and today, terrorism is a real and dangerous threat.  It’s also something that the NSA is designed to mitigate.  He also goes on to say that before one can understand the programs themselves, it’s important to first understand the people of the National Security Agency.  That is, what they do and how they do it.

Gen. Alexander says the mission is simple:  “Our job is defending this country; saving lives, supporting our troops in combat.”

Over 6,000 NSA employees have gone to Afghanistan and Iraq, he said.  Of those men and women, twenty of them, cryptologists, paid the ultimate price to ensure that our troops had the intelligence they needed.

“The mindset of these people [NSA employees] is foreign intelligence to save lives, our lives, our military, our civilians.  That is a true and noble effort.”

The ever-discussed PRISM program's logo doesn't disappoint in creative imagery.

The ever-discussed PRISM program’s logo doesn’t disappoint in creative imagery.

An effort that does not go unregulated.  Actually, that brings up a good point.  Why do people think that the NSA is just monitoring everything as they please?  Anyone who has ever worked for or encountered the government knows that the line from concept to execution is a long one that usually requires many signatures.  The NSA is no different.

“I think it’s important to understand the strict oversight that goes into these programs,” said Gen. Alexander.  “The assumption is that people are out there just wheeling and dealing.  Nothing could be further from the truth.  We have tremendous oversight and compliance in these programs, auditability.”

Every part of the process is audited, he explained.  One-hundred percent.  “What comes out is that we’re collecting everything,” he said.  “That is not true.  What we’re doing is, for foreign intelligence purposes, we’re going after counter-terrorism, counter-proliferation, cyber-attacks.  And it’s focused.”

Focused as in specific.  As in the government is not keeping records of everything everyone does online everywhere.  Like they need to know you pinned a picture of waterfalls on Pinterest and then emailed yourself your grocery list.  Because collecting absolutely every single bit of data on everyone everywhere would be a colossal and oppressively difficult undertaking.

“If you think about net flow, and the amount of information, you couldn’t afford – and don’t want – to collect everything.  It makes your analysis harder.”

The intent, he said, is to thwart foreign adversaries who are trying to harm the nation. Period.

Army Gen. Keith Alexander, head of the National Security Agency, delivers the keynote address at the Black Hat hacker conference on Wednesday, July 31, 2013, in Las Vegas. (Isaac Brekken/AP Photo)

Army Gen. Keith Alexander, head of the National Security Agency, delivers the keynote address at the Black Hat hacker conference on Wednesday, July 31, 2013, in Las Vegas. (Isaac Brekken/AP Photo)

Additionally, “industry just doesn’t dump stuff to us and say, ‘hey, here’s some interesting facts’.  They are compelled by court order to comply.”

I know that may seem a little intimidating, but it doesn’t mean what you might think.

In the “metadata” program that’s been disclosed, “This does not include your phone calls,” Gen. Alexander said strongly, “or mine.  Your emails, nor mine.  Your SMS messages.  There is no content.  There are no names in the database.  No addresses.  No credit card numbers.  No locational information is used.”

Only 35 people are authorized to run queries at NSA.  They have to go through 3 separate training regiments and pass a test to actually do queries.  In 2012, there were less than 300 numbers that were approved for queries.  Yes, you read that right: less than 300 numbers.  Those queries resulted in 12 reports to the FBI.  Those reports contained less than 500 numbers.

Not millions, not hundreds of thousands, not tens of thousands, less than 500.

“The intent of this program was to find a terrorist active and identify that to the FBI,” Gen. Alexander said.  “This [PRISM program] is for foreign intelligence purposes.  This is CONTEL [counter-intelligence]. This is not targeting U.S. persons.  This is targeting threats overseas.  This is our lawful intercept program which is analogous to many other countries around the world.  They compel service providers to provide information just as we do.”

So, you know when people say that the NSA is listening to all of our communications?  That’s just not happening.  They are not authorized to do that.

“A lot of people might say, ‘I hear what you’re saying but I don’t believe you’,” the general said to his hacker audience.  “Congress did a review of this program over a four-year period.  In that four-year period, they found no willful or knowledgeable violations of the law or the intent of the law in this program.  More specifically, they found no one at NSA had ever gone outside the boundaries of what we’ve been given.  That’s a fact.”

He said anyone who stepped outside of those boundaries would be noticed by the auditing program, and held accountable for their actions.  He went on to say that the people who maintain this program take their jobs very seriously.

“Their intent is not to go after our communications. Their intent is to find the terrorist who walks among us.”

Under Section 702 of the Foreign Intelligence Surveillance Act, the other issue that’s been in the news, the government is permitted to target only non-U.S. persons reasonably believed to be outside of the United States, and then only when there is a foreign intelligence purpose.

Gen. Alexander says it’s important to have a national  conversation about these issues. He implores people to check the facts, to read the Congressional testimony, before forming an opinion.  “Look at what we’re talking about here because this is our nation’s future.  This is what we’ve done in these programs.”

Gen. Keith Alexander, director of the National Security Agency, addressed the Black Hat hacker convention in Las Vegas. (Photo by Steve Marcus/Reuters)

Gen. Keith Alexander, director of the National Security Agency, addressed the Black Hat hacker convention in Las Vegas. (Photo by Steve Marcus/Reuters)

And yes, some of this stuff is going to be classified, but it’s not classified to keep it from good people, as he pointed out.  It’s classified because there are people out there – real, bona fide bad guys – who wish us harm.

If we tell people exactly what we’re doing then the adversaries will know how to get to our defenses.  The damage to our country could be significant and irreversible.  Preventing future terrorist attacks is, after all, the whole point.

And it’s working. 

“I think it is worth considering what would have happened in a world if those attacks [that have been stopped] – 42 of those 54 terrorist plots – if they were successfully executed,” Gen. Alexander pointed out.  “[Think about] what that would have meant to our civil liberties and privacy.”

Because when it comes down to it, this isn’t an issue of stepping on digital toes, it really is about the future of our country and the welfare of our people.  Those are things that we should treasure protecting, whether that’s the NSA, the FBI, or even a room full of hackers helping to make that possible.

Although, for all the facts, sometimes you still have to deal with a troll or two.  Something Gen. Alexander didn’t bat an eye at, I might add.   When a heckler yelled, “Read the Constitution!” from the audience he said, ever so confidently, “I have.  You should, too.”

It was met with roaring applause.

Jessica L. Tozer is a blogger for DoDLive and Armed With Science.  She is an Army veteran and an avid science fiction fan, both of which contribute to her enthusiasm for technology in the military.

Follow Armed with Science on Facebook and Twitter!

———-

Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense of this website or the information, products or services contained therein. For other than authorized activities such as military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD website.

Check out these other posts:

This entry was posted in Armed With Science Saturday, DoD News, Rotator and tagged , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.