NSA Chief Sought to Balance Security, Privacy in Black Hat Speech

NEWS ANALYSIS: NSA Director Keith Alexander mixed patriotism, devotion to national security and (one) expletive in his Black Hat keynote defense of the agency's anti-terrorist mission.

It was a rare speech for the director of a super secret agency and was admirable for presenting what public facts are available and gamely handling hecklers. A bigger obstacle than hecklers or the acts was the speech's timing.

It took place the same day NSA secrets leaker Edward Snowden published new documents via the British newspaper The Guardian, detailing an NSA project called XKeyScore, which seemed to refute many of the safeguards and procedures highlighted in Gen. Keith Alexander's speech.

The ZKeyscore program, according to the Guardian, "allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals." Alexander did not mention and was not asked about the program during his speech.

Alexander is a four-star U.S. Army general and appeared in uniform at Black Hat. The conference is a sounding board for not only digital hacking techniques, but also for debates regarding privacy, security and the meaning of freedom in this digital age.

Many trade shows and conference keynotes have become thinly veiled marketing opportunities for vendor executives as part of their show sponsorship package. Black Hat is singular in preserving the keynote stage for controversial speakers and topics. The general walked onto the stage in front of an audience of approximately 4,000 digital security experts and hackers and didn't shy from the controversy his agency engenders.

In my view, Alexander came off as precisely what he is, a military officer handed a tough assignment which he is fulfilling to the best of his abilities. He didn't write the rules of engagement or create the programs he is charged with managing.

He has been active in the intelligence community for much of his career, and during his keynote he noted the community had "failed" to connect the dots leading up to the Sept. 11, 2001, attacks. The Patriot Act, which authorized the NSA type programs, was created in haste following those terrorist attacks and is now becoming a focal point of public and political debate regarding re-evaluating all of the act's provisions.

Alexander noted that of the 6,000 NSA personal that have deployed to Afghanistan and Iraq, 20 were killed in those combat theaters. “I believe these are the noblest people we have in this country,” he told the audience.

The agency’s programs—including the controversial PRISM intelligence-gathering operation—has been instrumental in stopping 54 terrorist attacks worldwide, including 13 potential attacks in the United States, Alexander noted. He highlighted the thwarting of the 2009 attempted attack on the New York subway system as one of those NSA-driven successes. The tech industry is compelled by the courts to comply with NSA requests, which he said are scrutinized and not blindly "rubber-stamped," by federal judges.

"The assumption is that people are out there just wheeling and dealing, and nothing could be further from the truth. We have tremendous oversight in these programs," he said. His remarks were met at times with applause and in several instances with heckling as shouts of "freedom" and "read the Constitution" added tension to what was already a highly charged atmosphere.

In one response, Alexander said, "We get all these allegations of what the staff could be doing. But when you check what the NSA is doing, they've (the audit committees) found zero times that has happened. And that's no bulls—t. Those are the facts."

The issues surround privacy, national security and whether the NSA has overstepped its bounds are important issues for the public and politicians, but also has become a controversial topics for technology vendors. Big vendors including Google and Microsoft want to assure customers that they are not simply opening their data floodgates to government spy agencies. Startup and foreign companies are concerned over what government requirements will be in force for them if they locate in the United States.

Eric Lundquist is a technology analyst at Ziff Brothers Investments, a private investment firm. Lundquist, who was editor-in-chief at eWEEK (previously PC WEEK) from 1996-2008 authored this article for eWEEK to share his thoughts on technology, products and services. No investment advice is offered in this article. All duties are disclaimed. Lundquist works separately for a private investment firm which may at any time invest in companies whose products are discussed in this article and no disclosure of securities transactions will be made.