General Alexander’s Keynote Speech at Black Hat 2013
This entry was posted in General Security, Miscellaneous on July 31, 2013 by Mark Maunder 5 Replies
I just finished listening to the Keynote presentation at Black Hat 2013, the largest hacker/CyberSecurity conference all year, from General Kieth Alexander, Director of the National Security Agency.
The NSA is obviously not in everyone’s good graces since the Edward Snowden revalations and the atmosphere was tense with the organizers who introduced Alexander choosing their words carefully when introducing the General and politely suggesting that he’s doing the conference a favor by appearing and asking the folks attending to be constructive in their questions. That didn’t prevent a few hecklers from engaging the keynote speaker.
I was rapidly taking notes throughout his presentation because in my view, this is one of the most important public appearances the NSA has made in it’s history. To put this in perspective, the controversy about the export ban on strong encryption in the 1990’s and the “clipper chip” the government was designing to “listen in” on us pales in comparison to the current controversy the NSA is facing. And with General Alexander as it’s director appearing in front of the largest gathering of the World’s CyberSecurity professionals, I had a strong sense this morning of being part of history in the Augustus Ballroom at Caesars Palace in Las Vegas.
The full audio of General Alexander’s speech is available at the end of this blog entry.
General Alexander started his speech by focusing on the rationale of why the NSA monitors communications. He also gave us a sense of the people involved in the three letter agencies including the NSA and mentioned several times that 20 cryptographers were killed on deployment in the Middle-East and the sacrifices that employees of our various government branches make to do their job.
He spoke about how the NSA’s reputation has been tarnished and that all the facts are not on the table. He never mentioned Snowden by name.
He was heckled a few times during the last third of his speech. Nothing too offensive and the crowd didn’t seem too supportive. Black Hat attracts a fairly sophisticated and mature audience these days and I suspect they were more interested in hearing what the Directory of the NSA had to say and then form their own opinions.
He said that the CyberSecurity tools that the NSA uses are very similar to the tools that we use, the main difference being the oversight and compliance in their programs. He said that the concepts of oversight and compliance are important and are missing in the current discussion about the NSA and what they do.
Here are a few of what I thought were the most interesting concepts and quotes from his speech:
- The NSA monitor communications and store meta-data which includes time, source and destination phone numbers. It does not include names or addresses.
- Then there is a database which he compared to a “lockbox”. This contains the actual content of communications.
- “Only 22 people” at the NSA can authorize looking into the Database containing the actual content of communications.
- “Only 35 people” at the NSA are authorized to run queries on the database containing the content of actual communications provided they have been given access.
- These people “have to get trained and pass tests” to get authorization to run queries on the database of communications.
- In 2012 there were less than 300 telephone numbers that received approval to look at the content of actual communications.
- Those 300 phone numbers resulted in 12 communications to the FBI.
- The intent was to find a terrorist actor and identify it to the FBI.
- The general spent some time talking about PRISM and how it’s used for foreign intelligence.
- “Our people have to take courses and pass exams to use this data.”
- “What you’re hearing, what you’re seeing, what people are saying is “well they could”. The fact is that they don’t. And if they did, our auditing tools would detect them and they would be held accountable. And they know that from the courses they take and the pledge they’ve made to this nation and they take that very seriously. There are allegations that they listen to our emails and they do all these things. They don’t. And if we did, we would be held accountable. 100% auditability on what we do here.” [Referring to NSA employees abusing their access to our personal data]
- “If we tell everyone what we’re doing the adversaries will be able to get through our defenses.”
- “The damage that has happened to our country is significant and irreversible.” [Referring to Snowden but not by name]
General Alexander was heckled throughout his speech with the final shout from the audience being “You should read the constitution.” His response was “I have. You should too.” to massive applause from the audience.
I don’t hold a strong political view one way or the other regarding the current NSA controversy and the General’s speech. I do know that families who work in high security jobs make sacrifices, the most basic one being that they can never come home and share their day with their spouse and kids. I also know that bad governments use fear to increase their powers and I’ve seen the damage this does first hand when I grew up in Apartheid South Africa from 1974 until 1991. So I think accountability and transparency is very important. The fact that the director of the NSA has the guts to stand up in front of the most vocal and engaged members of the CyberSecurity community speaks to a level of transparency and accountability and I think is a good indication that they realize they are still accountable to us.
The full audio of General Alexander’s speech is available on Soundcloud.