- The NSA director says intel programs have stopped 54 terrorist attacks worldwide
- Gen. Keith Alexander spoke Wednesday at the Black Hat computer-security conference
- Alexander: Data-surveillance program does not apply to people in the U.S.
- Alexander faced some hecklers during his hourlong talk
The National Security Agency's controversial intelligence-gathering programs have prevented 54 terrorist attacks around the world, including 13 in the United States, according to Gen. Keith Alexander, NSA director.
Speaking before a capacity crowd of hackers and security experts Wednesday at the Black Hat computer-security conference, Alexander defended the NSA's embattled programs, which collect phone metadata and online communications in an effort to root out potential terrorists. The secret programs have come under fire since their existence was revealed in June by former CIA contractor Edward Snowden, who leaked details about them to several newspapers.
"I promise you the truth -- what we know, what we're doing, and what I cannot tell you because we don't want to jeopardize our future defense," Alexander told the audience, which included a few hecklers who shouted profanities and accused him of lying.
He then gave a partial recap, using PowerPoint slides, of how the two intelligence programs work. Alexander said the NSA can collect metadata on phone calls in the United States, including the date and time of the call, the numbers involved and the length of the conversations. He made a special point of saying the NSA does not have access to the content of citizens' calls or text messages.
Alexander said the NSA's PRISM surveillance program, which probes digital activity such as e-mail, instant messaging and Web searches, focuses on foreign actors and does not apply to people in the United States. He said the phone and Internet data is necessary to "connect the dots" and identify potential terrorists before they act.
Alexander attempted to reassure the audience that NSA officials are not abusing access to the databases to intrude on Americans' privacy.
"The assumption is that people are out there just wheeling and dealing (users' information), and nothing could be further from the truth," he said. "We have tremendous oversight and compliance in these programs."
Congress and courts make sure the programs operate within the bounds of the Foreign Intelligence Surveillance Act, and internal auditing systems are in place to prevent any abuse by employees, Alexander said. He added that only 35 analysts are authorized to run queries on the phone metadata.
Alexander made no mention of a report in Wednesday's Guardian newspaper about the existence of another secret NSA program, called XKeyscore. According to documents provided to the Guardian by Snowden, XKeyscore allows analysts to search with no prior authorization through vast databases containing e-mails, online chats and the browsing histories of millions of people.
Alexander denied accusations that the NSA programs allow the government to collect all online data on everyone.
"We can't afford to and don't want to collect everything," he said.
"I have four daughters. Can I go and intercept their e-mails? The answer is no," said the security chief before looking out at the auditorium thick with hackers and joking, "You may be able to."
Aside from a couple jokes, Alexander's words were serious and measured, and he seemed unfazed by a smattering of heckling from the audience during his hourlong talk.
"You lied to Congress. Why would we believe you're not lying to us right now?" yelled one person.
Alexander replied that people were basing opinions on what was "written in the press" without looking at facts and urged the heckler read his congressional testimony.
During a Q&A session consisting of prescreened questions, Alexander said that one reason terrorists target the United States is a desire by people in the Middle East to run governments under Islamic law. But another attendee disagreed, shouting, "They want to attack us because we're bombing them."
Another yell of "bulls---!" inspired the general to cap his explanation of the programs by saying "And that's no bulls---, those are facts."
Overall, the reception to Alexander's talk seemed mostly positive. Black Hat attendees are primarily corporate-security types, interested in protecting their networks and warding off cyber attacks. The looser, hacker-centric Def Con conference, which starts here Thursday, could likely give him a more hostile reception.
Alexander solicited advice on how to better balance security with civil liberties and put up an e-mail address so the room of tech experts could share their ideas with the NSA.
He also hinted at possible damage resulting from the Snowden leaks, and wondered aloud whether the government will have the same success preventing terrorist attacks in the next 10 years as it has in the past decade.
"If we tell everyone exactly what we're doing, then the adversaries will know exactly how to get through our defenses," he said.