Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What the NSA chief didn't tell Black Hat

Tim Greene | Sept. 12, 2013
Gen. Keith Alexander described a tightly controlled phone-data collection system but failed to mention repeated violations.

The Electronic Frontier Foundation, whose freedom of information requests forced the release of the court documents, interprets the NSA actions as scouring the database to discover reasonable articulable suspicion about certain phone numbers.

"The NSA decided, independently, that it could run searches on the database to develop the basis for the reasonable articulable suspicion. Hence, the NSA was conducting suspicionless searches for information to obtain the court-required basis to search for that information," the EFF's Kurt Opsahl blogs.

Walton again jumped all over the NSA for distributing query results to 136 NSA analysts who weren't properly trained, according to a Sept. 25, 2009 order. That incident was reported Sept. 21, 2009 and a similar incident was reported two days later by the same Department of Justice attorney.

"The Court is deeply troubled by the incidents described above, which have occurred only a few weeks following the completion of an "end to end review" by the government of NSA's procedures and processes for handling the [business record] metadata, and its submission of a report intended to assure the Court that NSA had addressed and corrected the issues giving rise to the history of serious and widespread compliance problems in this matter and had taken the necessary steps to ensure compliance with the Court's orders going forward," Walton wrote.

Here is Alexander's spin on the end-to-end review as presented at Black Hat: "In 2009 in our discussions with the president when he first came onboard we talked to him about these programs and the issue was how do we know the compliance is there and what more could we do. We stood up working with the committees in Congress a directorate of compliance. This directorate of compliance is headed by legal professionals and information specialists that can look at everything that we do in these programs and ensure they comport with the court orders. But we also have oversight from the director of national intelligence, general counsel and IG from the defense department, from the Department of Justice, from the White House, from Congress - the intel committees - and from the courts. ... Our people have to take courses and pass exams to use this data."

What Alexander said at Black Hat doesn't accurately represent what happened in 2009. It may be a faithful portrayal of how the system works today, but there's no way to tell. "[D]eclassifying 2009 data is helpful, but casts no real light on current activities of the NSA and related agencies," says Dave Jevans, CTO and founder of Marble Security, an enterprise mobile security provider. "This is still a mystery, and is likely to remain so for quite some time."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.