Las Vegas -- The head of the NSA sought the help of security pros at Black Hat to advise on an intelligence-gathering system that collects the same data as recently publicized domestic spying programs but without the same perceived civil-liberties shortcomings.
"The whole reason I came here is to ask you to help us make it better," Gen. Keith Alexander said during his keynote address at the security conference, which is noted for its briefings on how to break into computer systems and networks. He announced an email address firstname.lastname@example.org to which to write suggestions.
Alexander says he wants to lay out the facts about the data-gathering program that includes Prism, the effort that collects information about domestic phone calls and that was revealed by documents leaked by NSA contractor Edward Snowden.
The data gathered does not include phone conversations, SMS messages, names, addresses or the content of emails, he says. It does not include credit card numbers, or locational information, either, he says.
The list of information gathered is: date and time of calls, calling number or IP address, called number or IP address, duration of calls or length of emails and the origin of the metadata information.
Within NSA there are 22 people authorized to approve adding given phone numbers or email accounts to the query database. There are 35 analysts authorized to run queries on the database, he says. In 2012, fewer than 300 phone numbers were approved for queries, he says, and these checks resulted in 12 reports being made to the FBI for further investigation.
Phone numbers and emails are targeted only when they are linked to foreign terrorist suspects and after the traffic information is analyzed it is passed on to the FBI for possible action. The FBI must seek court permission or use national security letters they issue themselves to link the numbers and addresses to individuals and locations, says Alexander.
Congress reviewed four years' worth of the program's records and "found no willful or knowledgeable violations of law or intent of law," he says.
He says NSA has been mischaracterized as snooping into all phone and email traffic and the content of that traffic. "What comes out is we are collecting everything. That is not true," he says. "What you quickly believe is what's written in the press without looking at the facts. I ask that you all look at the facts."
He characterized NSA workers as "noble folks" who are well trained to carry out surveillance in accordance with laws and overseen by courts, Congress, the presidential branch as well as via internal reviews and controls that prevent abuse of the power it has to gather the communications data.
Sign up for Computerworld eNewsletters.