NSA Chief Heckled At BlackHat As Agency Defends XKeyscore

Director of the US National Security Agency (NSA) Keith Alexander was heckled during his talk at the BlackHat conference in Las Vegas yesterday, as the body defended itself against fresh claims it is able to snoop on anything anyone does in the Internet.

Alexander was always going to attract a lot of attention, some of it negative, given the revelations from the Edward Snowden leaks on massive NSA surveillance operations. One heckler shouted he didn’t trust Alexander, even accusing him of lying to Congress, which the NSA chief quickly denied.

Later the heckler shouted: “read the Constitution!” Alexander quickly replied: “I have. You should, too.”

NSA fighting off the critics

He pleaded with the security community to help the NSA improve its surveillance systems to ensure it didn’t overstep the mark – something Alexander claimed had never happened before, from a legal perspective.

He said the metadata collection of the NSA and the processes around it should be an example for the rest of the world to follow.

The NSA has also released a statement explaining its use of the XKeyscore tool, which the Guardian yesterday claimed could be used to look at anyone’s Internet activity, although it is not entirely clear how the technology works.

“Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks,” the statement read.

“There are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring.

“One feature is the system’s ability to limit what an analyst can do with a tool, based on the source of the collection and each analyst’s defined responsibilities.

“Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.”

Snowden had previously suggested that even contracted analysts like himself could use the tool with little oversight.

Doubt has been cast on the capabilities of the XKeyscore tool, however. Marc Ambinder, who co-wrote the book ‘Deep State: Inside the Government Secrecy Industry’, questioned the “top secret” nature of the tool, given there are many references to it on people’s LinkedIn profiles.

Whereas the Guardian article indicated it could be used to access email and instant messaging content, Ambinder said it was a metadata database.

“XKeyscore is not a thing that does collecting; it’s a series of user interfaces, backend databases, servers and software that selects certain types of metadata that the NSA has already collected using other methods,” Ambinder wrote in The Week.

“XKeyscore is useful because it gets the ‘front end full take feeds’ from the various NSA collection points around the world and importantly, knows what to do with it to make it responsive to search queries.”

The slides would appear to back up Ambinder’s claims. But some of those slides showed US intelligence is sitting on some powerful information and technical abilities.

One indicated the US can crack VPNs designed to provide anonymity for users, another  suggested it has access to a list of all exploitable machines in selected nations.

Shhh! Don’t look at our whistleblowers quiz!