General Alexander heckled during Black Hat keynote address

Speaking to a packed house this morning, General Keith Alexander faced a skeptical, and hostile crowd during his keynote address. A first for the conference, the NSA director faced a State of the Union-like disruption, when someone in the darkened room shouted "bulls..t!" after the General commented that the U.S. Government, "stands for freedom."

The heckling happened several times, ending towards the end of the keynote when the General was holding a Q&A with Black Hat General Manager, Trey Ford.

After commenting that his reason for attending Black Hat was to ask the community represented by the attendees help the government (i.e. the NSA) "make it better" when it comes to data collection and the legal intercept programs, the unknown heckler responded to the General with a shout of, "read the Constitution!" to which Alexander responded, "I have, you should too."

For those sitting near CSO that were willing to talk, the heckling marked a low point in Black Hat's history, but it serves to show just how passionate InfoSec people are at times, and how much of a pressure point the NSA's actions have become.

The keynote left many attendees that CSO spoke with feeling as if they wasted their time. It wasn't that they didn't appreciate the General taking the time to speak, but the keynote was more of a presentation than a meaningful discussion, and when the questions came they were focused more on business than anything else.

General Alexander made no apologies for the news cycle this summer, one that has placed his agency directly in the crosshairs of the public, the media, and politicians on both sides of the isle. The intercept programs, he explained (reiterating previous remarks on the record) are managed with strict oversight. They acquire only the data that is needed for counter-terrorism programs, and it's collected in a way that is the least intrusive when it comes to privacy. This is the point that many disagreed with, and left many of them feeling let down.

However, the General did show how the controversial Sections 215 and 702 (known as PRISM) of the Patriot Act, were used to stop attacks. In fact, he said that 54 terror plots were stopped by the programs, and of the 13 plots halted in the U.S., 12 of them were directly linked to the intercept programs.

General Alexander's keynote at Black Hat also happens to fall on the same day that intelligence officials are slated to begin testifying on Capitol Hill in a Senate hearing on government surveillance. Shortly after the General began speaking, the Office of the Director of National Intelligence (ODNI), released three documents that were previously classified, including a records collection order under Section 215.

The three documents outline some of the basics of the intercept programs, and once again stress that only basic information is collected, and that most of the data "is never viewed." One of the ODNI's documents says that only those with proper training and authorization are allowed to access the collected data.

Yet, in what looks to be a contradiction (including going against what the General mentioned during his keynote), a footnote in the 215 order says that the FISA court understands that "technical personnel responsible for the NSA's underlying corporate infrastructure and the transmission of the [collected data] from the specified persons to [the] NSA will not receive special training regarding the authority granted herein."

According to General Alexander, only 22 people have access to the collected data in order to authorize a trace on a given piece of collected data, and only 35 people are allowed to query the database that houses all the collected data. So the footnote in the document released by the ODNI begs the question of who else in that infrastructure chain has access to the collected data (directly or otherwise) and where did Edward Snowden fit in?

CSO was unable to find anyone to address this apparent discrepancy on the record, and the topic of Eric Snowden was off limits with those attending Black Hat who represented a contractor or three-letter agency.

Also on Wednesday, adding another layer to the ODNI questions, a report from The Guardian, exposes the existence of XKeyscore, the "widest reaching" system the NSA has for developing intelligence from the Internet.

According to the report, this program "allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden."

General Alexander knew he was walking into a hot room, but he did it anyway. The problem most had with his address is that the questions asked of him focused on businesses, and not the customers they represent. While it was an embarrassing moment for the conference, the heckler's comments aptly summed up the mood of those sitting near CSO during the keynote:

"What I'm saying is that we don't trust you. How do we know you're not lying to us right now?"

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

Tags infosecapplicationsblack hatNSA spyingnsaGeneral Keith AlexanderBlack Hat keynotesoftwaredata protection

More about CSONSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts