Former NSA Official Disputes Claims by NSA Chief

Gen. Keith Alexander, head of the NSA and U.S. Cyber Command appearing at the 2012 DefCon hacker conference in Las Vegas on Friday. Photo: Kim Zetter/Wired

LAS VEGAS — A former NSA official has accused the NSA’s director of deception during a speech he gave at the DefCon hacker conference on Friday when he asserted that the agency does not collect files on Americans.

William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a “word game” and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it.

“Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said. “You can simply call it up by the attributes of anyone you want and it’s in place for people to look at.”

He said the NSA began building its data collection system to spy on Americans prior to 9/11, and then used the terrorist attacks that occurred that year as the excuse to launch the data collection project.

“It started in February 2001 when they started asking telecoms for data,” Binney said. “That to me tells me that the real plan was to spy on Americans from the beginning.”

Binney is referring to assertions that former Qwest CEO James Nacchio made in court documents in 2007 that the NSA had asked Qwest, AT&T, Verizon and Bellsouth in early 2001 for customer calling records and that all of the other companies complied with the request, but Nacchio declined to participate until served with a proper legal order.

“The reason I left the NSA was because they started spying on everybody in the country. That’s the reason I left,” said Binney, who resigned from the agency in late 2001.

Binney was contradicting statements made on Friday by Alexander, who told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.

“And anybody who would tell you that we’re keeping files or dossiers on the American people,” Alexander continued, “knows that’s not true.”

Alexander also told the audience that the NSA targets only foreign entities and that if it “incidentally” picked up the data of Americans in the process, the agency was required to “minimize” the data, “which means nobody else can see it unless there’s a crime that’s been committed.” Minimization refers to legal restrictions under the United states Signals Intelligence Directive 18 on how data pertaining to U.S. citizens can be handled, distributed or retained.

Following the panel discussion, a former attorney for the NSA elaborated on this to Threat Level.

“You’re looking at a data stream that originates in a foreign country. It just happens to be transiting the United States,” said Richard Marshall, former associate general counsel for information assurance at the NSA. “You’re authorized by law to collect that data and to analyze that data. Even though it was captured on U.S. soil, it’s against a foreign target. Now in the process of doing that, yes, there is a possibility, more than a possibility I guess, that there will be some U.S. person who is involved in a conversation with a foreign entity, a foreign person. So what? If you’re not collecting data against that U.S. person, what’s the harm?”

But ACLU staff attorney Alex Abdo, who was also on the panel, noted that a gaping loophole in the laws governing the NSA allows the agency to do dragnet surveillance of non-Americans and, in the process sweep up the data of Americans they may be communicating with, and hold onto that data even though the Americans aren’t the target. The NSA can then “target [the Americans] after-the-fact.” If, for example, new information came to light involving an American whose information is in the database, the NSA can sift through the “minimized” data and at that point “get the info that they couldn’t target from the outset.”

Earlier this month, the Office of the Director of National Intelligence admitted in a letter sent to Senator Ron Wyden that on at least one occasion the NSA had violated the Constitutional prohibitions on unlawful search and seizure.

According to the letter, the Foreign Intelligence Surveillance Court found that “minimization procedures” used by the government while it was collecting intelligence were “unreasonable under the Fourth Amendment.”

Author James Bamford, speaking with Abdo and Binney, said that the NSA could also get around the law against targeting Americans by targeting a call center for a U.S. company that is based overseas, perhaps in India. When Americans then called the center to obtain information about their bank account or some other transaction, the NSA would be able to pick up that communication.

Finally, Binney contradicted Alexander’s earlier claims that the agency could not violate the law even if it wanted to do so because the NSA is monitored by Congress, both intel committees and their congressional members and their staffs. “So everything we do is auditable by them, by the FISA court … and by the administration. And everything we do is accountable to them…. We are overseen by everybody,” Alexander had said.

But these assertions are disingenuous since, Binney said, “all the oversight is totally dependent on what the NSA tells them. They have no way of knowing what [the NSA is] really doing unless they’re told.”