NSA Chief Tells Hackers His Agency Doesn’t Create Dossiers on All Americans

Gen. Keith Alexander, head of the NSA and U.S. Cyber Command appearing at the 2012 DefCon hacker conference in Las Vegas on Friday. Photo: Kim Zetter/Wired

LAS VEGAS — NSA chief Gen. Keith Alexander, appearing for the first time at the DefCon hacker conference, told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.

Responding to a question from DefCon founder Jeff Moss asking “does the NSA really keep a file on everyone?,” Alexander replied, “No, we don’t. Absolutely no. And anybody who would tell you that we’re keeping files or dossiers on the American people knows that’s not true.”

Alexander went on to say that the NSA’s job was foreign intelligence, not domestic and that the agency is constantly monitored in everything it does.

“We get oversight by Congress, both intel committees and their congressional members and their staffs,” he continued, “so everything we do is auditable by them, by the FISA court … and by the administration. And everything we do is accountable to them…. We are overseen by everybody. And I will tell you that those who would want to weave the story that we have millions or hundreds of millions of dossiers on people is absolutely false.”

Unstated in both Moss’s question and Alexander’s answer, however, is whether the NSA monitors and collects the communications of millions of Americans en masse, something that is very different from keeping a “file” on individual Americans.

Alexander did touch on the collection of data in his answer, but denied that this involved Americans. Under the FISA Amendment Act, he said, the NSA is authorized “to collect foreign targets — think of terrorists — outside the United States.

“And that law allows us to use some of our infrastructure to do that. We may, incidentally, in targeting a bad guy, hit on somebody from a good guy. [But] we have requirements from the FISA court and the attorney general to minimize that, which means nobody else can see it unless there’s a crime that’s been committed…. And so from my perspective, the people who would say that we’re [targeting Americans] should know better.”

Alexander is likely referring to recently published comments by former NSA officials, who told author James Bamford that the NSA’s future $2 billion data center being built in Utah will be used to store “all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter.’”

According to one unnamed former NSA official, “Everybody’s a target; everybody with communication is a target.”

Dressed casually in blue jeans and a t-shirt, Alexander was deferential to the packed auditorium of hackers and security professionals, telling them that DefCon was “the world’s best cyber community,” and appealed to the audience for help in solving some of the problems of the internet.

“In this room … is the talent our nation needs to secure cyberspace,” he told the audience. “You folks understand cybersecurity. You know that we can protect the networks and have civil liberties and privacy, and you can help us get there.”

In discussing the need to develop better methods to protect networks from intrusions, Alexander said, “Some of you . . . can help us show the world that you can actually do intrusion detection and prevention systems and ensure civil liberties and privacy. Showing that to the world is absolutely important because we can do both and we need to do both.”