On Same Day Alexander Tells BlackHat, “Their Intent Is to Find the Terrorist That Walks Among Us,” We See NSA Considers Encryption Evidence of Terrorism

Screen shot 2013-08-01 at 9.34.18 AM

Thirty minutes into his speech at BlackHat yesterday, Keith Alexander said,

Remember: their intent is not to go after our communications. Their intent is to find the terrorist walks among us.

He said that to a room full of computer security experts, the group of Americans probably most likely to encrypt their communications, even hiding their location data.

At about the same time Alexander made that claim, the Guardian posted the full slide deck from the XKeyscore program it reported yesterday.

How do I find a cell of terrorists that has no connection to known strong-selectors?

Answer: Look for anomalous events

Among other things, the slide considers this an anomalous event indicating a potential cell of terrorists:

  • Someone who is using encryption

Meanwhile, note something else about Alexander’s speech.

13:42 into his speech, Alexander admits the Section 702 collection (this is true of XKeyscore too — but not the Section 215 dragnet, except in its use on Iran) also supports counter-proliferation and cybersecurity.

That is the sole mention in the entire speech of anything besides terrorism. The rest of it focused exclusively on terror terror terror.

Except, of course, yesterday it became clear that the NSA considers encryption evidence of terrorism.

Increasingly, this infrastructure is focused intensively on cybersecurity, not terrorism. That’s logical; after all, that’s where the US is under increasing attack (in part in retaliation for attacks we’ve launched on others). But it’s high time the government stopped screaming terrorism to justify programs that increasing serve a cybersecurity purpose. Especially when addressing a convention full of computer security experts.

But maybe Alexander implicitly admits that. At 47:12, Alexander explains that the government needs to keep all this classified because (as he points into his audience),

Sitting among you are people who mean us harm.

(Note after 52:00 a heckler notes the government might consider BlackHat organizer Trey Ford a terrorist, which Alexander brushes off with a joke.)

It’s at that level, where the government considers legal hacker behavior evidence of terrorism, that all reassurances start to break down.

Update: fixed XKeystroke for XKeyscore–thanks to Myndrage. Also, Marc Ambinder reported on it in his book.

Update: NSA has now posted its transcript of Alexander’s speech. It is 12 pages long; in that he mentioned “terror” 27 times. He mentions “cyber” just once.

19 replies
  1. Lefty665 says:

    Encryption is a legitimate issue. It can, and to some extent will, be used to hide bad intent. But it is a big leap to make all encryption a selector for terrorism.

    NSA has struggled with encryption for decades, and the policy of treating all encryption as hostile is consistent with their history. When they were focused on foreign communications that was not a constitutional issue. That changed when their mission turned inward after 911.

    The idea that any communication NSA cannot view is a selector for terrorism is broader than encryption. As long as that is the mind set, collection will continue to increase. The 4th Amendment will remain dead. From his recent defense of the practices, it is clear that is how BO views it.

  2. Peterr says:

    @Lefty665: Encryption is the bread-and-butter of everyone at Black Hat. These are the security industry folks, who spend large amounts of time and money developing better and better encryption and security measures, to protect corporate secrets and protect the products and services these folks deliver.

    From an NPR piece reported before Alexander’s speech:

    Alexander is going to have to deliver [his speech] to a skeptical, possibly hostile and technically sophisticated audience.

    Barnaby Jack

    Barnaby Jack was one of the good guys. He spent his professional life hacking products, not for personal gain but instead to pressure companies to make them safer.

    He became famous for hacking into ATMs and getting these machines to spew out piles of cash. The hack became known as jackpotting.

    Jack was reportedly found dead in his apartment, and although foul play isn’t suspected the cause of death is being investigated by the San Francisco medical examiner.

    The hacking community is tightknit, and the announcement has been difficult for many of Jack’s friends and colleagues. He was well-liked and widely considered to be a brilliant researcher.

    Jack had been scheduled to deliver a talk on Aug. 1 at Black Hat on newly discovered vulnerabilities in pacemakers. He had discovered a mobile attack that allowed him to alter their function from 30 yards away, in what he described as a potentially lethal attack. Last year, Jack demonstrated it was possible to remotely attack a insulin pump manufactured by Medtronic. That research led Medtronic to make changes in the product that made it more secure.

    Hacking The ‘Internet Of Things’

    As more and more devices are connected to the Interne, more and more things can be hacked. This year at Def Con and Black Hat researchers will be showing off attacks that let them take over everything from cars to toys to smart TVs to embedded control devices used on oil platforms.

    Researchers and hackers say they worry that as nontech industries start building embedded computers and Internet-connected technologies into their products, they are overlooking security. Hopefully, they say, some of the hacks unveiled this year will be a wake-up call.

    And the solutions — which will center around better encryption — will be evidence of terrorist intent?


    I’d love to hear Alexander make his next speech on this topic to the Chamber of Commerce types, who spend non-trivial amounts on money on encryption to prevent corporate espionage.

  3. What Constitution? says:

    Interesting that “use of encryption” would be designated indicative of Terrorism. Certainly not inconsistent with the philosophy of “if you aren’t doing anything wrong you have nothing to fear,” I guess, but it’s certainly a stretch to suggest that if you are encrypting you’re likely doing something wrong and that this justifies law enforcement singling you out for capture and review of your communications.

    Any empirical Terra-finding confirmations? How about the series of numbnuts the FBI and CIA have been ferreting out, inducing and then arresting as “would be Terraists”– have any of those people “with Terra inclinations” been identified and targeted because they were encrypting communications? Even one? Sure, once you have a haystack it cries out to be searched for needles — but it’s more than a little bit unsettling to argue that there’s a basis for targeting people for criminal investigation because they might be utilizing available technology for the same reason the government or industry uses it: to be secure in communications. Who is the “enemy”, again?

  4. Jim White says:

    I always knew those Wall Street types were terrorists. I assume their communications are among some of the most heavily encrypted, so by this logic they therefore are among the most dedicated to terror.

    Arrest them all, throw them in Gitmo and let God sort them out.

    Or something like that…

  5. JThomason says:

    @Jim White: I think what these folks are really trying to get across and they just don’t know how to because of their resistance to dropping into a tone of gut-wrenching earnestness is that in this post-transparency age, that the very true definition of government is “encryption monopoly.”

  6. Lefty665 says:

    @Peterr: NSA’s involvement in private (corporate as opposed to USG) encryption goes back at least to the Data Encryption Standard (DES) proposed by the National Bureau of Standards in the mid 70’s. Despite their assertions that DES was secure, NSA was able to read it. How hard they have to work to break commercial encryption has been an issue ever since.

    If the standard now is that anything NSA cannot access is a selector for terrorism, it is profound.

  7. P J Evans says:

    Sort-of-OT: Holder is praising Mueller as ‘setting the standard’ for FBI directors.
    That’s kind of a low bar, isn’t it?

  8. P J Evans says:

    When I took a cryptography class in college, around 1983, the assumption was that if NSA liked a standard, they had a way to defeat it, possibly back-door. (We weren’t nearly so paranoid, 30 years ago, as we are now.)

  9. Mindrayge says:

    The name of the program is XKEYSCORE not XKEYSTROKE (unless you were trying to be cute). Slides from an XKEYSCORE presentation (likely this one) were displayed by Brazilian media two weeks ago. It included a slide that is probably the fully redacted one the Guardian published that showed an SSO in Columbia:

    US 3273
    Network access point through US partner STEELKNIGHT. Operates under transit authority
    DNR – Metadata, voice, fax
    DNI – content and metadata

    So the Guardian didn’t break the existence of the program however they did provide more of the slide deck and thus more details than the Brazilian media were given.

  10. earlofhuntingdon says:

    As the NSA/GCHQ revelations reveal, the US wants access to every phone/internet user, anywhere, all the time. Encryption, especially if the boys can’t easily break it, signals that someone is not with the program, ought to be hired, or ought to be dealt with with prejudice.

  11. KevinNYC says:

    XKEYSCORE is a software interface to make it easier to access various databases, it’s not the name of an intelligence program. XKEYSCORE is a tool used in other intelligence programs and the existence of this tool has been known for a while.

    SAIC and Raytheon have active job openings for engineers who know this software.

    Marc Ambinder wrote about it in his book and again yesterday

  12. fritter says:

    Its not a mistake. They really do consider everyone at BlackHat a terrorist. As Greenwald and others have noted, “terrorist” has taken on new meaning. To the NSA, a terrorist is anyone they don’t have absolute control over. It doesn’t matter if they are blowing stuff up or “spreading subversive ideas.” That’s why Alexander blew it off as a joke. The truth is terrifying. They aren’t really looking for people who’re search for pressure cookers. That’s just the excuse they give. They are building a profile of everyone who is or might ever be resistant to control and a stack of material to keep them in line. Hackers, academics, socialists. Every totalitarian regime goes after the same groups of people first.

    Notice how the DOJ now says it must notify defendants if evidence against them came from the NSA. This is just to get more stories out about how this is all for our own good and minimize all the abuse. They pretend its for transparency, but its really information control.

  13. Nathanael says:

    Keith Alexander is working for al-Qaeda. There is no other reasonable explanation of his lying to Congress, violating court orders, violating the Constitution, and arranging to spy on Americans.

    It’s “giving aid and comfort to the enemy”.

Comments are closed.