FROM: U.S. DEFENSE DEPARTMENT
Alexander Calls on Industry to Help Set Record Straight
By Nick Simeone
American Forces Press Service
WASHINGTON, Oct. 9, 2013 - The nation's top cyber commander called on industry today to "put the facts on the table" about the National Security Agency following leaks about the agency's surveillance programs, blaming inaccurate or sensational reporting for congressional failure to approve measures that he said are needed to protect the nation from a devastating cyberattack.
"We need the American people to understand the facts. And it's got to start with what we're actually doing -- not what we could be doing -- with the data," Army Gen. Keith B. Alexander, NSA director and commander of U.S. Cyber Command, told an industry conference in suburban Maryland. "Most of the reporting is, 'They could be doing 'A.' The facts are they're doing 'B.'"
Warning that he doesn't want to have to explain why he failed to prevent another 9/11, Alexander appealed to industry to help in light of the damaging leaks in June by former NSA contractor Edward Snowden.
Snowden has been charged in absentia with violating the Espionage Act and stealing government property for turning over secret documents to reporters detailing classified NSA programs, actions that Alexander has blamed for causing irreversible and significant damage to the security of the United States and its allies.
In the time since the leaks, Alexander said, the media have complicated matters through exaggerated or inaccurate reporting.
"Everything that comes out is almost sensationalized and inflamed by what it could be, not by what it is, and that singularly in my mind will impact our ability to get cyber legislation and defend the nation," he said. "And if you think about the numbers of disruptive attacks over the last year, and destructive attacks, and you plot that out statistically, what it says to me is it's getting worse, and that's going to grow."
Alexander pointed to a series of recent destructive cyberattacks around the world, including on Saudi Aramco, a Saudi oil company, where he said data in more than 30,000 systems was destroyed last year, as well as attacks against Qatar's Rasgas gas company and twin attacks in South Korea earlier this year.
"Then, look at what hit Wall Street over the last year: over 300 distributed denial-of-service attacks. How do we defend against those?"
Alexander called for laws that would encourage industry and government to share information about potential threats in real time. "This will become hugely important in the future," he said. We've got to have legislation that allows us to communicate back and forth."
To get there, the general said, the rhetoric on media leaks must change and the trust factor must be fixed, "because we're not going to move forward with all that hanging out there."
In the absence of congressional action, President Barack Obama has issued an executive order promoting increased sharing of information about cyber threats across government and industry. However, Alexander said, the nation's cyber defenses remain dependent on closer, real-time cooperation between the government and Internet service providers and the anti-virus community.
"Our team -- government, industry and allies -- have to be ready to act, and we're not," he said. "We're stuck because of where we are in the debate, so what you could do to help is get the facts. We need your help to inform the American people and Congress about what we're doing."
A PUBLICATION OF RANDOM U.S.GOVERNMENT PRESS RELEASES AND ARTICLES
Showing posts with label EDWARD SNOWDEN. Show all posts
Showing posts with label EDWARD SNOWDEN. Show all posts
Saturday, October 12, 2013
Saturday, September 28, 2013
OFFICIALS APPEAR BEFORE SENATE COMMITTEE TO DISCUSS INTELLIGENCE PROGRAMS
FROM: U.S. DEFENSE DEPARTMENT
Officials Discuss Intelligence Programs at Senate Hearing
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, Sept. 27, 2013 - At a hearing yesterday before the Senate Select Committee on Intelligence, Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency, and Director of National Intelligence James R. Clapper Jr. discussed a NSA-managed classified intelligence program, one of two made public by a security leak in June.
Joining Alexander and Clapper was Deputy Attorney General James Cole. All were called to testify about both programs leaked to the press by former NSA systems administrator Edward Snowden -- Section 215 of the Patriot Act, also known as NSA's 215 business records program, and Section 702 of the Foreign Intelligence Surveillance Act, or FISA.
In the months since the leaks, media reports have said the programs involve secret surveillance by NSA of phone calls and online activities of U.S. citizens, and revealed unauthorized disclosures of information by NSA, generating distrust of the agency and calls for an end to the programs.
Section 702 of FISA and Section 215 of the Patriot Act both were authorized by the Foreign Intelligence Surveillance Act, first approved by Congress in 1978.
Section 702 authorizes access, under court oversight, to records and other items belonging to foreign targets located outside the United States. Section 215 broadens FISA to allow the FBI director or other high-ranking officials there to apply for orders to examine telephone metadata to help with terrorism investigations.
In 2012, these programs resulted in the examination of fewer than 300 selectors, or phone numbers, in the NSA database, Alexander said during a congressional hearing in July.
In his remarks, Cole described the 215 program, explaining that it involves collecting only metadata from telephone calls.
"What is collected as metadata is quite limited. ... It is the number a telephone calls ... It doesn't include the name of the person called," Cole said. "It doesn't include the location of the person called. It doesn't include any content of that communication. It doesn't include financial information ... It is just the number that was called, the date and the length of the call."
"If you want any additional information beyond that, you would have to go and get other legal processes to find that information and acquire it," he added.
Such metadata can only be looked at when there is a reasonable, articulable suspicion for a specific phone number to be queried in the database, Cole said.
"Otherwise," he said, "we do not and cannot just roam through this database looking for whatever connections we may think are interesting or in any way look at it beyond the restrictions in the court order."
Only a small number of analysts can make such a determination, and that determination must be documented so it can be reviewed by a supervisor and later reviewed for compliance purposes, Cole added. The program is conducted according to authorization by the FISA Court, which must reapprove the program every 90 days.
"Since the court originally authorized this program in 2006, it has been reapproved on 34 separate occasions by 14 individual Article Three judges of the FISA Court," Cole said. "Each reapproval indicates the court's conclusion that the collection was permissible under Section 215 and satisfied all constitutional requirements."
Article Three of the U.S. Constitution establishes the judicial branch of the federal government.
Oversight of the 215 program involves all three branches of government, including the FISA Court and the Intelligence and Judiciary Committees of both houses of Congress, Cole said. Every 90 days, the Department of Justice reviews a sample of NSA's queries to determine whether the reasonable articulable requirement has been met.
DOJ lawyers meet every 90 days with NSA operators and with the NSA inspector general to discuss the program's operation and any compliance issues that may arise, Cole explained.
With respect to Congress, "we have reported any significant compliance problems, such as those uncovered in 2009, to the Intelligence and Judiciary Committees of both houses," he said.
"Those documents have since been declassified and released by the DNI to give the public a better understanding of how the government and the FISA court respond to compliance problems once they're identified," Cole said.
In his testimony, Alexander told the panel that NSA's implementation of Section 215 of the Patriot Act focuses on defending the homeland by linking foreign and domestic threats.
Section 702 of FISA focuses on acquiring foreign intelligence, he said, including critical information concerning international terrorist organizations, by targeting non-U.S. persons who are reasonably believed to be outside the United States.
NSA also operates under other sections of the FISA statute in accordance with the law's provisions, Alexander said.
"To target a U.S. person anywhere in the world, under the FISA statute we are required to obtain a court order based on a probable cause showing that the prospective target of the surveillance is a foreign power or agent of a foreign power," he explained.
"As I have said before, these authorities and capabilities are powerful," Alexander said. "We take our responsibility seriously."
NSA stood up a directorate of compliance in 2009 and regularly trains the entire workforce in privacy protections and the proper use of capabilities, he said.
"We do make mistakes," Alexander noted.
"Compliance incidents, with very rare exceptions, are unintentional and reflect the sorts of errors that occur in any complex system of technical activity," he said.
The press has claimed evidence of thousands of privacy violations but that is false and misleading, Alexander said.
"According to NSA's independent inspector general, there have been only 12 substantiated cases of willful violation over 10 years. Essentially one per year," he said. "Several of these cases were referred to the Department of Justice for potential prosecution, and appropriate disciplinary action in other cases. We hold ourselves accountable every day."
Of 2,776 violations noted in the press, he said, about 75 percent were not violations of court-approved procedures but rather were NSA's detection of valid foreign targets that traveled to the United States. The targets are called roamers and failure to stop collecting on them as soon as they enter the United States from a foreign country is considered a violation that must be reported.
"NSA has a privacy compliance program that any leader of a large, complex organization would be proud of," Alexander said. "We welcome an ongoing discussion about how the public can, going forward, have increased information about NSA's compliance program and its compliance posture, much the same way all three branches of the government have today."
NSA's programs have contributed to understanding and disrupting 54 terrorism-related events, Alexander told the panel, with 25 in Europe, 11 in Asia, five in Africa, and 13 in the United States.
"This was no accident. This was not coincidence. These are the direct results of a dedicated workforce, appropriate policy, and well-scoped authorities created in the wake of 9/11, to make sure 9/11 never happens again," Alexander said.
In the week ending 23 Sept., he said, there were 972 terrorism-related deaths in Kenya, Pakistan, Afghanistan, Syria, Yemen and Iraq. Another 1,030 people were injured in the same countries.
"The programs I've been talking about -- we need these programs to protect this nation, to ensure that we don't have those same statistics here," Alexander said.
With respect to reforms, he said, on Aug. 9 President Barack Obama laid out specific steps to increase the confidence of the American people in the NSA foreign intelligence collection programs.
"We are always looking for ways to better protect privacy and security," Alexander said. "We have improved over time our ability to reconcile our technology with our operations and with the rules and authorities. We will continue to do so as we go forward and strive to improve how we protect the American people, their privacy and their security."
In his remarks to the panel, Clapper said that over past 3 months he's declassified and publicly released a series of documents related to Section 215 Section 702.
"We did that to facilitate informed public debate about the important intelligence collection programs," he said. "We felt in the light of the unauthorized disclosures, the public interest in these documents far outweigh the potential additional damage to national security. These documents [allow them to] see the seriousness, thoroughness and rigor with which the FISA Court exercises its responsibilities."
Even in these documents, Clapper said, officials had to redact some information to protect sensitive sources and methods such as particular targets of surveillance.
"We'll continue to declassify more documents. It's what the American people want," he said. "It's what the president has asked us to do. And I personally believe it's the only way we can reassure our citizens that the intelligence community is using its tools and authorities appropriately."
But, Clapper said, "we also have to remain mindful of potentially negative long-term impact of over-correcting to the authorizations granted to the intelligence community."
Clapper added, "As Americans we face an unending array of threats to our way of life -- more than I've seen in my 50 years in intelligence. We need to sustain our ability to detect these threats. We welcome a balanced discussion about civil liberties but it's not an either-or situation. We need to continue to protect both."
Officials Discuss Intelligence Programs at Senate Hearing
By Cheryl Pellerin
American Forces Press Service
WASHINGTON, Sept. 27, 2013 - At a hearing yesterday before the Senate Select Committee on Intelligence, Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency, and Director of National Intelligence James R. Clapper Jr. discussed a NSA-managed classified intelligence program, one of two made public by a security leak in June.
Joining Alexander and Clapper was Deputy Attorney General James Cole. All were called to testify about both programs leaked to the press by former NSA systems administrator Edward Snowden -- Section 215 of the Patriot Act, also known as NSA's 215 business records program, and Section 702 of the Foreign Intelligence Surveillance Act, or FISA.
In the months since the leaks, media reports have said the programs involve secret surveillance by NSA of phone calls and online activities of U.S. citizens, and revealed unauthorized disclosures of information by NSA, generating distrust of the agency and calls for an end to the programs.
Section 702 of FISA and Section 215 of the Patriot Act both were authorized by the Foreign Intelligence Surveillance Act, first approved by Congress in 1978.
Section 702 authorizes access, under court oversight, to records and other items belonging to foreign targets located outside the United States. Section 215 broadens FISA to allow the FBI director or other high-ranking officials there to apply for orders to examine telephone metadata to help with terrorism investigations.
In 2012, these programs resulted in the examination of fewer than 300 selectors, or phone numbers, in the NSA database, Alexander said during a congressional hearing in July.
In his remarks, Cole described the 215 program, explaining that it involves collecting only metadata from telephone calls.
"What is collected as metadata is quite limited. ... It is the number a telephone calls ... It doesn't include the name of the person called," Cole said. "It doesn't include the location of the person called. It doesn't include any content of that communication. It doesn't include financial information ... It is just the number that was called, the date and the length of the call."
"If you want any additional information beyond that, you would have to go and get other legal processes to find that information and acquire it," he added.
Such metadata can only be looked at when there is a reasonable, articulable suspicion for a specific phone number to be queried in the database, Cole said.
"Otherwise," he said, "we do not and cannot just roam through this database looking for whatever connections we may think are interesting or in any way look at it beyond the restrictions in the court order."
Only a small number of analysts can make such a determination, and that determination must be documented so it can be reviewed by a supervisor and later reviewed for compliance purposes, Cole added. The program is conducted according to authorization by the FISA Court, which must reapprove the program every 90 days.
"Since the court originally authorized this program in 2006, it has been reapproved on 34 separate occasions by 14 individual Article Three judges of the FISA Court," Cole said. "Each reapproval indicates the court's conclusion that the collection was permissible under Section 215 and satisfied all constitutional requirements."
Article Three of the U.S. Constitution establishes the judicial branch of the federal government.
Oversight of the 215 program involves all three branches of government, including the FISA Court and the Intelligence and Judiciary Committees of both houses of Congress, Cole said. Every 90 days, the Department of Justice reviews a sample of NSA's queries to determine whether the reasonable articulable requirement has been met.
DOJ lawyers meet every 90 days with NSA operators and with the NSA inspector general to discuss the program's operation and any compliance issues that may arise, Cole explained.
With respect to Congress, "we have reported any significant compliance problems, such as those uncovered in 2009, to the Intelligence and Judiciary Committees of both houses," he said.
"Those documents have since been declassified and released by the DNI to give the public a better understanding of how the government and the FISA court respond to compliance problems once they're identified," Cole said.
In his testimony, Alexander told the panel that NSA's implementation of Section 215 of the Patriot Act focuses on defending the homeland by linking foreign and domestic threats.
Section 702 of FISA focuses on acquiring foreign intelligence, he said, including critical information concerning international terrorist organizations, by targeting non-U.S. persons who are reasonably believed to be outside the United States.
NSA also operates under other sections of the FISA statute in accordance with the law's provisions, Alexander said.
"To target a U.S. person anywhere in the world, under the FISA statute we are required to obtain a court order based on a probable cause showing that the prospective target of the surveillance is a foreign power or agent of a foreign power," he explained.
"As I have said before, these authorities and capabilities are powerful," Alexander said. "We take our responsibility seriously."
NSA stood up a directorate of compliance in 2009 and regularly trains the entire workforce in privacy protections and the proper use of capabilities, he said.
"We do make mistakes," Alexander noted.
"Compliance incidents, with very rare exceptions, are unintentional and reflect the sorts of errors that occur in any complex system of technical activity," he said.
The press has claimed evidence of thousands of privacy violations but that is false and misleading, Alexander said.
"According to NSA's independent inspector general, there have been only 12 substantiated cases of willful violation over 10 years. Essentially one per year," he said. "Several of these cases were referred to the Department of Justice for potential prosecution, and appropriate disciplinary action in other cases. We hold ourselves accountable every day."
Of 2,776 violations noted in the press, he said, about 75 percent were not violations of court-approved procedures but rather were NSA's detection of valid foreign targets that traveled to the United States. The targets are called roamers and failure to stop collecting on them as soon as they enter the United States from a foreign country is considered a violation that must be reported.
"NSA has a privacy compliance program that any leader of a large, complex organization would be proud of," Alexander said. "We welcome an ongoing discussion about how the public can, going forward, have increased information about NSA's compliance program and its compliance posture, much the same way all three branches of the government have today."
NSA's programs have contributed to understanding and disrupting 54 terrorism-related events, Alexander told the panel, with 25 in Europe, 11 in Asia, five in Africa, and 13 in the United States.
"This was no accident. This was not coincidence. These are the direct results of a dedicated workforce, appropriate policy, and well-scoped authorities created in the wake of 9/11, to make sure 9/11 never happens again," Alexander said.
In the week ending 23 Sept., he said, there were 972 terrorism-related deaths in Kenya, Pakistan, Afghanistan, Syria, Yemen and Iraq. Another 1,030 people were injured in the same countries.
"The programs I've been talking about -- we need these programs to protect this nation, to ensure that we don't have those same statistics here," Alexander said.
With respect to reforms, he said, on Aug. 9 President Barack Obama laid out specific steps to increase the confidence of the American people in the NSA foreign intelligence collection programs.
"We are always looking for ways to better protect privacy and security," Alexander said. "We have improved over time our ability to reconcile our technology with our operations and with the rules and authorities. We will continue to do so as we go forward and strive to improve how we protect the American people, their privacy and their security."
In his remarks to the panel, Clapper said that over past 3 months he's declassified and publicly released a series of documents related to Section 215 Section 702.
"We did that to facilitate informed public debate about the important intelligence collection programs," he said. "We felt in the light of the unauthorized disclosures, the public interest in these documents far outweigh the potential additional damage to national security. These documents [allow them to] see the seriousness, thoroughness and rigor with which the FISA Court exercises its responsibilities."
Even in these documents, Clapper said, officials had to redact some information to protect sensitive sources and methods such as particular targets of surveillance.
"We'll continue to declassify more documents. It's what the American people want," he said. "It's what the president has asked us to do. And I personally believe it's the only way we can reassure our citizens that the intelligence community is using its tools and authorities appropriately."
But, Clapper said, "we also have to remain mindful of potentially negative long-term impact of over-correcting to the authorizations granted to the intelligence community."
Clapper added, "As Americans we face an unending array of threats to our way of life -- more than I've seen in my 50 years in intelligence. We need to sustain our ability to detect these threats. We welcome a balanced discussion about civil liberties but it's not an either-or situation. We need to continue to protect both."
Subscribe to:
Posts (Atom)