Army Gen. Keith Alexander, head of the National Security Agency (NSA), said last week at the Aspen Security Forum that the agency is considering steps to strengthen security following the scandal with former contractor and accused spy Edward Snowden.
The measures under consideration include requiring two-person authentication to move documents and reducing the number of employees with thumb drive privileges. Snowden had been responsible for a SharePoint site, which gave him greater access and allowed him to move files freely.
U.S. Cyber Command cheif and NSA Director Army Gen. Keith Alexander. Photo: DoD. |
Alexander recognized new security procedures would “make their job harder.” He said that is the reason the agency needs to move toward cloud-based computing, where encryption prevents stolen data from being useful.
Alexander said multiple fallacies have been spread about the agency’s work, including that it monitors the emails and phone conversations of everyday Americans. “That’s flat not true,” he said, explaining that the NSA collects metadata on to-and-from numbers, not text and audio.
When host Pete Williams, chief justice correspondent for NBC, asked what happens to the collected data, Alexander said, “It just sits there.”
“The court restricts what we can do with that data,” he said. “We can only look at that data if we have a nexus to Al Qaeda or other terrorist groups.”
Alexander said the agency is legally allowed three “hops” once it believes it has a lead. For example, if the NSA has connected a suspect to a terrorist organization, it can then examine the same phone data of three people in contact with the original suspect.
Williams suggested that the telecommunications industry consider a database similar to the banking industry, in which the banks themselves collect and maintain transaction records. The government must make requests for information. Alexander said it was possible to adopt this type of privately controlled database with phone companies, but legislation would have to change.
“Then the issue is how many people now have access to the data and how’s the court oversight?” he said.