When NSA Director General Keith Alexander told the attendees of Black Hat USA 2013 that, speaking as the NSA, "we stand for freedom" - a member of the audience immediately shouted, "Bullshit!"
The rogue comment was received by the crowd with applause. The General acknowledged the comment and response, and moved on to continue telling the hackers and security professionals that the NSA's surveillance programs had prevented multiple terrorist attacks around the world.
- See the full gallery of the General's keynote and slides in NSA Director Alexander Black Hat USA 2013 Keynote: Gallery.
At leading security conference Black Hat USA 2013 Gen. Keith Alexander, Commander, U.S. Cyber Command (USCYBERCOM) and Director of the NSA told attendees in the event's opening keynote that "the same people who uphold the Constitution are the same people that run these programs"
He later went on to tell the room that the people at risk were heroes, and that was "no bullshit."
An equal amount of applause scattered throughout the room.
Alexander explained that he wanted to, "give attendees an insider’s look into the U.S. Cyber Command and the interworking of offensive cyber strategy" and he did, showing slides with prepared information about some of the surveillance programs used by the NSA.
The main thrust of the NSA Director's speech was that the NSA's surveillance programs were to protect Americans and combat foreign threats.
He told Black Hat in regard to the NSA's data collection requests, "these are not rubber stamped."
The Director emphasized that, "we do not see the content of your calls."
He continued, loosely describing the methods used to trace and individual number. He said,
To get a number approved, there are only 22 people at the NSA that can approve that number. Only numbers on the lists compiled [of terrorism suspects] can be queried.
Only 35 people at the NSA are allowed to do queries into that database.
He stressed the training that those individuals are required to complete. The General's speech stressed that the NSA's focus was on terrorism suspects, and minimized the scope of the surveillance programs.
He then told the audience,
In 2012 there were less than 300 numbers approved for queries. Those queries resulted in 12 reports to the FBI (...) they contained less than 500 minutes. The intent of this program is to find a terrorist actor and identify them to the FBI.
General Alexander went on to state that the NSA's programs, the very ones under fire in the press - such as Prism - were directly responsible for finding known terrorists. "This is our lawful intercept program."
"We have the courts, Congress and lawmakers looking at what we do." Referring to a slide projected for the audience he continued, "This shows you we have 100% auditability on every query we make. (...) We worked with committees in Congress for a directorate of compliance."
The vociferous crowd did not hesitate to talk back. One attendee shouted, "what I'm saying is that we don't trust you." Another accused the General of lying to Congress and shouted, "How do we know you're not lying to us right now?"
The NSA Director told attendees of North America's leading security conference that he was at Black Hat to ask security professionals in attendance for their help, most especially if they felt the programs were wrong.
Near the talk's end, an attendee shouted that General Alexander should read the Constitution.
He responded saying, "I have. You should, too."
The General's retort was met with applause.
Gen. Alexander's talk was presented in the atmosphere of today's new allegations in the Guardian UK that the NSA tool "XKeyscore" collects nearly everything a user does on the internet - and alleges that NSA analysts require no prior authorization for searches.
Americans, US politicians and the over 7,000 attendees of Black Hat USA 2013 are currently struggling with revelations and further, previous allegations that the NSA has been surveilling them and spying on their digital communications far more than was previously believed, known or even understood.
At last year's DEF CON keynote - the hacker conference following Black Hat every year - Director Alexander had denied NSA surveillance and spying to the audience when directly asked.
Alexander responded saying that this was "absolute nonsense." He continued, saying that managing hundreds of millions of individual citizen files would be impossible for the department to do.
Today's keynote comes during the NSA's most turbulent time in history - under Alexander's watch - when it has been rocked by Wikileaks, the Manning trial, former contractor turned whistleblower Edward Snowden and the Prism leaks, and widespread outrage at the revealed extent of the NSA's domestic and global surveillance programs.
Last year, the Director controversially delivered a keynote at DEF CON, the hacker conference after Black Hat. He was not invited back this year.
Only two weeks ago, Federal agents were openly disinvited to DEF CON by the organizer, in a blog post saying that the conference needed "time off" in its bizarre relationship with "Feds."
Conflict between NSA DEF CON keynote and Snowden leaks
Alexander's DEF CON keynote, presented in a black t-shrt and jeans, had the NSA Director saying that DEF CON was the "world's best cybersecurity community" and asked hackers for their help.
The NSA Director was asked during DEF CON's Q and A if the NSA keeps files on all US citizens.
CNET reported that General Alexander had stated,
"No we don't. Absolutely not," he said. "Our job is foreign intelligence. We get oversight by Congress...everything we do is auditable by them, by the FISA (Foreign Intelligence Surveillance Act)...and by the (Obama) Administration."
He acknowledged that occasionally there are slip ups. "We may, incidentally in targeting a bad guy, hit on a good guy," he said. "We have requirements from (the FISA) court and the attorney general to minimize that."
At DEF CON last year he told hackers,
In this room right here is the talent we need to secure cyberspace. You know we can protect the networks and have civil liberties and privacy and you can help us get there.
He had also told the audience of hackers and digital privacy activists that the United States needed "better sharing between private companies and the government" and Alexander ominously added that this was something that then-current proposed cybersecurity legislation can help fix.
Alexander was referring to the doomed Cybersecurity Act of 2012, which was effectively Son of CISPA with a few privacy provisions. Many considered CSA 2012 as the Guardian described it, "a surveillance bill in disguise" - effectively outsourcing the NSA's data surveillance to private companies, who are not held under the 4th amendment, and would have received immunity for handing over the data.
UPDATE Wednesday July 31, 8:45 pm: Just before the General's keynote, it was seen that eggs were being passed around the audience. The eggs were confiscated by security before the keynote began.
Mikko Hypponen's mysteriously vanished tweet at Blackhat 2013 just as N S A director was about to speak. Eggs? http://t.co/YHjH3li6CL— Paul Blackburn (@mpb) July 31, 2013
Security friend admitted to handing out 60 eggs to people before general Alexander #blackhat talk. Disappointed by lack of use.— Al Billings (@makehacklearn) July 31, 2013
#BlackHat Security confiscates a dozen eggs before GEN Alexander Keynote— James Bray (@Jhbray) July 31, 2013