Skip to Content

NSA Chief Says U.S. Phone, Web Surveillance Sets “Standard for Other Countries”

There are tight controls on the NSA’s access to U.S. phone records and data from U.S. Internet companies, the agency’s director says.
July 31, 2013

The National Security Agency’s collection of phone records and Internet data from U.S. companies provides a model for other nations, the agency’s director, General Keith Alexander, said today at a prominent computer security conference in Las Vegas.

NSA General Keith Alexander
Surveillance chief: As director of the National Security Agency, General Keith Alexander has overseen the development of programs that routinely collect U.S. call records and ease access to data held by Internet companies such as Google, Facebook, and Microsoft.

In his most public appearance since leaked documents revealed the existence of such large-scale surveillance programs, Alexander gave new details about how access to the collected data is controlled within the NSA. Those measures, combined with oversight from Congress and the courts, provide strong protections against abuses, he said. “The assumption is that people are just out there wheeling and dealing, and nothing could be further from the truth,” said Alexander. “I think this is a standard for other countries.” Alexander gave the opening keynote at the Black Hat computer security conference.

Public and political opinion on the NSA’s activities is generally unfavorable after leaks showed how existing laws were being used to enable the collection of data on a previously unimagined scale (see “NSA Surveillance Reflects a Broader Interpretation of the Patriot Act” and “Microsoft’s Surveillance Collaboration”).

Alexander sought to alter that perception a little. Before a particular phone number can be added to a list used to search the NSA’s database of U.S. call records, he said, approval must be given by one of only 22 people inside the agency authorized to give it. Once approval is granted, only 35 analysts at the NSA are authorized to run queries, he added, noting that in 2012, only 300 phone numbers were approved for searches of the call-record database, and 12 reports to the FBI, containing fewer than 500 further numbers for investigation, resulted.

Alexander said less about how access to e-mails and other data collected from Google, Facebook, Microsoft, and other U.S. Internet companies is controlled, but he implied that similar protections are in place. The NSA has “auditing” technology that records everything people with access to the surveillance databases do, he said, so anyone acting suspiciously would be caught. “Our auditing tools would detect them and they would be found accountable, and they know that.”

Alexander mentioned several times that the relevant law allows access to the phone and Internet data troves only in pursuit of foreign intelligence. He made no mention of a leak published today by British newspaper The Guardian about a system called XKeyscore, apparently used to search e-mails and online postings collected worldwide.

Alexander’s claims seem to clash with one made by Edward Snowden, who leaked material about the two surveillance programs in June. After coming forward, Snowden said that although he was not a senior analyst, he could easily “wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal e-mail.”

Alexander repeatedly stated that the NSA’s surveillance efforts were motivated by the need to combat terrorism, and he said his phone and Internet data programs had “disrupted 54 terrorist activities,” 13 of them on U.S. soil.

Against that background, argued Alexander, the NSA’s surveillance programs were necessary, and weakening it in an attempt to defend civil liberties would be counterproductive. “If those attacks were successfully executed, what would that mean for our civil liberties and privacy?” he asked.

Speaking to the media after Alexander’s keynote, Jeff Moss, a hacker and founder of the Black Hat conference, welcomed the NSA director’s willingness to talk publicly and provide some new—if small—details about how the programs operate.

“Because the details of these programs are classified, we need to get as much out of this debate as possible,” while public attention is still focused on the NSA, said Moss, who is also known as the Dark Tangent. The more that can be learned about the NSA’s programs, the more likely it is that better oversights will be developed, he said: “Maybe we can come up with something technologically that can do this but doesn’t compromise privacy.”

Moss caused controversy earlier this month when he reacted to news of the NSA’s large-scale surveillance by suggesting that government workers—“feds”—stay away from the Def Con hackers conference, another event he founded, which takes place in Las Vegas immediately after Black Hat.

That means Alexander is unlikely to show at Def Con this year, despite giving the keynote in 2012 at Moss’s invitation. For that talk, Alexander eschewed the uniform he wore today, sporting a T-shirt and faded jeans as he exhorted the assembled hackers to consider working for the NSA.

Ironically enough, in that 2012 speech Alexander said that the NSA was unable to access enough data on online activity to protect against attacks on financial markets and energy infrastructure (see “NSA Boss Wants More Control Over the Net”), a claim that now appears in a different light. “We do not sit around our country and look in” to the Internet, Alexander said in that speech.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

The problem with plug-in hybrids? Their drivers.

Plug-in hybrids are often sold as a transition to EVs, but new data from Europe shows we’re still underestimating the emissions they produce.

How scientists traced a mysterious covid case back to six toilets

When wastewater surveillance turns into a hunt for a single infected individual, the ethics get tricky.

Google DeepMind’s new generative model makes Super Mario–like games from scratch

Genie learns how to control games by watching hours and hours of video. It could help train next-gen robots too.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.