National Security Agency and U.S. Cyber Command head Gen. Keith Alexander's appeal to hackers to defend America fell on some deaf ears at this past weekend's DEF CON conference in Las Vegas.
Other speakers at the conference, including a former NSA official and an expert on the agency, said that Alexander's assurances that no Americans are deliberately spied upon were misleading at best.
They pointed to the ongoing construction of an enormous NSA data-storage facility as evidence that the agency was planning to intercept the communications of millions of Americans, and explained that doing so would be technically legal.
No file on you
Following his speech Friday, in which he told the audience of hackers they were America's future, Alexander took questions fielded by DEF CON and BlackHat conference founder Jeff Moss.
(Hackers interested in working for the government's code crackers can click on this specially-crafted page on the NSA website, which promises that if you're good, then "a few, shall we say, indiscretions in your past" won't be an insurmountable obstacle to employment.)
Moss, a well-known former hacker also known as "Dark Tangent," now works for the Internet's governing body and advises the Department of Homeland Security.
Moss' first question to Alexander was friendly but direct: "So does the NSA really keep a file on everyone, and if so, how can I see mine?"
"No, we don't," replied Alexander. "Absolutely not. Anybody who tells you we're keeping files or dossiers on the American people knows that's not true."
"Our job is foreign intelligence," Alexander said. "We get oversight by Congress ... by the FISA [Foreign Intelligence Surveillance Act] court ... and by the administration.
"Those who would want to weave the story that we have millions or hundreds of millions of dossiers on people is absolutely false," he said.
Under FISA, Alexander said, the NSA is authorized to collect communications of foreign persons and powers, and those communications "may hit on someone who's a good guy."
"We have requirements from the FISA court and the attorney general to minimize that so that nobody else can see it unless there's a crime," Alexander said.
Later presenters at DEF CON were skeptical, to say the least, of Alexander's reassurances.
"You didn't buy any of that, did you?" said cryptography expert and BT Chief Security Technology Officer Bruce Schneier during a question-and-answer session on Saturday.
Former NSA official William Binney, who on Saturday appeared on a panel discussion entitled "Bigger Monster, Weaker Chains: The National Security Agency and the Constitution," said that Alexander was accurate — technically.
"This thing about not keeping track of every American is absolutely true," Binney said. "They missed a few. That's the kind of word game they play. I've been in that business for a long time."
Binney and outside NSA expert James Bamford, who has written three books on the NSA, believe that a large facility, known as the Utah Data Center, that the agency is building near Salt Lake City is meant to hold every electronic communication in the United States.
"The high point of NSA's building boom is an enormous data center in Bluffdale, Utah," Bamford said. "The NSA's putting this huge data center in Utah that'll be a million square feet and cost 2 billion dollars. It'll be the central place for storage for virtually all the information they collect. It'll be their 'cloud.'"
Binney left the NSA shortly after the Sept. 11, 2001 terrorist attacks, "because they started spying on everyone in the country," and has said he lost his security clearance and had his house raided by the FBI in 2007 after he complained about cost overruns at the agency.
He thinks the Utah Data Center's computers will be not only archiving, but also indexing the massive amount of harvested data.
"It's actually sorting information that they're collecting, which is email, FTPs [file transfers], those kinds of things, Twitter things, all kinds of data about everybody," Binney said.
According to both Bamford and Binney, as long as no human listens to or reads any of the harvested communications without a warrant, this would all be technically legal.
"There are these definitional differences between what civilians talk about and what NSA talks about," Bamford said. "An intercept doesn't take place until it's actually listened to, until somebody puts on some earphones or actually reads some text on a screen."
Schneier, a hero to the hacker community for his outspokenness on security issues, warned the DEF CON audience about heeding Alexander's recruiting call.
"The NSA needs hackers. The NSA were the original modern hackers," Schneier said. "They are going to be a one-way conduit for information. They want everything we can do; they will give us nothing they can do."