LAS VEGAS — It doesn’t get much stranger than this, even in Vegas.
Gen. Keith B. Alexander, director of the National Security Agency, stood in front of a standing-room-only crowd Wednesday, selling the idea of government surveillance programs.
His audience? More than 3,000 cybersecurity specialists, including some of the world’s best hackers, an unruly community known for its support of civil liberties and skepticism of the government’s three-letter agencies.
Alexander praised the group as one of the brightest collections of technical minds in the world. He asked them to help the NSA fulfill its mission of protecting the country, while also protecting privacy.
“We stand for freedom,” Alexander told the crowd in a vast ballroom at Caesars Palace. “Help us to defend the country and develop a better solution.”
Some in the crowd weren’t buying, and one hacker hurled an expletive back at him.
“I’m saying I don’t trust you!” a voice shouted.
This is Black Hat, the annual hacker conference. For a few days every year, it takes center stage in the topsy-turvy worlds of cyberspace, network computing and digital security. The conference serves as a platform for hacking seminars, partying and — more and more — policy discussions about what the government and corporate worlds ought to be doing to confront problems like cyber-espionage and cyberattacks, growing threats with no clear-cut remedies.
Most Black Hat participants are actually “white hat” hackers — security professionals whose careers are built around using their technical skills to thwart the bad guys. But to do their jobs and find security gaps, they often employ the same techniques.
This year’s conference comes at an especially interesting time, as hackers from China, Russia and other countries continue relentless attacks into corporate, academic and government computers, presumably as part of spying initiatives backed by the private sector, foreign governments and criminal groups.
It also follows the unprecedented disclosures of top-secret documents by Edward Snowden, a former NSA contractor, detailing wide-ranging data collection and surveillance programs by the agency. The disclosures have prompted intense criticism from civil liberties advocates and some lawmakers. On Wednesday, Sen. Patrick J. Leahy (D-Vt.), chairman of the Judiciary Committee, sharply questioned the NSA’s deputy director about claims surrounding the programs’ effectiveness.
Alexander’s appearance here seems to be part of a public relations campaign to better explain what the NSA is doing and the oversight under which it is operating. He gave a similar speech this month at a national security conference in Aspen, Colo.
His message, which mixes technical details and broad-based strategic justifications, is part of a shift inside the Pentagon and the intelligence community toward a more open stance about cybersecurity and national security.
Alexander told the hackers that they needed to hear the facts. He said NSA workers want to find and watch terrorists, not regular Americans. He referred to agency personnel as “these noble folks” and said that 20 had died while deployed to support the wars in Afghanistan and Iraq.
He also faulted the media for misrepresenting facts about the NSA programs.
The reputation of NSA employees is being “tarnished because all the facts aren’t on the table,” Alexander said, adding that “you can help us to articulate the facts.”
Alexander also serves as the head of the Defense Department’s U.S. Cyber Command, and Wednesday was not the first time he had reached out to members of the hacking community. Last summer, as part of the NSA’s openness campaign, he donned a T-shirt and jeans in an unprecedented appearance at another hacker conference in Las Vegas. He called on hackers to help, and went out of his way to assure them the government was not spying on them or regular Americans.
Some participants at this week’s event view the latest disclosures about the agency’s programs as undercutting Alexander’s earlier remarks. Charlie Miller, a security executive at Twitter and something of a star here because of his hacking prowess, questioned whether Alexander’s statements last year were true. He decided to skip the NSA director’s speech.
“Everybody agrees. You told us you were good and you’re not,” said Miller, a former NSA employee. “So go home.”
Anup Ghosh, founder of the Fairfax-based cybersecurity firm Invincea, said Alexander and the NSA need hackers more now than ever. But he said Snowden’s disclosures, and the gap between what the government had previously said about surveillance and the apparent reality, is “making distrust a bigger and bigger issue.”
“It’s a challenging problem General Alexander has in convincing this community he’s on their side,” Ghosh said. “He needs this community.”
In Alexander’s view, much of the anger is based on a misunderstanding of the facts. In his address here, he noted claims that the NSA and its analysts can and regularly do tap into the communications records of ordinary Americans.
“Nothing could be further from the truth,” he said. “We can audit the actions of our people, 100 percent, and we do that.”
He said the system used to collect e-mail and other digital records from Internet companies has “100 percent auditability,” but did not explain how or why that system failed to prevent Snowden from spiriting highly classified records out of the agency and sharing them with journalists.
Despite the skepticism, a significant proportion of the hackers who attended Alexander’s presentation said they approved of it. They admired the fact that he kept cool in the face of criticism. They even applauded his message about balancing security and privacy, or at least the risk he took in standing before them.
“It was a very solid presentation,” said a security engineer who identified himself in an interview — and on his Black Hat badge — only as Jeremy J.
“It’s tough to balance security and privacy,” he said. “They’re legitimately asking for our help.”
Wes Brown, vice president and chief architect at the security firm ThreatGrid, said that if nothing else, the Snowden disclosures have made the relationship between the NSA and hackers more complicated. Talented hackers who might have considered working with the government will think twice now, he said.
“The community is always skeptical because of the nature of the business,” he said. “He’s saying one thing, but the surveillance tells me he wants all the information.”