In late 2005, as Iraqi roadside bombings were nearing an all-time peak, the National Security Agency’s newly appointed chief began pitching a radical plan for halting the attacks that were killing or wounding a dozen Americans a day.
At the time, more than 100 teams of U.S. analysts were scouring Iraq for snippets of electronic data that might lead to the bomb-makers and their hidden factories. But the NSA director, Gen. Keith B. Alexander, wanted more than mere snippets. He wanted everything: Every Iraqi text message, phone call and e-mail that could be vacuumed up by the agency’s powerful computers.
“Rather than look for a single needle in the haystack, his approach was, ‘Let’s collect the whole haystack,’ ” said one former senior U.S. intelligence official who tracked the plan’s implementation. “Collect it all, tag it, store it. . . . And whatever it is you want, you go searching for it.”
The unprecedented data collection plan, dubbed Real Time Regional Gateway, would play a role in breaking up Iraqi insurgent networks and significantly reducing the monthly death toll from improvised explosive devices by late 2008. It also encapsulated Alexander’s controversial approach to safeguarding Americans from what he sees as a host of imminent threats, from terrorism to devastating cyberattacks.
In his eight years at the helm of the country’s electronic surveillance agency, Alexander, 61, has quietly presided over a revolution in the government’s ability to scoop up information in the name of national security. And, as he did in Iraq, Alexander has pushed hard for everything he can get: tools, resources and the legal authority to collect and store vast quantities of raw information on American and foreign communications.
His successes have won accolades from political leaders of both parties as well as from counterterrorism and intelligence professionals who say the NSA chief’s efforts have helped foil dozens of terrorist attacks. His approach also has drawn attack from civil rights groups and a bipartisan group of lawmakers. One Democrat who confronted Alexander at a congressional hearing last month accused the NSA of crossing a line by collecting the cellphone records of millions of Americans.
“What authorization gave you the grounds for acquiring my cellphone data?” demanded Sen. Jeff Merkley (D-Ore.), waving his mobile phone at the four-star general.
New details of the spy agency’s vast reach were brought to light last month by former NSA contractor Edward Snowden, who leaked classified information on government programs that sweep up “metadata” on phone calls and e-mails by Americans. Those revelations in turn have spotlighted the role played by Alexander, the NSA’s avuncular leader and, by all accounts, a driving force behind a post-Sept. 11, 2001, quest to transform an agency inundated by the data revolution into one that can exploit it to defend the nation.
As portrayed by supporters, Alexander is animated by a spymaster’s awareness of serious, overlapping threats arrayed against the United States. They include foreign and homegrown terrorists. They also include a host of adversaries who are constantly probing the country’s cyberdefenses, looking for opportunities to steal secrets or unleash mayhem by shutting down critical infrastructure. Like many national security officials of his generation, Alexander’s sensibilities were shaped by a series of painful intelligence lapses leading up to the Sept. 11 attacks.
To some of Alexander’s most vociferous critics, Snowden’s disclosures confirm their image of an agency and a director so enamored of technological prowess that they have sacrificed privacy rights.
“He is absolutely obsessed and completely driven to take it all, whenever possible,” said Thomas Drake, a former NSA official and whistleblower. The continuation of Alexander’s policies, Drake said, would result in the “complete evisceration of our civil liberties.”
Alexander frequently points out that collection programs are subject to oversight by Congress as well as the U.S. Foreign Intelligence Surveillance Court, although the proceedings of both bodies are shrouded in secrecy. But even his defenders say Alexander’s aggressiveness has sometimes taken him to the outer edge of his legal authority.
Some in Congress complain that Alexander’s NSA is sometimes slow to inform the oversight committees of problems, particularly when the agency’s eavesdroppers inadvertently pick up communications that fall outside the NSA’s legal mandates. Others are uncomfortable with the extraordinarily broad powers vested in the NSA chief. In 2010, he became the first head of U.S. Cyber Command, set up to defend Defense Department networks against hackers and, when authorized, conduct attacks on adversaries. Pentagon officials and Alexander say the command’s mission is also to defend the nation against cyberattacks.
“He is the only man in the land that can promote a problem by virtue of his intelligence hat and then promote a solution by virtue of his military hat,” said one former Pentagon official, voicing a concern that the lines governing the two authorities are not clearly demarcated and that Alexander can evade effective public oversight as a result. The former official spoke on the condition of anonymity to be able to talk freely.
Alexander himself has expressed unease about secrecy constraints that he says prohibit him from fully explaining what the NSA does. But just as in Iraq, he remains fiercely committed to the belief that “we need to get it all,” said Timothy Edgar, a former privacy officer at the Office of the Director of National Intelligence and at the White House.
“He certainly believes you need to collect everything you can under the law,” Edgar said, “and that includes pushing for pretty aggressive interpretations of the law.”
Alexander maintained in a speech last month that he is mindful to “do everything you can to protect civil liberties and privacy.”
He then added a warning: “Everyone also understands,” he said, “that if we give up a capability that is critical to the defense of this nation, people will die.”
The NSA’s 5,000-acre campus at Fort Meade in suburban Maryland contains more than 1,300 heavily guarded buildings and an array of computers and gadgetry sometimes described as “the most wonderful electronic toybox in the world.” But even before his arrival there in 2005 as director, Alexander was regarded as a leading apostle for harnessing technology’s awesome power in the service of national security.
In the mid-1990s, he had pioneered work in battlefield visualization — helping the soldier see on a laptop screen where friendly and enemy forces were on a detailed terrain map. He later led the push for technological innovation as head of the Army’s Intelligence and Security Command.
At the NSA, he has presided over the agency’s physical expansion while moving quickly to speed up the collection, analysis and sharing of massive amounts of raw data.
In the process, the West Point graduate has risen to become arguably the most powerful U.S. general most Americans have never heard of — or at least not until the Snowden affair propelled him into the public spotlight. He runs the nation’s largest, costliest and most secretive intelligence agency — an organization whose very existence was not officially acknowledged in its early years. The NSA holds primacy over all electronic eavesdropping overseas, from routine spying on foreign governments to sweeping up communications between terrorists overseas. Most of it is now done through hacking into networks in other countries.
Three years ago, Alexander’s responsibilities ballooned with his appointment to lead the Pentagon’s U.S. Cyber Command.
Even close allies have fretted about the concentration of so much responsibility — not to mention influence — in a single individual. Some worry that the job was tailored to the skills of one man and not to the mission itself.
“Where do you find another person like General Alexander who possesses the intel qualifications to run NSA and the operational experience to command” the military’s cyber operations, said retired Lt. Gen. Robert J. Elder, who launched the Air Force’s first cyber command in 2007.
No one questions Alexander’s qualifications for the dual role. With a trio of master’s degrees in electronic warfare, physics and national security strategy, the Syracuse, N.Y., native is endowed with technical smarts and ambition as well as a folksy, even goofy, charm that can disarm critics.
He routinely makes references — in speeches and in person with colleagues — to his four daughters and his 14, soon-to-be 15, grandchildren, including how the youngest, a toddler, Skypes with Grandma.
In January, he was on a cybersecurity panel in Munich when someone brought up Twitter’s announcement that 250,000 of its accounts had been hacked. “I didn’t do it,” Alexander said. “I was here. I have an alibi.” Then, turning to a fellow panelist, an official from the Chinese tech company Huawei, he quipped: “Do you?”
Last summer, Alexander waded into the lion’s den when, wearing jeans and a black T-shirt, he delivered a keynote address at the Def Con hackers convention in Las Vegas and mugged for the cameras. At the time, he told the crowd that “the story that we [at the NSA] have millions or hundreds of millions of dossiers on people is absolutely false.”
That line irked lawmakers who were aware of the NSA’s secret collection of phone data. And this year, after Snowden’s revelations, Def Con organizers said federal officials were not welcome at the event.
Alexander’s outsize commitment to his mission has propelled him to seek new capabilities with an impatience that has sometimes rankled superiors, while also raising concerns about privacy and how far he wants to push into offensive uses of cybertools. Alexander has argued for covert action authority, which is traditionally the domain of the CIA, individuals familiar with the matter say.
He has been credited as a key supporter of the development of Stuxnet, the computer worm that infected Iran’s main uranium enrichment facility in 2009 and 2010 and is the most aggressive known use to date of offensive cyberweaponry. U.S. officials have never publicly acknowledged involvement in what has been described by experts as the first known, industrial-scale cyberattack on a sovereign nation, one that is estimated to have set back Iran’s uranium production by as much as a year.
Alexander also pushed hard for expanded authority to see into U.S. private sector networks to help defend them against foreign cyberattacks.
Quiet concerns also have been voiced by some of the private companies that would potentially benefit from government protection against cyberattack.
At a private meeting with financial industry officials a few years ago, Alexander spoke about the proliferation of computer malware aimed at siphoning data from networks, including those of banks. The meeting was described by a participant who spoke on the condition of anonymity because the discussion was off the record.
His proposed solution: Private companies should give the government access to their networks so it could screen out the harmful software. The NSA chief was offering to serve as an all-knowing virus-protection service, but at the cost, industry officials felt, of an unprecedented intrusion into the financial institutions’ databases.
The group of financial industry officials, sitting around a table at the Office of the Director of National Intelligence, were stunned, immediately grasping the privacy implications of what Alexander was politely but urgently suggesting. As a group, they demurred.
“He’s an impressive person,” the participant said, recalling the group’s collective reaction to Alexander. “You feel very comfortable with him. He instills a high degree of trust.”
But he was proposing something they thought was high-risk.
“Folks in the room looked at each other like, ‘Wow. That’s kind of wild.’ ”