ASPEN, Colo. — The director of the National Security Agency said Thursday that he is open to the idea of allowing telephone companies, rather than the NSA, to store vast pools of calling records that could be used in counterterrorism cases.
Speaking at a security conference, Gen. Keith Alexander strongly defended the spy agency’s surveillance efforts, which rely on the information known as calling “metadata” to identify and track terrorists and their plots.
But he said that keeping that data in private hands might help quell fears that the agency is intruding into individuals’ lives.
“I think it’s something we should consider,” Alexander said.
Alexander’s remarks came during the Aspen Institute’s annual security forum, a retreat that includes current and former intelligence officials, Pentagon leaders, contractors, and the national news media.
The conference this year is heavily focused on cybersecurity and the NSA’s surveillance programs, which burst into public view after leaks by Edward Snowden, a contractor employee who worked at NSA facilities in Hawaii.
In response to questions from NBC correspondent Pete Williams, Alexander acknowledged that internal cybersecurity shortcomings enabled Snowden to download and leak top-secret material about wide-ranging surveillance programs.
Alexander said the agency has launched efforts to tighten security, including locking doors to server rooms and limiting the use of flash drives and other devices for downloading data. He also described how analysts would now have to use a buddy system when seeking access to certain records, another security measure.
“We’re taking the actions to fix this,” Alexander said. “We will fix this.”
Earlier in the day, Deputy Defense Secretary Ashton B. Carter described the Snowden thefts as essentially a hack from an insider. He said that was possible because NSA no longer compartmentalizes information as it did in the past. It also gave many employees, Snowden included, too much latitude to access records.
“It’s no outsider hacking in. It is an insider,” he said. “There was an enormous amount of information concentrated in one place. That’s a mistake.”
“We’re acting to reverse both of those things,” Carter said.
The surveillance programs and cybersecurity and warfare have become the central themes of Alexander’s eight-year tenure at the NSA. In addition to being director of the NSA, Alexander is commander of the U.S. Cyber Command.
Under his leadership, the agency is dramatically expanding of the number of cyberwarriors, from about 900 to 4,900. By the fall of 2015, the command intends to create 13 teams of hackers with offensive capabilities, meaning they will be trained to break into other networks and collect information or disrupt or destroy the systems.
The agency also created some of the most far-reaching surveillance programs as part of the war on terror, as shown by the documents Snowden leaked to Britain’s Guardian newspaper and The Washington Post.
One program collected “metadata” about millions of phone calls from American telecom companies.
In one document, a classified report prepared in 2009 by the NSA inspector general, Alexander is described as saying “if the relationships with these companies were ever terminated, the U.S. “SIGINT” (signals intelligence) system would be irrevocably damaged, because NSA would have sacrificed America’s home field advantage as the primary hub for worldwide telecommunications.”
Another top-secret program, called PRISM, collected e-mail, documents, photographs and other records from Microsoft, Apple and at least seven other Internet companies.
In an hour-long conversation with Williams, Alexander strongly defended the NSA’s surveillance programs, saying they have prevented attacks or disrupted terrorist groups dozens of times.
At the same time, he said, the surveillance programs are tightly focused on stopping terrorism or helping the FBI, not on communication by regular Americans. He said the program receives more oversight than any other similar programs in the world.
“I don’t think we could ask for anything better,” Alexander said. “From my perspective, this is the best approach.”
When Williams pressed Alexander about whether the NSA really needed to collect “metadata” about hundreds of millions of phone calls, Alexander said: “What does it take to stop a terrorist attack?”
Alexander described Snowden as a low-level “systems administrator.” He said Snowden needed to be able to download information as part of his job to support the analysts in Hawaii, where he worked. He blamed the leaks on a “huge breach of trust” by Snowden.
Alexander said he has “concrete proof” that terrorist groups have changed their communications as a result of the Snowden disclosures.
“What we’re doing is telling the enemy our playbook,” Alexander said, without providing any details.
Throughout his talk, Alexander involved the Sept. 11, 2001, terrorist attacks, saying that the country needed then the kinds of surveillance programs and tools the NSA is using now to prevent attacks.