GEN Alexander took the stage for BlackHat 2013’s keynote speech and gave the audience an hour long outline of the programs in question, the authorities involved and the success stories behind them. It’s interesting how accounts vary … the summary write-up on SlashDot for instance made it sound like the conference was largely against him (the forum’s comments are about the most off-the-mark guesswork of conspiracy I’ve read in awhile). While sentiment is hard to read, the NSA director received thunderous applause in support of his words more often than jeers (yes, BTW, I was there in the audience).

He began with Section 215 and Section 702 FAA authorities. The first defines the metadata the agency is allowed to collect and was determined to be the “least intrusive” mechanism by which to obtain data without violating privacy. The second restricts the agency from targeting Americans anywhere in the world. With that context, GEN Alexander discussed what it takes to even access the data which included a small handful of people allowed to query the database (30s) and a handful allowed to approve access (20s). He provided audience members a screenshot of the actual system and what data an analyst could see showing datetime groups, source number, destination number and call duration. GEN Alexander talked about the federal judges behind the FISA court, specifically about the public’s view of a blanket approval to target anywhere. He spoke about the 15 judges that required convincing of a target’s relevance in order to be analyzed and joked about how difficult judges could be for you and me (John Q Public) so imagine how much more stringent they are when dealing with America’s privacy. Towards the end, he commented, “I have four daughters. Can I go and intercept their e-mails? The answer is no,” and after a pause looking at the audience of hackers, “You may be able to.”

With that information, he talked about how metadata could be chained together to identify correlated conspirators in various plots with a specific example to thwarting a 2009 NYC subway bombing that would have compared to 9/11 in terms of damage. The initial indicator came from Section 702 FAA data and the linked individuals across the United States were identified via the Section 215 data which was provided to the FBI only days before the intended attack. That data was followed by a slide showing the system has disrupted 54 distinct terrorist plots; 13 in the US, 25 in Europe, 5 in Africa and 11 in Asia. At this point, an audience member yelled out, “Why are they attacking us?” The General answered with a discussion about the extremists attempting to establish a caliphate in the Middle East and the United States standing in the way. This response was followed by another callout, “They want to attack us because we bombed them.”

He then spoke about the agency personnel that work with this data, alluding to the 6000 civilians that have volunteered for deployments to Afghanistan and Iraq and 22 cryptologists that died overseas in duty to keep Soldiers safe. This point was re-iterated many times to stress those same personnel as having American’s best interest at heart always (true – it’s the trust us pitch) and that congressional oversight has always revealed zero incidents. “That’s not bullshit, it’s fact,” said DIRNSA.

At this point, an audience member yelled “FREEDOM” to which the General responded that was exactly what this was about gaining a response of “BULLSHIT” from the same heckler. He asked the audience to imagine what the future will be with the systems being outed by Snowden with terrorists given the information to evade discovery. Regarding the 54 disrupted terrorist plots, he asked the audience “what would have happened to civil liberties and privacy if they had succeeded?” which drew another round of applause. The slides then put up ideas@nsa.gov as a suggestion line and challenged the audience directly to “help me make it better and if people disagree” they should “work twice as hard to fix it.”

A final heckler called out, “Read the Constitution!” GEN Alexander calmly fired back, “I have … you should too” to which he received a full auditorium applause.

As an aside, one of the final talks of the day by news correspondent Matthew Cole was about the OPSEC failure of the CIA. It focused on a cell operating in Italy that gave themselves away to the Italian police through an analysis of phone metadata. Using Analyst Notebook, the Italians were able to build the network of operatives based on call records and geolocations. They were ultimately busted when a single CIA agent called into the covert circle using a non-burner phone that was associated to himself. Matthew Cole provided the talk as an example of how the process can reveal quite a bit of information about people and their activities even when its only metadata.