The US National Security Agency went on the offensive today after Edward Snowden's surprise Tuesday appearance at the TED conference in Vancouver.
Flanked by a US flag, NSA deputy director Richard Ledgett used a live video link from Fort Meade, NSA headquarters in Maryland, to attack "arrogant" Snowden for putting lives at risk -- while calling the agency's collection of communications metadata "privacy enhancing". "There were some kernels of truth in [Snowden's remote interview on Tuesday], but a lot of extrapolations and half-truths," Ledgett said in an interview with TED curator Chris Anderson, which kept needing to be suspended -- because of poor communications links. "He absolutely did have alternative ways he could have gone. Characterising him as a whistleblower hurts legitimate whistleblowing activities."
Snowden showed "amazing arrogance that he knows better than the framers of the Constitution how the government should be designed to work", he said. "The actions he took were inappropriate because he put people's lives at risk in the long run. Uncontrolled disclosure of the NSA capabilities leads [targets] to move away from our ability to have insights to what they are doing." This would benefit not just terrorists, but human traffickers, drug traffickers, people trying to build delivery systems for nuclear weapons. "Our operatives and allies are at greater risk because we don't see the threats that are coming their way. If I'm going to pursue people working against us and our allies, I need the capabilities to go after them."
Ledgett said the programmes that Snowden had weakened had prevented significant numbers of deaths. "The reason there has not been a major attack in us since 9/11 is not an accident -- it's a lot of hard work that we have done. NSA programmes have helped stop 54 attacks, 25 of those in Europe; of those 18 were in three countries, some of which are our allies, and some of which are beating the heck out of us over the NSA programmes, by the way."
The US telephone metadata programme and PRISM had been "hugely relevant to contributing to stopping those attacks".
He insisted the debate should not be about the balance between individual privacy and national security. "I don't think that's the right framing: it really is about transparency and secrecy. There are things we need to be transparent about. Our authorities, our processes, our oversight. "We've not done a good job at that. That's part of the reason this has been so revelational and so sensational in the media. We need to be more transparent about those things. What we don't need to be transparent about is to provide information that helps [our targets] secure themselves. It's bad to expose operations and capabilities in a way that allows the people working against us, the bad guys, to counter them." The agency could not always predict where its tools should be applied. "If we could make it so that all the bad guys use one domain, badguy.com, that would be awesome."
Anderson asked about US tech companies' anger that their services had been compromised by NSA surveillance programmes.
Ledgett said this was all done within an established legal framework -- and that the criticisms were hindering US companies' market position. "We compel them to provide information just like every other nation in the world does," he said. "Every industrial country in the world has a lawful intercept programme, requiring companies to provide information they need for their security. The fact that these revelations have been broadly characterised as 'you can't trust company A because your privacy is suspect' [has] been picked up by some people as a marketing advantage -- including some of our allies -- to say, 'Hey you can't trust the US, but you can trust us'. They're doing that to counter a very large technological edge that US companies have in the cloud and other internet capabilities."
He said it was inevitable that innocent internet users would be caught up in internet monitoring. "I'm a user of a particular email service that is the number one choice by terrorists around the world. We need to be able to find the information that's relevant.
In doing so we're going to necessarily encounter innocent Americans and innocent foreign citizens that are going about their business.
We have procedures in place to protect that, called minimisation procedures, that are constitutionally based. Absolutely folks do have a right to privacy and we work very hard to make sure that privacy is protected."
He rejected the argument that metadata collection was even more invasive than the agency's work collecting core data. Collecting "metadata is actually privacy enhancing", he insisted. "Metadata is important -- it's the information that lets you find connections that people are trying to hide, such as when a terrorist is corresponding with someone not known to us. What's more invasive of privacy is gigantic amounts of content collection. We don't sit there and grind out metadata profiles of average people. If you're not connected to one of those intelligence targets, you're not of interest to us."
DON'T MISS: [Snowden:
Big revelations to come, reporting them is not a crime](https://www.wired.co.uk/article/snowden-ted)
Ledgett insisted that terrorism was still the number one threat to Americans, which made the agency's work fundamental to preventing deaths. "We've never been in a time where there are more places where things are going badly and forming the petri dish in which terrorists are taking advantage of the lack of governance.
Places like Syria, where you have thousands of foreign fighters coming in to learn how to do jihad and in their home countries. You have Iraq, the Horn of Africa, the Sahel. Then there's the cyber threat, in three ways: the theft of intellectual property -- foreign countries going in, stealing companies' secrets, then providing that information to state-owned enterprises to help them.
Second, denial-of-service attacks executed by a national state. And destructive attacks are on the rise -- the attack on Saudi Aramco, in 2012, took down 35,000 of their computers with a virus. That is on the rise."
It was wrong for Snowden to suggest that the agency sought to bypass congressional oversight. "The programmes we are talking about were all authorised by two different presidents, two political parties, by Congress twice, by federal judges 16 different times," Ledgett said. "This is not the NSA running off and doing its own thing. This is a legitimate activity of the US government that was agreed to by all the branches. The NSA provided all the relevant information to our oversight committees. President Madison would have been proud."
Anderson asked whether there were any circumstances in which Snowden could be offered amnesty. "I've said it's worth a conversation," Ledgett said. "I defer to the [US] attorney general.
There's a strong tradition in American jurisprudence of having discussions with people charged with crimes. I'm not predisposing any outcome but there is always room for discussion."
Ledgett was offered the opportunity to suggest one TED "idea worth sharing". "Learn the facts," he said. "Don't rely on headlines. My badge lanyard at work says 'Dallas Cowboys, Go Dallas'. The lanyard of people who do our crypto work say 'Look at the data.'"
His appearance did include admission of one NSA failure of intelligence-gathering: "We didn't realise [Snowden] was going to show up there," he told Anderson. "Kudos to you guys."
This article was originally published by WIRED UK
