16 December 2013
NSA Interviewed by CBS 60 Minutes - Transcript
NSA speaks out on Snowden, spying
The NSA gives unprecedented access to the agency's HQ and, for the first
time, explains what it does and what it says it doesn't do: spy on Americans
2013 Dec 16
Correspondent John Miller
The following is a script from "Inside the NSA" which aired on Dec. 15, 2013.
John Miller is the correspondent. Ira Rosen and Gabrielle Schonder, producers.
No U.S. intelligence agency has ever been under the kind of pressure being
faced by the National Security Agency after details of some of its most secret
programs were leaked by contractor Edward Snowden. Perhaps because of that
pressure the agency gave 60 Minutes unprecedented access to NSA headquarters
where we were able to speak to employees who have never spoken publicly before.
Full disclosure, I once worked in the office of the director of National
Intelligence where I saw firsthand how secretly the NSA operates. It is often
said NSA stands for "never say anything," but tonight the agency breaks with
that tradition to address serious questions about whether the NSA delves
too far into the lives of Americans.
Gen. Keith Alexander: The fact is, we're not collecting everybody's email,
we're not collecting everybody's phone things, we're not listening to that.
Our job is foreign intelligence and we're very good at that.
The man in charge is Keith Alexander, a four-star Army general who leads
the NSA and U.S. Cyber Command.
John Miller: There is a perception out there that the NSA is widely collecting
the content of the phone calls of Americans. Is that true?
"The fact is, we're not collecting everybody's email, we're not collecting
everybody's phone things, we're not listening to that. Our job is foreign
intelligence and we're very good at that."
Gen. Keith Alexander: No, that's not true. NSA can only target the communications
of a U.S. person with a probable cause finding under specific court order.
Today, we have less than 60 authorizations on specific persons to do that.
John Miller: The NSA as we sit here right now is listening to a universe
of 50 or 60 people that would be considered U.S. persons?
Gen. Keith Alexander: Less than 60 people globally who are considered U.S.
But the NSA doesnt need a court order to spy on foreigners, from its
heavily protected headquarters in Fort Meade, Md., it collects a mind-numbing
amount of data from phones and the Internet. They sort through it all looking
for clues to terrorist plots, and intelligence on the intentions of foreign
governments. To do all that they use a network of supercomputers that use
more power than most mid-sized cities.
Gen. Alexander agreed to talk to us because he believes, the NSA has not
told its story well.
Gen. Keith Alexander: "We need to help the American people understand what
we're doing and why we're doing it." And to put it simply, we're doing two
things: We're defending this country from future terrorist attacks and we're
defending our civil liberties and privacy. There's no reason that we would
listen to the phone calls of Americans. Theres no intelligence value
in that. There's no reason that we'd want to read their email. There is no
intelligence value in that.
What they are doing is collecting the phone records of more than 300 million
John Miller: Then why do you need all of those phone records?
Gen. Keith Alexander: How do you know when the bad guy who's using those
same communications that my daughters use, is in the United States trying
to do something bad? The least intrusive way of doing that is metadata.
Metadata has become one of the most important tools in the NSAs arsenal.
Metadata is the digital information on the number dialed, the time and date,
and the frequency of the calls. We wanted to see how metadata was used at
the NSA. Analyst Stephen Benitez showed us a technique known as call
chaining used to develop targets for electronic surveillance in a pirate
network based in Somalia.
Stephen Benitez: As you see here, I'm only allowed to chain on anything that
I've been trained on and that I have access to. Add our known pirate. And
we chain him out.
John Miller: Chain him out, for the audience, means what?
Stephen Benitez: People he's been in contact to for those 18 days.
Stephen Benitez: One that stands out to me first would be this one here.
He's communicated with our target 12 times.
Stephen Benitez: Now were looking at Target Bs contacts.
John Miller: So he's talking to three or four known pirates?
Stephen Benitez: Correct. These three here. We have direct connection to
both Target A and Target B. So we'll look at him, too, we'll chain him out.
And you see, he's in communication with lots of known pirates. He might be
the missing link that tells us everything.
John Miller: What happens in this space when a number comes up that's in
Stephen Benitez: So If it does come up, normally, you'll see it as a protected
number-- and if you don't have access to it, you won't be able to look.
If a terrorist is suspected of having contacts inside the United States,
the NSA can query a database that contains the metadata of every phone call
made in the U.S. going back five years.
John Miller: So you understand then, there might be a little confusion among
Americans who read in the newspaper that the N.S.A. has vacuumed up, the
records of the telephone calls of every man, woman and child in the United
States for a period of years-- that sounds like spying on Americans.
Gen. Keith Alexander: Right, and that's wrong. That's absolutely wrong.
John Miller: You dont hear the call?
Gen. Keith Alexander: You don't hear the call.
John Miller: You don't see the name.
Gen. Keith Alexander: You don't see the names.
John Miller: You just see this number, called that number.
Gen. Keith Alexander: The-- this number-- the "to/from" number, the duration
of the call and date/time, that's all you get. And all we can do is tell
the FBI, "That number is talking to somebody who is very bad, you ought to
go look at it."
But privacy advocates argue Americans phone records should not sit
in bulk at the NSA, searchable under a blanket court order. They believe
the NSA should have to get a separate court order for each number and that
the record should stay at the phone company.
John Miller: You get the bill from whatever the service provider is and you
see who it's calling in America. You don't need to collect every American's
phone numbers to do that.
Gen. Keith Alexander: Well, the reality is if you go and do a specific one
for each, you have to tell the phone companies to keep those call detail
records for a certain period of time. So, if you dont have the data
someplace you cant search it. The other part that's important, phone
companies-- different phone companies have different sets of records. And
these phone calls may go between different phone companies. If you only go
to one company, you'll see what that phone company has. But you may not see
what the other phone company has or the other. So by putting those together,
we can see all of that essentially at one time.
John Miller: Before 9/11, did we have this capability?
Gen. Keith Alexander: We did not.
John Miller: Is it a factor? Was it a factor?
Gen. Keith Alexander: I believe it was.
What Gen. Alexander is talking about is that two of the 9/11 hijackers, Khalid
al-Mihdhar and Nawaf al-Hazmi were in touch with an al Qaeda safe house in
Yemen. The NSA did not know their calls were coming from California, as they
Gen. Keith Alexander: I think this was the factor that allowed Mihdhar to
safely conduct his plot from California. We have all the other indicators
but no way of understanding that he was in California while others were in
Florida and other places.
Edward Snowden revealed another program called prism. Which the
NSA says is authorized under the foreign intelligence surveillance act, or
FISA. Prism is the program the NSA uses to target the Internet communications
of terrorists. It has the capability to capture emails, chats, video and
photos. But privacy experts believe the NSAs dragnet for terrorists
on the Internet may also be sweeping up information on a lot of Americans.
Gen. Keith Alexander: No. That's not true. Under FISA, NSA can only target
the communications of a U.S. person with a probable cause finding under specific
John Miller: A judge in the FISA court, which is the court that secretly
hears the NSA cases and approves or disapproves your requests. Said the NSA
systematically transgressed both its own court-appointed limits in bulk Internet
data collection programs.
Gen. Keith Alexander: There was nobody willfully or knowingly trying to break
The NSA says their analysts use highly technical systems under increasingly
complex legal requirements and that when mistakes are made, theyre
human errors, not intentional abuses. The Snowden leaks have challenged the
NSA officials to explain programs they never intended to talk about. So how
did an obscure contractor and computer specialist, pull off the most damaging
breach of secrets in U.S. history? Few have spent more time thinking about
that than Rick Ledgett.
John Miller: How long have you been with the NSA?
Rick Ledgett: For 25 years.
John Miller: How many television interviews have you done?
Rick Ledgett: One, this one.
Ledgett runs the NSA task force doing the damage assessment on the Snowden
leaks. And until this interview, the NSA has never discussed the specifics
of the extent damage they believe Snowden has done and still could do.
John Miller: There've been all kinds of figures out there about how much
he took, how many documents. We've been told 1.7 million.
Rick Ledgett: I wouldn't dispute that.
John Miller: How is that possible?
Rick Ledgett: So, the people who control that, the access to those machines,
are called system administrators and they have passwords that give them the
ability to go around those-- security measures and that's what Snowden did.
Edward Snowden worked for the NSA in Hawaii. Part of his job was to help
maintain the NSAs computers and also move large sets of data between
John Miller: Did he take everything he had access to, or was he a careful
Rick Ledgett: He did something that we call-- scraping. Where he went out
and just went-- used tools to scrape information from websites, and put it
into a place where he could download it.
John Miller: At some point you then understood the breadth of what was missing
and what could be missing?
Rick Ledgett: Yes.
John Miller: Of all the things he took is there anything in there that worries
you or concerns you more than anything else?
Rick Ledgett: It's an exhaustive list of the requirements that have been
levied against-- against the National Security Agency. And what that gives
is, what topics we're interested in, where our gaps are. But additional
information about U.S. capabilities and U.S. gaps is provided as part of
John Miller: So, I'm going to assume that there's one in there about China,
and there's one in there about Iran, and there's another in there about Russia.
Rick Ledgett: Many more than one.
John Miller: Many more than one?
Rick Ledgett: Yes.
John Miller: How many of those are there?
Rick Ledgett: About 31,000.
John Miller: If those documents fell into their hands? What good would it
Rick Ledgett: It would give them a roadmap of what we know, what we don't
know, and give them-- implicitly, a way to-- protect their information from
the U.S. intelligence community's view.
John Miller: For an adversary in the intelligence game, that's a gold mine?
Rick Ledgett: It is the keys to the kingdom.
So far, none of those crucial documents have been leaked. In Hong Kong last
June, Snowden claimed that exposing the secret programs of the NSA did not
make him a traitor or a hero, but an American.
[Edward Snowden: The public needs to decide whether these programs or policies
are right or wrong.]
Snowden who is believed to still have access to a million and a half classified
documents he has not leaked. Has been granted temporary asylum in Moscow,
which leaves the U.S. with few options.
John Miller: He's already said, "If I got amnesty I would come back," given
the potential damage to national security, what would your thought on making
a deal be?
Rick Ledgett: So, my personal view is, yes, it's worth having a conversation
about. I would need assurances that the remainder of the data could be secured
and my bar for those assurances would be very high. It would be more than
just an assertion on his part.
John Miller: Is that a unanimous feeling?
Rick Ledgett: It's not unanimous.
Among those who think making a deal is a bad idea is Ledgetts boss,
Gen. Keith Alexander: This is analogous to a hostage taker taking 50 people
hostage, shooting 10 and then say, "If you give me full amnesty I'll let
the other 40 go." What do you do?
John Miller: It's a dilemma.
Gen. Keith Alexander: It is.
John Miller: Do you have a pick?
Gen. Keith Alexander: I do. I think people have to be held accountable for
Gen. Keith Alexander: Because what we don't want is the next person to do
the same thing, race off to Hong Kong and to Moscow with another set of data
knowing they can strike the same deal.
John Miller: This happened on your watch. A 20-something-year-old high school
dropout contractor managed to walk out with in essence the crown jewels.
Did you offer to resign about the Snowden incident?
Gen. Keith Alexander: Yes.
John Miller: The secretary of Defense, the director of National Intelligence,
what did they say?
Gen. Keith Alexander: Well, I offered to resign. And they said, "We don't
see a reason that you should resign. We haven't found anybody there doing
anything wrong. In fact, this could have happened to anybody in the community.
And we don't need you to resign. We need you and deputy director to help
work your way through is," which is what we're doing. We'll do everything
we can to fix it.
Besides Edward Snowden, Gen. Alexander has growing concerns about a number
of increasing threats to the United States, and the NSA's ability to stop
them. That part of the story when we come back.
The Snowden Affair
Inside the NSA, where getting hired requires swearing an oath to your country
and signing a vow of secrecy under the penalty of law, the very concept of
what Edward Snowden did was hard for many to grasp. Gen. Keith Alexander
felt he had a big stake in understanding Snowden, so he and Rick Ledgett
who runs the Snowden task force got on a plane to Hawaii. They wanted to
see the scene of the crime, Edward Snowden's desk.
John Miller: Did you sit in his chair?
Rick Ledgett: I did not. I couldnt bring myself to do that.
For Ledgett, the trip was important to understanding who Snowden was, and
going back through the bits and the bytes, they discovered the first secrets
Snowden stole, was how to cheat on a test to get a job at the agency.
Rick Ledgett: He was taking a technical examination for potential employment
at NSA; he used his system administrator privileges to go into the account
of the NSA employee who was administering that test, and he took both questions
and the answers, and used them to pass the test.
At home, they discovered Snowden had some strange habits.
Rick Ledgett: He would work on the computer with a hood that covered the
computer screen and covered his head and shoulders, so that he could work
and his girlfriend couldn't see what he was doing.
John Miller: That's pretty strange, sitting at your computer kind of covered
by a sheet over your head and the screen?
Rick Ledgett: Agreed.
We also learned for the first time, that part of the damage assessment considered
the possibility that Snowden could have left a bug or virus behind on the
NSAs system, like a time bomb.
Rick Ledgett: So, all the machines that he had access to we removed from
our classified network. All the machines in the unclassified network and
including the actual cables that connect those machines, we removed as well.
John Miller: This has to have cost millions and millions of dollars.
Rick Ledgett: Tens of millions. Yes.
While Edward Snowden's leaks have been a disaster for the agency, the rest
of the NSAs mission has not slowed down.
[Meanwhile, the Pakistani government has asked the US government to relook
its drone policy.]
Twice a week, under the dim blue lights of the NSAs operations center,
the director is given a briefing.
[Sir, we added three new hostage cases this week.]
With his deputy, Chris Inglis, Gen. Alexander listens to a rundown of global
issues and international crisis the NSA may be asked to collect intelligence
[Sir, moving to Afghanistan.]
The meeting is called the stand-up because no one sits down, which is almost
a metaphor for the pace of daily life in the NSA operations center. Howie
Larrabee is the centers director.
Howie Larrabee: This is a 24/7 operation center. We havent had a day
off. We havent had a Christmas off. And we havent had a major
snowstorm off in more than 40 years.
While the operations center grapples with terrorist plots and war zones,
another team of analysts is monitoring what the agency says is the rising
threat of a cyber attack that could take down anything from the power grid
to Wall Street.
"This is a 24/7 operation center. We havent had a day off. We havent
had a Christmas off. And we havent had a major snowstorm off in more
than 40 years."
John Miller: Could a foreign country tomorrow topple our financial system?
Gen. Keith Alexander: I believe that a foreign nation could impact and destroy
major portions of our financial system, yes.
John Miller: How much of it could we stop?
Gen. Keith Alexander: Well, right now it would be difficult to stop it because
our ability to see it is limited.
One they did see coming was called the BIOS Plot. It could have been catastrophic
for the United States. While the NSA would not name the country behind it,
cyber security experts briefed on the operation told us it was China. Debora
Plunkett directs cyber defense for the NSA and for the first time, discusses
the agencys role in discovering the plot.
Debora Plunkett: One of our analysts actually saw that the nation state had
the intention to develop and to deliver, to actually use this capability--
to destroy computers.
John Miller: To destroy computers.
Debora Plunkett: To destroy computers. So the BIOS is a basic input, output
system. It's, like, the foundational component firmware of a computer. You
start your computer up. The BIOS kicks in. It activates hardware. It activates
the operating system. It turns on the computer.
This is the BIOS system which starts most computers. The attack would have
been disguised as a request for a software update. If the user agreed, the
virus wouldve infected the computer.
John Miller: So, this basically would have gone into the system that starts
up the computer, runs the systems, tells it what to do.
Debora Plunkett: That's right.
John Miller: --and basically turned it into a cinderblock.
Debora Plunkett: A brick.
John Miller: And after that, there wouldn't be much you could do with that
Debora Plunkett: That's right. Think about the impact of that across the
entire globe. It could literally take down the U.S. economy.
John Miller: I don't mean to be flip about this. But it has a kind of a little
Dr. Evil quality-- to it that, "I'm going to develop a program that can destroy
every computer in the world." It sounds almost unbelievable.
Debora Plunkett: Don't be fooled. There are absolutely nation states who
have the capability and the intentions to do just that.
John Miller: And based on what you learned here at NSA. Would it have worked?
Debora Plunkett: We believe it would have. Yes.
John Miller: Is this anything that's been talked about publicly before?
Debora Plunkett: No, not-- not to this extent. This is the first time.
The NSA working with computer manufacturers was able to close this vulnerability,
but they say there are other attacks occurring daily. So the NSA has hired
3,000 young analysts as part of cyberdefense.
Three of those analysts Morgan, Charles and Natalie describe to us how country's
like China, Russia and Iran use social engineering to get inside a network.
John Miller: They're looking for a disguise to get in?
Charles: Exactly, yes.
John Miller: And at what point will they ask the question that will cause
the adversary to hand over that vulnerability?
Morgan: So if I want to craft a social engineering message to lure you in
so that I could potentially steal your username and password to gain access
to a network, I may go on your Facebook page and see if you like golfing.
So if you like golfing, then maybe I'm gonna send you a email about-- you
know, a sale at a big golf retailer near you.
John Miller: So you're trying to develop that little box that's irresistible--
Voices: Correct, Uh-huh.
John Miller: --that the person has to click on and open, because--
Morgan: They'll take, yeah.
John Miller: --they need to see what's inside?
John Miller: And that is going to let loose all the gremlins that are going
to take over whatever they're capable of taking over.
Morgan: Yeah, that's their door in.
Charles: The other real trick is, it's not necessarily one email. It could
be 50 emails. In the new cyber paradigm, you can fail 50 times. You can ignore
50 emails. But if that 51st one is clicked, then that's it. Game over.
But before computers, before phones, there were codes. The NSA was born out
of the codebreakers of World War II. And even today, the most secret room
inside the most secret building at the NSA is called the black chamber. This
is where the nations top codebreakers work. We were able to look inside,
but for obvious reasons, the NSA asked us not to show the people who worked
The Black Chamber CBS News
Outside the black chamber is this ordinary-looking file cabinet. But it can
only be opened with a code known by a handful of people. Bob, who watches
over it, explains it holds the records of every code America has broken over
the last 60 years.
John Miller: If I was Russia, China, Iran, North Korea, would I want what
was inside there?
Bob: You would be greatly interested in whats in this box.
Bob: This would be the ark of the covenant.
When you walk around the NSA research building, where the codebreakers work,
you see some very young people. And very smart people.
John Miller: How long would it take you to do this?
Joe: About a minute.
John Miller: Are you serious?
John Miller: Go.
Many of the cryptologists skipped grades in school, earned masters degrees
and PhDs and look more like they belong on a college campus than at the NSA.
Actually, the Rubiks cube took him one minute and 35 seconds.
John Miller: You know, I didn't like you before.
For this group, the Rubiks cube was the easiest problem that day.
Joslyn: So the idea here is were looking at a sequence of numbers,
and we want to determine whether theyre random or not random.
John Miller: How are you approaching that? Can you show me?
Joe: We are looking at this data here and it is a bunch of random numbers
on the screen.
John Miller: That looks a tad overwhelming.
Joe: It is.
John Miller: Can you actually imagine solving this?
Joe: We solve hard problem all the time.
John Miller: Is there an unbreakable code?
Chris Inglis: Theoretically, yes. Theres always been an unbreakable
Chris Inglis is the former deputy director of the NSA. Among the areas he
supervised, are the codebreakers. He says each summer 10,000 high school
students apply for a few openings.
Chris Inglis: We clear them fully. We give them full access to our problems.
We give them problems that we could not solve. And they solve some number
of those problems. The principle reason being that they bring a different
perspective and audacity to it that we hadnt thought about in all the
years of experience that weve brought to bear.
John Miller: So youve had occasions where youve given a difficult
problem to a high school kid with a top-secret clearance whose come back
and said hey, I think I got this one?
Chris Inglis: For any given summer thats more often the rule than the
exception. Were always pleasantly surprised.
While high school kids on summer break may be cracking secret codes, this
is still a spy agency that steals secrets, reads emails and listens to foreign
leaders phone calls.
Among the Snowden leaks, perhaps the most embarrassing for the White House
was that the NSA monitored some of German Chancellor Angela Merkels
cell phone calls. But Gen. Alexander says the NSA doesnt choose who
to spy on. They target the subjects and the countries that other U.S. agencies
including the State Department ask for intelligence on.
Gen. Keith Alexander: That's one of the ones that the White House and I think
our principals are looking at. What is the appropriate measures? What should
we do? And what are we gonna stop doing? From my perspective when we look
at that it has to be both ways. Our country and their country has to come
to an agreement to do the same. It can't be--
John Miller: Well--
Gen. Keith Alexander: --either way.
John Miller: --does that mean that we'll just agree to stop spying on everybody
including our friends if they all agree to stop spying on everybody including
Gen. Keith Alexander: Well, I think that's gotta be part of the negotiation.
And I think that's fraught with concern. What do you mean by--
John Miller: Do you think--
Gen. Keith Alexander: --"stop spying"?
John Miller: --Chancellor Merkel hears President Obama's calls?
Gen. Keith Alexander: Well, I don't know. But I know they have a great
intelligence capability and that they collect foreign intelligence just like
This week, the CEOs of eight major Internet providers including Google, Apple
and Yahoo asked the president for new limits to be placed on the NSAs
ability to collect personal information from their users.
John Miller: One of the Snowden leaks involved the concept that NSA had tunneled
into the foreign data centers of major U.S. Internet providers. Did the leak
describe it the right way?
Gen. Keith Alexander: No, that's not correct. We do target terrorist
communications. And terrorists use communications from Google, from Yahoo,
and from other service providers. So our objective is to collect those
communications no matter where they are.
But we're not going into a facility or targeting Google as an entity or Yahoo
has an entity. But we will collect those communications of terrorists that
flow on that network.
Sources tell 60 Minutes the presidents intelligence review panel will
recommend new limits on bulk collection of U.S. phone records which concerns
John Miller: After all of this controversy, you could come out of this with
less authority than you went into it. What does that say?
Gen. Keith Alexander: Well, my concern on that is specially what's going
on in the Middle East, what you see going on in Syria, what we see going
on-- Egypt, Libya, Iraq, it's much more unstable, the probability that a
terrorist attack will occur is going up. And this is precisely the time that
we should not step back from the tools that we've given our analysts to detect
these types of attacks.
© 2013 CBS Interactive Inc. All Rights Reserved.
John Miller is a senior correspondent for CBS News, with extensive experience
in intelligence, law enforcement and journalism, including stints in the
Office of the Director of National Intelligence and the FBI.