sponsored links
TED2014

Richard Ledgett: The NSA responds to Edward Snowden’s TED Talk

March 20, 2014

After a surprise appearance by Edward Snowden at TED2014, Chris Anderson said: "If the NSA wants to respond, please do." And yes, they did. Appearing by video, NSA deputy director Richard Ledgett answers Anderson’s questions about the balance between security and protecting privacy.

Richard Ledgett - Deputy director, NSA
Richard Ledgett is deputy director and senior civilian leader of the National Security Agency. He acts as the agency’s chief operating officer, responsible for guiding and directing studies, operations and policy. Full bio

sponsored links
Double-click the English subtitles below to play the video.
Chris Anderson: We had Edward Snowden here
00:12
a couple days ago,
00:14
and this is response time.
00:16
And several of you have written to me
00:18
with questions to ask our guest here from the NSA.
00:20
So Richard Ledgett is the 15th deputy director
00:25
of the National Security Agency,
00:27
and he's a senior civilian officer there,
00:30
acts as its chief operating officer,
00:33
guiding strategies, setting internal policies,
00:35
and serving as the principal advisor to the director.
00:38
And all being well,
00:43
welcome, Rick Ledgett, to TED.
00:45
(Applause)
00:48
Richard Ledgett: I'm really thankful for the opportunity to talk to folks here.
00:55
I look forward to the conversation,
00:59
so thanks for arranging for that.
01:01
CA: Thank you, Rick.
01:04
We appreciate you joining us.
01:05
It's certainly quite a strong statement
01:08
that the NSA is willing to reach out
01:10
and show a more open face here.
01:12
You saw, I think,
01:16
the talk and interview that Edward Snowden
01:18
gave here a couple days ago.
01:22
What did you make of it?
01:23
RL: So I think it was interesting.
01:25
We didn't realize that he
was going to show up there,
01:28
so kudos to you guys for arranging
01:31
a nice surprise like that.
01:34
I think that, like a lot of the things
01:37
that have come out since Mr. Snowden
01:42
started disclosing classified information,
01:47
there were some kernels of truth in there,
01:49
but a lot of extrapolations and half-truths in there,
01:53
and I'm interested in helping to address those.
01:56
I think this is a really important conversation
01:59
that we're having in the United States
02:01
and internationally,
02:03
and I think it is important and of import,
02:04
and so given that, we need to have that be
02:09
a fact-based conversation,
02:12
and we want to help make that happen.
02:13
CA: So the question that a lot
of people have here is,
02:16
what do you make of Snowden's motivations
02:21
for doing what he did,
02:23
and did he have an alternative
way that he could have gone?
02:26
RL: He absolutely did
02:30
have alternative ways that he could have gone,
02:33
and I actually think that characterizing him
02:37
as a whistleblower
02:42
actually hurts legitimate whistleblowing activities.
02:44
So what if somebody who works in the NSA --
02:48
and there are over 35,000 people who do.
02:51
They're all great citizens.
02:54
They're just like your husbands, fathers, sisters,
02:57
brothers, neighbors, nephews, friends and relatives,
02:59
all of whom are interested in doing the right thing
03:03
for their country
03:05
and for our allies internationally,
03:07
and so there are a variety of venues to address
03:10
if folks have a concern.
03:14
First off, there's their supervisor,
03:15
and up through the supervisory chain
03:17
within their organization.
03:20
If folks aren't comfortable with that,
03:21
there are a number of inspectors general.
03:23
In the case of Mr. Snowden, he had the option
03:25
of the NSA inspector general,
03:29
the Navy inspector general,
03:31
the Pacific Command inspector general,
03:32
the Department of Defense inspector general,
03:34
and the intelligence community inspector general,
03:36
any of whom would have both kept
his concerns in classified channels
03:38
and been happy to address them.
03:42
(CA and RL speaking at once)
03:45
He had the option to go to
congressional committees,
03:47
and there are mechanisms
to do that that are in place,
03:49
and so he didn't do any of those things.
03:53
CA: Now, you had said that
03:55
Ed Snowden had other avenues
03:58
for raising his concerns.
04:00
The comeback on that is a couple of things:
04:03
one, that he certainly believes that as a contractor,
04:06
the avenues that would have been available
to him as an employee weren't available,
04:10
two, there's a track record of other whistleblowers,
04:14
like [Thomas Andrews Drake] being treated
04:17
pretty harshly, by some views,
04:20
and thirdly, what he was taking on
04:23
was not one specific flaw that he'd discovered,
04:25
but programs that had been approved
04:28
by all three branches of government.
04:30
I mean, in that circumstance,
04:33
couldn't you argue that what he did
04:36
was reasonable?
04:38
RL: No, I don't agree with that.
04:41
I think that the —
04:43
sorry, I'm getting feedback
04:47
through the microphone there —
04:49
the actions that he took were inappropriate
04:52
because of the fact that
he put people's lives at risk,
04:57
basically, in the long run,
05:02
and I know there's been a lot of talk
05:03
in public by Mr. Snowden
and some of the journalists
05:05
that say that the things that have been disclosed
05:10
have not put national security and people at risk,
05:13
and that is categorically not true.
05:17
They actually do.
05:21
I think there's also an amazing arrogance
05:23
to the idea that he knows better than
05:26
the framers of the Constitution
05:30
in how the government should
be designed and work
05:34
for separation of powers
05:36
and the fact that the executive
and the legislative branch
05:38
have to work together and they have
checks and balances on each other,
05:45
and then the judicial branch,
05:47
which oversees the entire process.
05:49
I think that's extremely arrogant on his part.
05:50
CA: Can you give a specific example
05:54
of how he put people's lives at risk?
05:57
RL: Yeah, sure.
06:00
So the things that he's disclosed,
06:02
the capabilities,
06:06
and the NSA is a capabilities-based organization,
06:07
so when we have foreign intelligence targets,
06:10
legitimate things of interest --
06:13
like, terrorists is the iconic example,
06:15
but it includes things like human traffickers,
06:17
drug traffickers,
06:20
people who are trying to build
advanced weaponry, nuclear weapons,
06:22
and build delivery systems for those,
06:26
and nation-states who might be executing aggression against their immediate neighbors,
06:28
which you may have some visibility
06:32
into some of that that's going on right now,
06:34
the capabilities are applied
06:37
in very discrete and measured and controlled ways.
06:41
So the unconstrained disclosure
of those capabilities
06:46
means that as adversaries see them
06:49
and recognize, "Hey, I might be vulnerable to this,"
06:51
they move away from that,
06:53
and we have seen targets in terrorism,
06:55
in the nation-state area,
06:58
in smugglers of various types, and other folks
07:00
who have, because of the disclosures,
07:03
moved away from our ability
07:05
to have insight into what they're doing.
07:08
The net effect of that is that our people
07:10
who are overseas in dangerous places,
07:13
whether they're diplomats or military,
07:15
and our allies who are in similar situations,
07:17
are at greater risk because we don't see
07:20
the threats that are coming their way.
07:22
CA: So that's a general response saying that
07:25
because of his revelations,
07:27
access that you had to certain types of information
07:29
has been shut down, has been closed down.
07:32
But the concern is that the nature of that access
07:36
was not necessarily legitimate in the first place.
07:39
I mean, describe to us this Bullrun program
07:43
where it's alleged that the NSA
07:46
specifically weakened security
07:48
in order to get the type of
access that you've spoken of.
07:50
RL: So there are, when our
07:55
legitimate foreign intelligence targets
of the type that I described before,
08:00
use the global telecommunications system
08:03
as their communications methodology,
08:06
and they do, because it's a great system,
08:08
it's the most complex system ever devised by man,
08:09
and it is a wonder,
08:12
and lots of folks in the room there
08:14
are responsible for the creation
08:16
and enhancement of that,
08:18
and it's just a wonderful thing.
08:19
But it's also used by people who are
08:22
working against us and our allies.
08:25
And so if I'm going to pursue them,
08:27
I need to have the capability
08:29
to go after them,
08:31
and again, the controls are in
08:33
how I apply that capability,
08:36
not that I have the capability itself.
08:38
Otherwise, if we could make it so that
08:41
all the bad guys used one corner of the Internet,
08:42
we could have a domain, badguy.com.
08:45
That would be awesome,
08:46
and we could just concentrate all our efforts there.
08:48
That's not how it works.
08:50
They're trying to hide
08:51
from the government's ability
08:54
to isolate and interdict their actions,
08:55
and so we have to swim in that same space.
08:59
But I will tell you this.
09:02
So NSA has two missions.
09:03
One is the Signals Intelligence mission
09:05
that we've unfortunately read so
much about in the press.
09:06
The other one is the Information Assurance mission,
09:10
which is to protect the national security
systems of the United States,
09:11
and by that, that's things like
09:14
the communications that the president uses,
09:16
the communications that
control our nuclear weapons,
09:18
the communications that our
military uses around the world,
09:21
and the communications that we use with our allies,
09:23
and that some of our allies themselves use.
09:26
And so we make recommendations
on standards to use,
09:27
and we use those same standards,
09:33
and so we are invested
09:35
in making sure that those communications
09:37
are secure for their intended purposes.
09:39
CA: But it sounds like what you're saying is that
09:43
when it comes to the Internet at large,
09:45
any strategy is fair game
09:49
if it improves America's safety.
09:51
And I think this is partly where there is such
09:54
a divide of opinion,
09:56
that there's a lot of people in this room
09:58
and around the world
09:59
who think very differently about the Internet.
10:00
They think of it as a momentous
10:02
invention of humanity,
10:05
kind of on a par with the
Gutenberg press, for example.
10:06
It's the bringer of knowledge to all.
10:10
It's the connector of all.
10:12
And it's viewed in those sort of idealistic terms.
10:14
And from that lens,
10:17
what the NSA has done is equivalent to
10:19
the authorities back in Germany
10:21
inserting some device into every printing press
10:23
that would reveal which books people bought
10:26
and what they read.
10:30
Can you understand that from that viewpoint,
10:32
it feels outrageous?
10:34
RL: I do understand that, and I actually share
the view of the utility of the Internet,
10:38
and I would argue it's bigger than the Internet.
10:42
It is a global telecommunications system.
10:43
The Internet is a big chunk of
that, but there is a lot more.
10:46
And I think that people have legitimate concerns
10:48
about the balance between
transparency and secrecy.
10:51
That's sort of been couched as a balance
10:58
between privacy and national security.
11:00
I don't think that's the right framing.
11:03
I think it really is transparency and secrecy.
11:05
And so that's the national and international conversation that we're having,
11:07
and we want to participate in that, and want
11:11
people to participate in it in an informed way.
11:12
So there are things,
11:15
let me talk there a little bit more,
11:16
there are things that we need
to be transparent about:
11:18
our authorities, our processes,
11:22
our oversight, who we are.
11:24
We, NSA, have not done a good job of that,
11:26
and I think that's part of the reason
11:28
that this has been so revelational
11:29
and so sensational in the media.
11:32
Nobody knew who we were. We were the No Such Agency, the Never Say Anything.
11:34
There's takeoffs of our logo
11:38
of an eagle with headphones on around it.
11:41
And so that's the public characterization.
11:44
And so we need to be more
transparent about those things.
11:47
What we don't need to be transparent about,
11:52
because it's bad for the U.S.,
11:53
it's bad for all those other
countries that we work with
11:55
and that we help provide information
11:58
that helps them secure themselves
12:00
and their people,
12:02
it's bad to expose operations and capabilities
12:03
in a way that allows the people
that we're all working against,
12:07
the generally recognized bad guys,
12:12
to counter those.
12:17
CA: But isn't it also bad to deal
12:20
a kind of body blow to the American companies
12:23
that have essentially given the world
12:26
most of the Internet services that matter?
12:28
RL: It is. It's really the companies are
12:33
in a tough position, as are we,
12:37
because the companies,
12:40
we compel them to provide information,
12:42
just like every other nation in the world does.
12:44
Every industrialized nation in the world
12:46
has a lawful intercept program
12:50
where they are requiring companies
12:52
to provide them with information
12:54
that they need for their security,
12:56
and the companies that are involved
12:57
have complied with those programs
12:59
in the same way that they have to do
13:01
when they're operating in Russia or the U.K.
13:02
or China or India or France,
13:06
any country that you choose to name.
13:10
And so the fact that these revelations
13:12
have been broadly characterized as
13:17
"you can't trust company A because
13:19
your privacy is suspect with them"
13:21
is actually only accurate in the sense that
13:25
it's accurate with every other company in the world
13:29
that deals with any of those countries in the world.
13:32
And so it's being picked up by people
13:34
as a marketing advantage,
13:36
and it's being marketed that
way by several countries,
13:37
including some of our allied countries,
13:39
where they are saying,
13:41
"Hey, you can't trust the U.S.,
13:42
but you can trust our telecom company,
13:44
because we're safe."
13:46
And they're actually using that to counter
13:48
the very large technological edge
13:49
that U.S. companies have
13:52
in areas like the cloud and
Internet-based technologies.
13:54
CA: You're sitting there with the American flag,
13:57
and the American Constitution guarantees
14:00
freedom from unreasonable search and seizure.
14:04
How do you characterize
14:07
the American citizen's right to privacy?
14:09
Is there such a right?
14:13
RL: Yeah, of course there is.
14:16
And we devote an inordinate
amount of time and pressure,
14:18
inordinate and appropriate, actually I should say,
14:21
amount of time and effort in order to ensure
14:24
that we protect that privacy.
14:26
and beyond that, the privacy of citizens
14:28
around the world, it's not just Americans.
14:31
Several things come into play here.
14:35
First, we're all in the same network.
14:37
My communications,
14:39
I'm a user of a particular Internet email service
14:40
that is the number one email service of choice
14:44
by terrorists around the world, number one.
14:48
So I'm there right beside them in email space
14:50
in the Internet.
14:53
And so we need to be able to pick that apart
14:54
and find the information that's relevant.
14:58
In doing so, we're going to necessarily encounter
15:04
Americans and innocent foreign citizens
15:08
who are just going about their business,
15:10
and so we have procedures in
place that shreds that out,
15:11
that says, when you find that,
15:14
not if you find it, when you find it,
because you're certain to find it,
15:16
here's how you protect that.
15:19
These are called minimization procedures.
15:20
They're approved by the attorney general
15:22
and constitutionally based.
15:25
And so we protect those.
15:26
And then, for people, citizens of the world
15:29
who are going about their lawful business
15:33
on a day-to-day basis,
15:35
the president on his January 17 speech,
15:37
laid out some additional protections
15:39
that we are providing to them.
15:40
So I think absolutely,
15:43
folks do have a right to privacy,
15:44
and that we work very hard to make sure
15:46
that that right to privacy is protected.
15:49
CA: What about foreigners using
15:51
American companies' Internet services?
15:53
Do they have any privacy rights?
15:55
RL: They do. They do, in the sense of,
15:59
the only way that we are able to compel
16:02
one of those companies to provide us information
16:07
is when it falls into one of three categories:
16:10
We can identify that this particular person,
16:13
identified by a selector of some kind,
16:17
is associated with counterterrorist
16:19
or proliferation or other foreign intelligence target.
16:23
CA: Much has been made of the fact that
16:28
a lot of the information that you've obtained
16:30
through these programs is essentially metadata.
16:32
It's not necessarily the actual words
16:34
that someone has written in an email
16:37
or given on a phone call.
16:38
It's who they wrote to and when, and so forth.
16:40
But it's been argued,
16:44
and someone here in the audience has talked
16:45
to a former NSA analyst who said
16:47
metadata is actually much more invasive
16:50
than the core data,
16:52
because in the core data
16:54
you present yourself as you want to be presented.
16:55
With metadata, who knows what the conclusions are
16:58
that are drawn?
17:01
Is there anything to that?
17:02
RL: I don't really understand that argument.
17:04
I think that metadata's important
for a couple of reasons.
17:06
Metadata is the information that lets you
17:09
find connections that people are trying to hide.
17:13
So when a terrorist is corresponding
17:17
with somebody else who's not known to us
17:19
but is engaged in doing or
supporting terrorist activity,
17:20
or someone who's violating international sanctions
17:23
by providing nuclear weapons-related material
17:26
to a country like Iran or North Korea,
17:29
is trying to hide that activity
because it's illicit activity.
17:31
What metadata lets you do is connect that.
17:35
The alternative to that
17:37
is one that's much less efficient
17:39
and much more invasive of privacy,
17:40
which is gigantic amounts of content collection.
17:42
So metadata, in that sense,
17:46
actually is privacy-enhancing.
17:47
And we don't, contrary to some of the stuff
17:49
that's been printed,
17:52
we don't sit there and grind out
17:53
metadata profiles of average people.
17:56
If you're not connected
17:59
to one of those valid intelligence targets,
18:01
you are not of interest to us.
18:04
CA: So in terms of the threats
18:07
that face America overall,
18:10
where would you place terrorism?
18:13
RL: I think terrorism is still number one.
18:16
I think that we have never been in a time
18:19
where there are more places
18:23
where things are going badly
18:25
and forming the petri dish in which terrorists
18:28
take advantage of the lack of governance.
18:32
An old boss of mine, Tom Fargo, Admiral Fargo,
18:37
used to describe it as arcs of instability.
18:41
And so you have a lot of those arcs of instability
18:43
in the world right now,
18:45
in places like Syria, where there's a civil war
18:47
going on and you have massive numbers,
18:49
thousands and thousands of foreign fighters
18:52
who are coming into Syria
18:53
to learn how to be terrorists
18:55
and practice that activity,
18:57
and lots of those people are Westerners
18:59
who hold passports to European countries
19:01
or in some cases the United States,
19:05
and so they are basically learning how
19:07
to do jihad and have expressed intent
19:09
to go out and do that later on
19:13
in their home countries.
19:15
You've got places like Iraq,
19:17
which is suffering from a high
level of sectarian violence,
19:18
again a breeding ground for terrorism.
19:21
And you have the activity in the Horn of Africa
19:24
and the Sahel area of Africa.
19:26
Again, lots of weak governance
19:29
which forms a breeding ground for terrorist activity.
19:32
So I think it's very serious. I think it's number one.
19:35
I think number two is cyber threat.
19:37
I think cyber is a threat in three ways:
19:40
One way, and probably the most common way
19:45
that people have heard about it,
19:49
is due to the theft of intellectual property,
19:51
so basically, foreign countries going in,
19:53
stealing companies' secrets,
19:58
and then providing that information
20:00
to state-owned enterprises
20:02
or companies connected to the government
20:03
to help them leapfrog technology
20:06
or to gain business intelligence
20:09
that's then used to win contracts overseas.
20:11
That is a hugely costly set of
activities that's going on right now.
20:14
Several nation-states are doing it.
20:17
Second is the denial-of-service attacks.
20:19
You're probably aware that there have been
20:22
a spate of those directed against
20:23
the U.S. financial sector since 2012.
20:25
Again, that's a nation-state who
is executing those attacks,
20:29
and they're doing that
20:32
as a semi-anonymous way of reprisal.
20:33
And the last one is destructive attacks,
20:37
and those are the ones that concern me the most.
20:39
Those are on the rise.
20:40
You have the attack against Saudi Aramco in 2012,
20:42
August of 2012.
20:45
It took down about 35,000 of their computers
20:47
with a Wiper-style virus.
20:49
You had a follow-on a week later
20:51
to a Qatari company.
20:53
You had March of 2013,
20:55
you had a South Korean attack
20:57
that was attributed in the press to North Korea
20:59
that took out thousands of computers.
21:02
Those are on the rise,
21:04
and we see people expressing interest
21:05
in those capabilities
21:08
and a desire to employ them.
21:09
CA: Okay, so a couple of things here,
21:11
because this is really the core of this, almost.
21:13
I mean, first of all,
21:15
a lot of people who look at risk
21:16
and look at the numbers
21:18
don't understand this belief that terrorism
21:19
is still the number one threat.
21:21
Apart from September 11,
21:23
I think the numbers are that
in the last 30 or 40 years
21:25
about 500 Americans have died from terrorism,
21:27
mostly from homegrown terrorists.
21:30
The chance in the last few years
21:34
of being killed by terrorism
21:36
is far less than the chance
of being killed by lightning.
21:37
I guess you would say that a single nuclear incident
21:41
or bioterrorism act or something like that
21:45
would change those numbers.
21:48
Would that be the point of view?
21:50
RL: Well, I'd say two things.
21:52
One is, the reason that there hasn't been
21:53
a major attack in the United States since 9/11,
21:55
that is not an accident.
21:57
That's a lot of hard work that we have done,
21:59
that other folks
22:01
in the intelligence community have done,
22:02
that the military has done,
22:03
and that our allies around the globe have done.
22:05
You've heard the numbers about
22:07
the tip of the iceberg in terms
22:09
of numbers of terrorist attacks that NSA programs
22:12
contributed to stopping was 54,
22:14
25 of those in Europe,
22:17
and of those 25,
22:19
18 of them occurred in three countries,
22:21
some of which are our allies,
22:24
and some of which are beating the heck out of us
22:25
over the NSA programs, by the way.
22:28
So that's not an accident that those things happen.
22:32
That's hard work. That's us finding intelligence
22:35
on terrorist activities
22:37
and interdicting them through one way or another,
22:39
through law enforcement,
22:41
through cooperative activities with other countries
22:42
and sometimes through military action.
22:45
The other thing I would say is that
22:48
your idea of nuclear or chem-bio-threat
22:51
is not at all far-fetched
22:56
and in fact there are a number of groups
22:57
who have for several years expressed interest
22:59
and desire in obtaining those capabilities
23:01
and work towards that.
23:04
CA: It's also been said that,
23:05
of those 54 alleged incidents,
23:07
that as few as zero of them
23:10
were actually anything to do
23:12
with these controversial programs
23:13
that Mr. Snowden revealed,
23:14
that it was basically through
other forms of intelligence,
23:18
that you're looking for a needle in a haystack,
23:22
and the effects of these programs,
23:25
these controversial programs,
23:27
is just to add hay to the stack,
23:28
not to really find the needle.
23:30
The needle was found by other methods.
23:31
Isn't there something to that?
23:33
RL: No, there's actually two programs
23:37
that are typically implicated in that discussion.
23:40
One is the section 215 program,
23:42
the U.S. telephony metadata program,
23:45
and the other one is
23:48
popularly called the PRISM program,
23:50
and it's actually section 702
of the FISA Amendment Act.
23:51
But the 215 program
23:55
is only relevant to threats
23:59
that are directed against the United States,
24:00
and there have been a dozen threats
24:03
where that was implicated.
24:06
Now what you'll see people say publicly
24:07
is there is no "but for" case,
24:10
and so there is no case where, but for that,
24:12
the threat would have happened.
24:16
But that actually indicates a lack of understanding
24:18
of how terrorist investigations actually work.
24:22
You think about on television,
24:27
you watch a murder mystery.
24:29
What do you start with? You start with a body,
24:30
and then they work their way
from there to solve the crime.
24:31
We're actually starting well before that,
24:34
hopefully before there are any bodies,
24:35
and we're trying to build the case for
24:37
who the people are, what they're trying to do,
24:39
and that involves massive amounts of information.
24:41
Think of it is as mosaic,
24:44
and it's hard to say that any one piece of a mosaic
24:46
was necessary to building the mosaic,
24:48
but to build the complete picture,
24:51
you need to have all the pieces of information.
24:52
On the other, the non-U.S.-related
threats out of those 54,
24:54
the other 42 of them,
24:57
the PRISM program was hugely relevant to that,
25:01
and in fact was material in contributing
25:05
to stopping those attacks.
25:08
CA: Snowden said two days ago
25:10
that terrorism has always been
25:11
what is called in the intelligence world
25:15
"a cover for action,"
25:17
that it's something that,
25:18
because it invokes such a powerful
25:20
emotional response in people,
25:22
it allows the initiation of these programs
25:24
to achieve powers that an organization like yours
25:27
couldn't otherwise have.
25:30
Is there any internal debate about that?
25:32
RL: Yeah.
25:35
I mean, we debate these things all the time,
25:37
and there is discussion that goes on
25:39
in the executive branch
25:41
and within NSA itself
25:43
and the intelligence community about
25:45
what's right, what's proportionate,
25:47
what's the correct thing to do.
25:48
And it's important to note that the programs
25:50
that we're talking about
25:51
were all authorized by two different presidents,
25:53
two different political parties,
25:56
by Congress twice,
25:58
and by federal judges 16 different times,
26:00
and so this is not NSA running off
26:04
and doing its own thing.
26:08
This is a legitimate activity
26:10
of the United States foreign government
26:12
that was agreed to by all the branches
26:15
of the United States government,
26:17
and President Madison would have been proud.
26:19
CA: And yet, when congressmen discovered
26:22
what was actually being done
with that authorization,
26:26
many of them were completely shocked.
26:28
Or do you think that is not a legitimate reaction,
26:31
that it's only because it's now come out publicly,
26:35
that they really knew exactly what you were doing
26:37
with the powers they had granted you?
26:40
RL: Congress is a big body.
26:42
There's 535 of them,
26:44
and they change out frequently,
26:46
in the case of the House, every two years,
26:48
and I think that the NSA provided
26:50
all the relevant information
to our oversight committees,
26:54
and then the dissemination of that information
26:57
by the oversight committees throughout Congress
26:59
is something that they manage.
27:01
I think I would say that Congress members
27:03
had the opportunity to make themselves aware,
27:08
and in fact a significant number of them,
27:12
the ones who are assigned oversight responsibility,
27:14
did have the ability to do that.
27:17
And you've actually had the chairs of
those committees say that in public.
27:19
CA: Now, you mentioned the
threat of cyberattacks,
27:23
and I don't think anyone in this room would disagree
27:24
that that is a huge concern,
27:26
but do you accept that there's a tradeoff
27:28
between offensive and defensive strategies,
27:30
and that it's possible that the very measures taken
27:32
to, "weaken encryption,"
27:35
and allow yourself to find the bad guys,
27:38
might also open the door to forms of cyberattack?
27:40
RL: So I think two things.
27:44
One is, you said weaken encryption. I didn't.
27:47
And the other one is that
27:51
the NSA has both of those missions,
27:56
and we are heavily biased towards defense,
27:59
and, actually, the vulnerabilities that we find
28:01
in the overwhelming majority of cases,
28:05
we disclose to the people who are responsible
28:07
for manufacturing or developing those products.
28:10
We have a great track record of that,
28:13
and we're actually working on a proposal right now
28:14
to be transparent and to
publish transparency reports
28:16
in the same way that the Internet companies
28:20
are being allowed to publish
transparency reports for them.
28:22
We want to be more transparent about that.
28:26
So again, we eat our own dog food.
28:28
We use the standards, we use the products
28:31
that we recommend,
28:34
and so it's in our interest
28:36
to keep our communications protected
28:39
in the same way that other people's need to be.
28:41
CA: Edward Snowden,
28:45
when, after his talk, was wandering the halls here
28:48
in the bot,
28:53
and I heard him say to a couple of people,
28:54
they asked him about what he thought
28:56
of the NSA overall,
28:58
and he was very complimentary about the people
28:59
who work with you,
29:02
said that it's a really
29:04
impassioned group of employees
29:08
who are seeking to do the right thing,
29:10
and that the problems have come from
29:12
just some badly conceived policies.
29:15
He came over certainly very reasonably and calmly.
29:19
He didn't come over like a crazy man.
29:23
Would you accept that at least,
29:25
even if you disagree with how he did it,
29:27
that he has opened a debate that matters?
29:30
RL: So I think that the discussion
29:34
is an important one to have.
29:37
I do not like the way that he did it.
29:38
I think there were a number of other ways
29:42
that he could have done that
29:44
that would have not endangered our people
29:45
and the people of other nations
29:49
through losing visibility
29:51
into what our adversaries are doing.
29:53
But I do think it's an important conversation.
29:56
CA: It's been reported that there's
29:59
almost a difference of opinion
30:00
with you and your colleagues
30:02
over any scenario in which
30:04
he might be offered an amnesty deal.
30:06
I think your boss, General Keith Alexander,
30:09
has said that that would be a terrible example
30:11
for others;
30:13
you can't negotiate with someone
30:15
who's broken the law in that way.
30:16
But you've been quoted as saying that,
30:18
if Snowden could prove that he was surrendering
30:20
all undisclosed documents,
30:24
that a deal maybe should be considered.
30:25
Do you still think that?
30:28
RL: Yeah, so actually,
30:31
this is my favorite thing about
that "60 Minutes" interview
30:32
was all the misquotes that came from that.
30:35
What I actually said, in
response to a question about,
30:36
would you entertain any discussions
30:39
of mitigating action against Snowden,
30:41
I said, yeah, it's worth a conversation.
30:47
This is something that the attorney general
30:49
of the United States and the president also
30:51
actually have both talked about this,
30:53
and I defer to the attorney general,
30:54
because this is his lane.
30:56
But there is a strong tradition
30:57
in American jurisprudence
31:00
of having discussions with people
31:03
who have been charged with crimes in order to,
31:08
if it benefits the government,
31:09
to get something out of that,
31:11
that there's always room for that kind of discussion.
31:13
So I'm not presupposing any outcome,
31:16
but there is always room for discussion.
31:18
CA: To a lay person it seems like
31:21
he has certain things to offer the U.S.,
31:23
the government, you, others,
31:26
in terms of putting things right
31:28
and helping figure out a smarter policy,
31:30
a smarter way forward for the future.
31:32
Do you see, has that kind of possibility
31:38
been entertained at all?
31:40
RL: So that's out of my lane.
31:43
That's not an NSA thing.
31:44
That would be a Department of Justice
31:46
sort of discussion.
31:48
I'll defer to them.
31:51
CA: Rick, when Ed Snowden ended his talk,
31:54
I offered him the chance to
share an idea worth spreading.
31:57
What would be your idea worth spreading
32:01
for this group?
32:02
RL: So I think, learn the facts.
32:05
This is a really important conversation,
32:07
and it impacts, it's not just NSA,
32:09
it's not just the government,
32:11
it's you, it's the Internet companies.
32:12
The issue of privacy and personal data
32:15
is much bigger than just the government,
32:18
and so learn the facts.
32:20
Don't rely on headlines,
32:22
don't rely on sound bites,
32:24
don't rely on one-sided conversations.
32:25
So that's the idea, I think, worth spreading.
32:28
We have a sign, a badge tab,
32:31
we wear badges at work with lanyards,
32:34
and if I could make a plug,
32:36
my badge lanyard at work says, "Dallas Cowboys."
32:38
Go Dallas.
32:40
I've just alienated half the audience, I know.
32:44
So the lanyard that our people
32:46
who work in the organization
32:50
that does our crypto-analytic work
32:52
have a tab that says, "Look at the data."
32:55
So that's the idea worth spreading.
32:57
Look at the data.
32:58
CA: Rick, it took a certain amount of courage,
33:00
I think, actually, to come and speak openly
33:03
to this group.
33:06
It's not something the NSA
has done a lot of in the past,
33:07
and plus the technology has been challenging.
33:10
We truly appreciate you doing that
33:13
and sharing in this very important conversation.
33:15
Thank you so much.
33:17
RL: Thanks, Chris.
33:19
(Applause)
33:21

sponsored links

Richard Ledgett - Deputy director, NSA
Richard Ledgett is deputy director and senior civilian leader of the National Security Agency. He acts as the agency’s chief operating officer, responsible for guiding and directing studies, operations and policy.

Why you should listen

Richard Ledgett began his NSA career in 1988 and has served in operational, management, and technical leadership positions at the branch, division, office, and group levels. Now, think of him as the COO of the NSA, guiding and directing studies, operations and policy. From 2012 to 2013 he was the Director of the NSA/CSS Threat Operations Center, responsible for round-the-clock cryptologic activities to discover and counter adversary cyber efforts. Prior to NTOC he served in several positions from 2010 to 2012 in the Office of the Director of National Intelligence in both the collection and cyber mission areas. He was the first National Intelligence Manager for Cyber, serving as principal advisor to the Director of National Intelligence on all cyber matters, leading development of the Unified Intelligence Strategy for Cyber, and coordinating cyber activities across the Intelligence Community (IC). Previous positions at NSA include Deputy Director for Analysis and Production (2009-2010), Deputy Director for Data Acquisition (2006-2009), Assistant Deputy Director for Data Acquisition (2005-2006), and Chief, NSA/CSS Pacific (2002-2005). He also served in a joint IC operational activity, and as an instructor and course developer at the National Cryptologic School.

He led the NSA Media Leaks Task Force from June 2013 to January 2014, and was responsible for integrating and overseeing the totality of NSA’s efforts surrounding the unauthorized disclosures of classified information by a former NSA affiliate.

sponsored links

If you need translations, you can install "Google Translate" extension into your Chrome Browser.
Furthermore, you can change playback rate by installing "Video Speed Controller" extension.

Data provided by TED.

This website is owned and operated by Tokyo English Network.
The developer's blog is here.