Where Is the Investigation Into Financial Corruption at the NSA?

stop spy

Earlier this year, when Keith Alexander resigned as head of the National Security Agency, he began trying to cash in on expertise he’d gained while in government, pitching himself as a security consultant who could protect Wall Street banks and other large corporations from cyber-attacks by hackers or foreign governments. Early reports focused on the eye-popping price tag for his services: He reportedly asked for $1 million a month, later decreasing his rate to $600,000.

“I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods,” Representative Alan Grayson wrote in a letter to banking trade groups that retained him. “Without the classified information that he acquired in his former position, he literally would have nothing to offer to you.”

What, exactly, was he selling?

The explanation Alexander offered in an interview with Foreign Policy only raised more questions. In his telling, the value of his consulting services was explained by “a patented and ‘unique’ approach to detecting malicious hackers and cyber-intruders that the retired Army general said he has invented, along with his business partners at IronNet Cybersecurity Inc., the company he co-founded after leaving the government and retiring from military service in March.” He revealed his company’s plans to file at least nine patents “for a system to detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network in order to steal secrets or damage the network.”

In government, Alexander had publicized and inveighed against just these sorts of threats, claiming that they were already responsible for the greatest transfer of wealth in human history. He oversaw a workforce that studied cyber-attacks and cyber-defenses, often drawing on highly classified or privileged information. So it struck many observers as suspicious that, immediately upon retiring, he suddenly had a dramatically better solution to a pressing national-security problem, one he never introduced while in government but planned to patent and sell. Had he withheld a valuable security solution to profit from it later? Were the novel approaches he intended to patent developed on the public dime? Alexander claimed that his part of the relevant work was done in his spare time, while other cyber-defense solutions were developed by his partner outside government.

No one could prove that those explanations were lies.

But they smelled fishy, especially because even as Alexander created the appearance of multiple improprieties as he entered the private sector, the NSA refused to release the statements of financial conflicts of interest that he’d filed as a federal employee. Indeed, the NSA refused to release the financial-conflict forms of any of its employees, despite the fact that they were required by public-records laws to do so. Their legal position was partly that releasing these records would harm national security. Investigative journalist Jason Leopold sued to challenge those claims. His victory—the NSA backed down before the case even went to court—showed both the legal indefensibility of withholding those public records and the blatant dishonesty of the claim that their release would harm national security: As you can see for yourself, contra the NSA’s assurances, nothing in the documents that the NSA has now turned over plausibly threatens national security.

What the documents do reveal, beyond the fact that NSA administrators are willing to mislead the public and the press, is that Alexander had even more potential conflicts of interest than were known..

Read more