Former NSA Director Keith Alexander says his services warrant a fee of up to a million dollars, due to a cyber-surveillance technique he and his partners at his new security firm IronNet Cybersecurity have developed, Foreign Policyreported on Tuesday. The claim follows reporting earlier this month that Alexander is slated to head a 'cyber-war council' backed by Wall Street.
Alexander claims that the new technology is different from anything the NSA has done as it uses "behavioral models" to predict hackers' actions ahead of time.
In his article, "The NSA's Cyber-King Goes Corporate," Foreign Policy journalist Shane Harris says that Alexander stated that IronNet has already signed contracts with three separate companies, although Alexander declined to name them. He plans on filing at least nine patents for the technology and finishing the testing phase of it by the end of September.
While it's not uncommon for former government employees to be granted patents for their inventions, Alexander is thought to be the first ex-NSA director to apply for patents "directly related to the job he had in government," said Harris.
"Alexander is on firm legal ground so long as he can demonstrate that his invention is original and sufficiently distinct from any other patented technologies," according to Harris. Therefore when he files the patents, if he can prove that he "invented the technology on his own time and separate from his core duties, he might have a stronger argument to retain the exclusive rights to the patent."
According to critics, Alexander's very experience as the NSA director has informed his move to the corporate sector--whether or not he developed the technology independently--and that in itself is cause for alarm and a possible investigation.
"Alexander stands to profit directly off of his taxpayer-funded experience, and may do so with a competitive advantage over other competing private firms," Carl Franzen pointed out at The Verge.
"Is it ethical for an NSA chief to pursue patents on technologies directly related to their work running the agency?" wrote Xeni Jardin of boingboing. "Will the Justice Department investigate? Don't hold your breath."
Journalist Dan Froomkin of The Intercept weighed in on Twitter:
As independent journalist Marcy Wheeler pointed out on her blog, there are a multitude of questions still remaining concerning the legality of Alexander's services, that are unrelated to the issue of patent legality. Among those she poses this:
with Alexander out of his NSA, where will he and his profitable partners get the data they need to model threats? How much of this model will depend on the Cyber Information sharing plan that Alexander has demanded for years? How much will Alexander's privatized solutions to the problem he couldn't solve at NSA depend on access to all the information the government has, along with immunity?
To what degree is CISA about making Keith Alexander rich?
The NSA's own actions under Alexander seem to have laid the groundwork for the exact cyber-defense market the retired general is now looking to exploit.
When Alexander first addressed Securities Industry and Financial Markets Association shortly after his retirement in March, company executives were apparently most interested in learning about destructive programs such as Wiper, which the U.S. government has claimed was used in cyber-attacks originating in North Korea and Iran.
Harris says the singling out of programs like Wiper is "a supreme irony" in the eyes of many computer security experts, who say that it is nothing more than "a cousin of the notorious Stuxnet virus, which was built by the NSA -- while Alexander was in charge -- in cooperation with Israeli intelligence."