Former NSA Chief Keith Alexander Is Profiting on Cybersecurity. But Is It Legal?

Keith Alexander

Photo by Win McNamee/Getty Images

In his review of This Town, Mark Leibovich’s account of the machinations of Washington, D.C., Frank Rich noted that in 2008, Obama said, “When I am president, I will start by closing the revolving door in the White House that’s allowed people to use their administration job as a stepping-stone to further their lobbying careers.” Perhaps he should have extended the hard word to ex-apparatchiks going into security consulting?

When Keith Alexander, the director of the National Security Agency and head of the U.S. Cyber Command, announced he was retiring in 2013 and almost immediately added that he was going into cybersecurity consulting, no one was particularly shocked. Exiting administration officials moving to the private sector and monetizing the connections and knowledge they gained during their government days is unsavory, perhaps, but far from unusual. Eyes did water at the amount Alexander was purported to be asking for his advice, though—$1 million per month.

So, what does $1 million get you? Well, it’s still not entirely clear. In a recent interview with Foreign Policy’s Shane Harris (disclosure: Harris is a fellow at New America, which is a partner of Future Tense) Alexander said the company he co-founded, IronNet Cybersecurity Inc., will use an innovative approach to countering hackers. He told Harris that it employed “behavioral models” to take out hackers as they plan their attacks, rather than trying to catch them in the act. However, a national security expert Harris spoke with said that the behavioral model “is highly speculative and has never been used successfully.”

What’s sure to raise eyebrows even higher is Alexander’s announcement that he’ll be filing at least nine patents for this technology. Patents that you might presume were invented off the back of the intimate knowledge of cyber-attacks and potential cyber-threats that Alexander was exposed to during his almost nine years as director of the NSA. When asked why he didn’t implement this super-special hacker-catching method when running what is likely the world’s largest cyber-security body, Alexander told Harris that the key “aha” moment came from one of his new, unnamed business partners.

Back when Bloomberg announced that Alexander was asking a cool $1 million per month (later, the amount was said to drop to $600,000) to help banks and other firms keep their data safe, concerns were raised that the former director was capitalizing off his intimacy with classified information. At the time, Rep. Alan Grayson wrote a scathing letter to the Financial Services Roundtable and other bodies to whom Alexander was said to have offered his services, asking them to disclose their negotiations so that Congress could consider whether the former director was selling classified military and cybersecurity secrets:

Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony. I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer you.

Alexander maintains that he has spoken with his own attorneys as well as lawyers at the NSA to ensure that his patents don’t come too close to work he did while heading the body. And government employees can own patents, apparently, as long as they aren’t related to the work they were employed to do, and if they were invented on their own time.

But as Harris notes, “Alexander started his company almost immediately after stepping down from the NSA. As for how much the highly classified knowledge in his head influenced his latest creation, only Alexander knows.”

We may soon find out just how much it’s worth to be the guy who once ran America’s mega-security operation—the NSA is being sued by journalist Jason Leopold for refusing to give him access to Alexander’s financial disclosure records. Records that should be publically available, Conor Friedersdorf argues in the Atlantic, unless President Obama himself considers that they would reveal information that would compromise the national interest.

Despite the legal and moral murkiness of Alexander’s quick dive into the world of private practice and pricy retainers, with barely a breath between that and his former government duties, employing the man who was in charge of the United States’ digital defenses is a chance the big banks, and other companies who have sensitive data to lose, have found hard to pass up. The Securities Industry and Financial Markets Association, a Wall Street trade group, for example, has retained Alexander to play a key role in a proposed “government-industry cyber war council,” the Washington Post and Bloomberg reported. Alexander also apparently roped in a fellow traveler on the government-to-consulting merry go round, Michael Chertoff, the former U.S. Secretary of Homeland Security, to help with the effort.

Perhaps we shouldn’t be so quick to judge Alexander’s steep fee. After all, while at the NSA, Alexander spent many long years bulk collecting phone and email records, now said to have “had no discernible impact on preventing acts of terrorism.” Should we begrudge this man a dollar now he’s out? Or $1 million of them?