Keith Alexander is trying to explain himself. The former director of the NSA stoked astonishment when reports surfaced that he would ask from $600,000 to as much as $1 million per month as a cybersecurity consultant. What could make him so valuable, save the highly classified secrets in his head? A congressman went so far as to speculate that he'd be selling state secrets. But it isn't so, Alexander says. In an interview with Foreign Policy, he offers a new accounting:
The answer, Alexander said in an interview Monday, is a new technology, based on a patented and "unique" approach to detecting malicious hackers and cyber-intruders that the retired Army general said he has invented, along with his business partners at IronNet Cybersecurity Inc., the company he co-founded after leaving the government and retiring from military service in March. But the technology is also directly informed by the years of experience Alexander has had tracking hackers, and the insights he gained from classified operations as the director of the NSA, which give him a rare competitive advantage over the many firms competing for a share of the cybersecurity market.
Details on the "unique approach" are thin, but it wouldn't surprise me if Freedom of Information Act requests are already being prepared to send to the U.S. Patent Office:
Alexander said he'll file at least nine patents, and possibly more, for a system to detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network in order to steal secrets or damage the network itself.
As FP notes, these are the sorts of "cyberattacks" that Alexander harped on while in government, claiming they already represented "the greatest transfer of wealth in American history."
Let's mull that over. While responsible for countering cybersecurity threats to America, Alexander presides over what he characterizes as staggering cyber-thefts and hugely worrisome security vulnerabilities. After many years, he retires. And immediately, he has a dramatically better solution to this pressing national-security problem, one he never implemented in government but plans to patent and sell!
FP's Shane Harris talked to some lawyers and reports:
Alexander is believed to be the first ex-director of the NSA to file patents on technology that's directly related to the job he had in government. He said that he had spoken to lawyers at the NSA, and privately, to ensure that his new patents were "ironclad" and didn't rely on any work that he'd done for the agency—which still holds the intellectual property rights to other technology Alexander invented while he ran the agency.
Alexander is on firm legal ground so long as he can demonstrate that his invention is original and sufficiently distinct from any other patented technologies. Government employees are allowed to retain the patents for technology they invent while working in public service, but only under certain conditions, patent lawyers said. If an NSA employee's job, for instance, is to research and develop new cybersecurity technologies or techniques, then the government would likely retain any patent, because the invention was directly related to the employee's job. However, if the employee invented the technology on his own time and separate from his core duties, he might have a stronger argument to retain the exclusive rights to the patent.
This is an emperor-has-no-clothes moment. We're supposed to believe that Alexander went home and developed much of a million-dollar-per-month cybersecurity technology in his spare time, while doing two different demanding national-security jobs, without using NSA resources or classified information, in a way that was somehow separate from his core duties, which included a cyber-security portfolio?