It's Time to Break Up the NSA (2014)

I think an even better argument for breaking up the NSA is that there's a fourth category of work they (should) do that's totally unrelated to surveillance and that I'd classify as "very good:" actively working to secure the communications of US government and companies against the NSA-equivalents of other nation-states and rogue actors. Having this is on the same list as encryption sabotage is a recipe for mismanagement and bad policy.

I don&#x27;t understand why society thinks that certain things can be contained, while certain other things cannot be.<p>The liberals will always be telling you that the drug war is a failure, and that drug users will be able to get their hands on drugs anyway, and we should embrace that fact so we can retain some level of control, and so otherwise innocent people don&#x27;t have to interact with criminals. But guns on the other hand...<p>The conservatives will always be telling you that guns can&#x27;t be controlled-- that criminals will get their hands on guns anyway and will conceal carry all the time, and that we&#x27;re better off keeping them legal so we can retain some level of control, and so that innocent people don&#x27;t have to be at a disadvantage to criminals. But drugs on the other hand...<p>I take this a level further: There&#x27;s no containing cryptography. The people that are on tor looking at child pornography are protected. The people that are on tor plotting terrorist activities are also protected. The only people not protected are people that don&#x27;t care or don&#x27;t know, and they&#x27;re not the people that are worth spying on in the first place.<p>The NSA internet data collection is perhaps the most frivolous government program in the history of the United States. We&#x27;ve spent god knows how much money building their Utah data center, and it will be useless as soon as the tech community starts encrypting. [1]<p>[1]: letsencrypt.org

<i>Second, all surveillance of Americans should be moved to the FBI.<p>The FBI is charged with counterterrorism in the United States, and it needs to play that role. Any operations focused against U.S. citizens need to be subject to U.S. law, and the FBI is the best place to apply that law.</i><p>No no <i>no</i> a thousand times <i>no</i>.<p>One of the only saving graces about the massive surveillance from the NSA is that, I&#x27;m willing to wager, very little of it at all has made it over to where it could be used to oppress the citizens directly.<p>Bruce&#x27;s claim that &quot;FBI is charged with counterterrorism&quot; means that they are also charged (along with DEA, ATFE, etc.) with the application of undue force on citizens--something we&#x27;ve been only somewhat spared from because of the difficulty they have in collecting information.<p>Turning over to them that capability--or even the just the current stockpile and archives of information!--would be a gigantic blow against freedom.

&quot;Actively attacking enemy networks is an offensive military operation, and should be part of an offensive military unit.&quot;<p>Key word here is <i>offensive military unit</i>, like a bomber squad or tank devision. You should not send out this kind of units to allies, neutral states or neighbors, not matter how &quot;valuable&quot; it would be in trade negotiations. Its to the benefit of all that on-line communication is restored to peace, rather than a free-for-all combat zone.<p>Of the 3 changes suggested by Schneier, this I feel is the most important change that internationally need to happen. Since NSA is the biggest offender here, fixing that actor would encourage other nations to do the same.

the NSA&#x27;s surveillance is an unprecedented power grab. add Moore&#x27;s Law to the mix, let that policy sit for 20 years, and what kind of power do they have? they can predict everything, they can track everything, they have no oversight - what they&#x27;re doing is setting themselves up to completely replace the government in 2035.<p>hopefully, that&#x27;s not deliberate. hopefully, they&#x27;re just that naively convinced of their own goodness. but that&#x27;s what they&#x27;re doing.<p>the NSA&#x27;s unconstitutional surveillance is a total disgrace, a national shame, a total failure to uphold the Constitution. that&#x27;s the GOOD news. that&#x27;s what it is today. add Moore&#x27;s Law and 20 years, it&#x27;s going to be something much worse.<p>(shoutout to everyone who was on Hacker News back when mentioning how Moore&#x27;s Law ties into this would be worth an upvote.)

This reminds me a little of the breakup of the Atomic Energy Commission. The AEC was supposed regulate and promote nuclear energy. This conflict of interest was recognized in the 70s and it was split into the Nuclear Regulatory Commission and ERDA (which soon became the DOE).

Bruce makes a good point here. There is a balance between the COMSEC and SIGINT. Any advance you make in SIGINT is a failure of COMSEC and vice versa. The issue is then the &#x27;viruses&#x27; of our internet ecosystem, the hackers and state level threats. How do you balance the two? Will the nature of the system self-balance as threats are discovered and then bandaged?<p>Still, good job not just demonizing the NSA, they serve a purpose in the game of international relations, one that the free world may not like, but that we all need.

Regarding NSA and CIA, what do they have to do to get shut down completely? Do we wait until genocide? It doesn&#x27;t seem like a re-org is the proper response to institutionalized torture, semi-automated assassination campaigns, and creation of a panopticon.

Imagine if the Centers for Disease Control, instead of researching cures for diseases, had a budget in the billions for buying weaponized viruses and bacteria, and was subverting disease prevention. Nobody would stand for that. It would be poisoning health care worldwide.<p>As another commenter pointed out here: <i>&quot;Can we just flip their budget over to making sure US companies are secure?&quot;</i> That is, of course, what should be done. We get the results we spend money on. If the NSA&#x27;s budget were spent on making security easy and routine, we would have easy and routine security. But that&#x27;s not how we express our intentions with the budget right now.

The NSA is probably the worst-case of the general public not trusting government institutions. However, it seems that government has lost trust across all functions, despite only marginal increase in corruption. Is new, faster communication just making us more acutely away of the corruption that inevitably happens? I don&#x27;t think it&#x27;s bad to be aware, but we really need to learn to scale our response. A program can have a % of corruption and still achieve success. Also, I wonder whether mistrust of institutions stems from the record wealth disparity. In general, institutions seem much less trustworthy when a small percentage of people can disproportionately influence them.

Is it possible to hold the position that the NSA should be conducting signals intelligence, data collection, and code-breaking (and yes, email snooping) -- yet at the same time hold the position that the blatantly malicious activities: 0day exploits, software and hardware backdooring, etc should not be allowed?<p>Why commit ourselves to a massive overhaul of the entire NSA when we can address the actual problem here with some granularity and minimal cost yielding an impact almost all of us would enjoy?

Read &quot;The Puzzle Palace&quot; and find out why the NSA is structured like it is. The US gov has been re-orging the NSA and factions inside the gov have been fighting over its control since its inception. To use an annoyingly beat to death phrase: we haven&#x27;t seen its final form yet.<p>Actually a pretty good article overall, but these two lines bother me greatly:<p><pre><code> &gt; &quot;What was supposed to be a single agency with a dual mission—protecting the security of U.S. communications and eavesdropping on the communications of our enemies&quot; </code></pre> That was never the mission and is not the mission of any similar org in the past 100+ years. It is to eavesdrop on everyone, including ones allies. The Brits were eavesdropping on everyone&#x27;s telegrams over 100 years ago. This isn&#x27;t something new.<p><pre><code> &gt; &quot;The result is an agency that prioritizes intelligence gathering over security&quot; </code></pre> Again, that is the #1 goal of the NSA and other similar organizations. Security never has and never will be its #1 goal.

&quot;collecting data on innocent Americans either incidentally or deliberately, and data on foreign citizens indiscriminately. It doesn&#x27;t make us any safer, and it is liable to be abused. &quot;<p>If you are collecting data in order to analyze and identify threats to national security, how would you possibly exclude &quot;the innocent&quot; beforehand? These people are not innocent as much as they aren&#x27;t guilty - however blinding oneself to observation seems like a knee-jerk alternative.<p>If these practices are &quot;liable to be abused&quot; isn&#x27;t the solution proper oversight or accountability and not to shut down the entire program?

I would rather not agree with this &quot;Break up the NSA&quot; thing. I do follow the public opinion that its surveillance is wrong, but this is not the fix.<p>NSA is a organization, a empty shell without its people. If the people are not going to change their mindset in short-term (social change in mentality), it means that law has to be changed in short-term, so that very mentality gets more time to change.<p>But this is where I must contradict myself, does these people who are benefiting from such &quot;Its abuse, not use of power&quot; deserve such a delay? Given that for every second the situation remains the same, countless bottom-of-pyramid-people across the globe would keep suffering? Or have we become TOO used to looking away?<p>Also, a very important question is, that &#x27;has NSA&#x27;s Information Collection System become such a tool, where bulk of Americans are used to collect data on Bulk of Americans, and put that in the hands of Few, who then abuse it?&#x27; Or NSA has more to it than just the empty shell called: &quot;Interest&quot;.<p>As Voltaire said: &quot;You must ask, whether it is &#x27;Just Interest&#x27; or &#x27;National Interest&#x27;. &quot;<p>A supporting question is, who is the Nation anyway? A few or all? Abraham Lincoln ought to be right here. But, fast forward 200 years, It is also important to question, whether &quot;Nations&quot; especially the idea of &quot;America&quot; stands as it is, given the fact that it is America itself that pushed for a &quot;Globalized World&quot; and still does.

It&#x27;s easy to casually propose such things, on a blog, while lobbing the same tired criticisms about over-zealous intelligence gathering programs. But to actually implement such grand, sweeping measures would require resources that don&#x27;t justify the benefits. Just scale back and increase oversight on troubling programs, and otherwise let the NSA do its critical job as an intelligence gathering agency.

What about the problem of distinguishing domestic vs foreign communications? NSA already minimizes American information, plus FBI doesn&#x27;t have authority to track who called to or from the US to a foreign nation like Pakistan from what I understand, so no phone meta data. The NSA may be too big but I haven&#x27;t seen anyone bring an actual technical solution for setting the boundaries and so forth.

Oh oh, looks they got to him. Link is now returning a 403:<p>Forbidden<p>You don&#x27;t have permission to access &#x2F;essays&#x2F;archives&#x2F;2014&#x2F;02&#x2F;its_time_to_break_up.html on this server. Apache Server at www.schneier.com Port 443

Can we just flip their budget over to making sure US companies are secure?

I&#x27;m not sure this addresses the problem vs. just moving it to another agency.<p>Would it be better for the FBI to be doing these things than the NSA? Or should we be instead fighting that they&#x27;re done at all?

Note that this is from 2014, but it is more relevant than ever.

I&#x27;m thankful to live in a country where we have the freedom to publish this kind of thing. (That said, I think that freedom will no last too much longer.)

Sadly the voices of reason like Bruce will be yelled over by the voices of &quot;terrorism everywhere&quot;.

<a href="http://defundthensa.com/" rel="nofollow">http:&#x2F;&#x2F;defundthensa.com&#x2F;</a>

It just seems that you can do anything on paper but covert agreements between the agencies after break up will still occur.

Looks like the NSA penalty in article titles is still active? This one dropped fast.

To me, it&#x27;s pretty obvious that the supposedly &quot;dual&quot; mission of NSA, that of both anti-terrorism and cybersecurity, are completely incompatible. They are at the extreme ends of the spectrum.<p>One seems to need the abolishing of (true) secure systems and privacy (although, so far there is no evidence that mass surveillance actually helps thwart terrorist plots - and it may never be able to do so [1] [2]), and the other is <i>supposed</i> to be about having super-secure systems and strong encryption.<p>However, since the NSA is in charge of both, it seems the anti-terrorism side has won, and it now causes the NSA to make <i>terrible cyber-policy</i>.<p>To Schneier&#x27;s new post, I believe the EU is already getting ready to propose that a <i>civil agency</i> (not one that is run in secret) should be in charge of cybersecurity in EU nations. Although, I think the NSA is working hard to convince EU spy agencies to push legislation that makes <i>them</i> responsible for cybersecurity, at least in some EU countries that are more easily &quot;persuaded&quot;.<p>EDIT: So I actually disagree with Scheneir here. I see no reason why a <i>secretive unaccountable agency</i> should be in charge of cybersecurity. Why should it be a state secret that a hacker hacked into a US company? Just because the NSA has the &quot;expertise&quot; in cybersecurity? If you want to keep the experts, fine, but then turn the NSA into a civil agency.<p>I agree with his suggestion that surveillance (not <i>mass</i> surveillance, though - that should be banned for all agencies) should only be the domain of FBI.<p>To recap:<p>1) Cybersecurity = civil agency<p>2) Surveillance of local citizens = civil agency (FBI in US, I guess. Mind you, this is what already happens, when referring to targeted surveillance, so the real proposal here is that the NSA or anyone else shouldn&#x27;t be spying on local citizens, too - only the FBI and with warrants. This is not, or should not be about giving the FBI &quot;mass surveillance powers&quot;. If that&#x27;s what Schneier is proposing, then I completely disagree with this, too)<p>3) Cyber-<i>offense</i>&#x2F;cyber-<i>war</i> = military&#x2F;Pentagon&#x2F;whatever<p>4) I&#x27;m unsure whether we need another agency for spying on &quot;world leaders&quot;, but right now I&#x27;m strongly inclined to give this one to the military too. Also, it would be best if this wasn&#x27;t actually targeted at <i>allies</i> (like Merkel), but actual rival (Russia) or rival-like (China) countries. I think it&#x27;s just good foreign policy not to do nasty stuff to your allies, just to be slightly &quot;ahead&quot; in negotiations.<p>[1] - <a href="https://www.schneier.com/blog/archives/2006/03/data_mining_for.html" rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2006&#x2F;03&#x2F;data_mining_f...</a><p>[2] - <a href="https://www.schneier.com/blog/archives/2006/07/terrorists_data.html" rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2006&#x2F;07&#x2F;terrorists_da...</a>

The (dollar) cost of the NSA makes us less secure.

FYI: This is from 1 year ago.

Interesting, but I doubt it would go far in helping anything. You can&#x27;t cut and disperse the cancer growing inside of the US Government and expect anything to be solved or fixed, it needs to be uprooted and burned. Would any of this address secret courts, police brutality, domestic propaganda, or corruption? It&#x27;ll have to be all at once, otherwise it&#x27;s just rearranging the furniture in our cell.