
It's Time to Break Up the NSA (2014) - dyoder
https://www.schneier.com/essays/archives/2014/02/its_time_to_break_up.html
======
3JPLW
I think an even better argument for breaking up the NSA is that there's a
fourth category of work they (should) do that's totally unrelated to
surveillance and that I'd classify as "very good:" actively working to secure
the communications of US government and companies against the NSA-equivalents
of other nation-states and rogue actors. Having this is on the same list as
encryption sabotage is a recipe for mismanagement and bad policy.

~~~
derefr
Yes. Imagine if the NSA were tasked with being a gatekeeper for data privacy
and integrity that large companies like Facebook had to work with any time
they pushed an update that sent data somewhere new, in the same way that the
FDA verifies safety and efficacy of pharmaceuticals when they're applied to a
new problem-domain. (I know that sounds almost satirically over-the-top, but
it _could_ work—if it were limited to companies [and branches of government]
that were handling enough user data that, say, identity fraud attacks would be
made possible just by having it. And any system where the government itself
has specified the data-integrity requirements: voting terminals, library
checkout systems, etc.)

Come to think of it, this NSA would probably also be responsible for chasing
down companies who ask you for your SSN, wouldn't it?

They could also offer free pen-testing services (presumably through their
defense subcontractors; they wouldn't have to employ any whitehats themselves)
for small businesses who can't afford pen-testers, like a specialized form of
industrial-development grant.

And, of course, they could also do the only legitimate/legal "active no-
advance-notice" pen-testing for infrastructure they're concerned about (ISPs,
hosts like AWS, etc.), converting taxpayer dollars directly into those "eyes
that make bugs shallow."

Effectively, the NSA are to our sovereign data boundaries as the coast guard
is to (most of) our physical ones. Since that's the case—where's our
Lighthouse Service?

~~~
beambot
> ...any time they pushed an update that sent data somewhere new...

So you think making the NSA (or any govt agency) the gatekeeper for all data,
public and private, would be a good idea? As if there's _no way_ that could be
abused? No thanks.

~~~
derefr
The data wouldn't go through them, nor would they be responsible for auditing
the algorithms themselves. The comparison with the FDA was exact: they would
simply require the company to execute a study proving (to peer review) the
data-integrity of each change they were going to make.

The one interesting thing is that this would likely enforce an open-core-SOA
software development model: companies would be incentivized to build a "trust
kernel" of services that the government regs apply to, exposing an API with
stringent access controls; and then a view layer that consumes that API, which
can have whatever sloppy code they wish. The trust kernel would then have to
be at least shared-source to enable the peer review necessary for study. (The
company couldn't just pass the code around within a cabal of trusted peer
companies, since those peers might be unfairly positively-biased.)

~~~
convivialdingo
That's fairly analogous to the current NIST regulations.

Unfortunately, NIST has been dragging 140-3 in draft form on for years. 140-2
was written in the 1980's and reflects very badly on current hardware and
software practices.

Another area you could look into is Common Criteria. I find these
certifications to be much more modern.

I've taken products through both processes. If you're going for more than the
basic levels they can be quite rigorous and thorough.

------
nickysielicki
I don't understand why society thinks that certain things can be contained,
while certain other things cannot be.

The liberals will always be telling you that the drug war is a failure, and
that drug users will be able to get their hands on drugs anyway, and we should
embrace that fact so we can retain some level of control, and so otherwise
innocent people don't have to interact with criminals. But guns on the other
hand...

The conservatives will always be telling you that guns can't be controlled--
that criminals will get their hands on guns anyway and will conceal carry all
the time, and that we're better off keeping them legal so we can retain some
level of control, and so that innocent people don't have to be at a
disadvantage to criminals. But drugs on the other hand...

I take this a level further: There's no containing cryptography. The people
that are on tor looking at child pornography are protected. The people that
are on tor plotting terrorist activities are also protected. The only people
not protected are people that don't care or don't know, and they're not the
people that are worth spying on in the first place.

The NSA internet data collection is perhaps the most frivolous government
program in the history of the United States. We've spent god knows how much
money building their Utah data center, and it will be useless as soon as the
tech community starts encrypting. [1]

[1]: letsencrypt.org

~~~
lkbm
People being inconvenient in pushing for social change are insufficiently
protected. The CIA spied on MLK Jr., discovered he was having affairs, and
used that to try to blackmail him into committing suicide. If he had, that
would have been a major loss to society.

And now we have reports of the NSA developing dossiers of minor crimes and
non-crimes of inconvenient people's behaviors for future use in discrediting
them.

Is your suggestion that anyone who is (or may in the future) choose to be
politically inconvenient should use strong encryption for everything even
slightly unpopular they may do?

We can't contain cryptography, but neither can we depend on it being
universally and effectively applied.

~~~
ripb
>The CIA spied on MLK Jr., discovered he was having affairs, and used that to
try to blackmail him into committing suicide.

Have you got any more on this? Would be interested to read.

~~~
jellicle
This story covers it. FBI, not CIA.

[http://www.nytimes.com/2014/11/16/magazine/what-an-
uncensore...](http://www.nytimes.com/2014/11/16/magazine/what-an-uncensored-
letter-to-mlk-reveals.html)

~~~
ripb
Wow, great read. Very frightening, especially when one considers what they
could be at today.

~~~
WickyNilliams
Even more so when you consider the kind of dossier they had on him, they now
have on everyone, _by default_

------
angersock
_Second, all surveillance of Americans should be moved to the FBI.

The FBI is charged with counterterrorism in the United States, and it needs to
play that role. Any operations focused against U.S. citizens need to be
subject to U.S. law, and the FBI is the best place to apply that law._

No no _no_ a thousand times _no_.

One of the only saving graces about the massive surveillance from the NSA is
that, I'm willing to wager, very little of it at all has made it over to where
it could be used to oppress the citizens directly.

Bruce's claim that "FBI is charged with counterterrorism" means that they are
also charged (along with DEA, ATFE, etc.) with the application of undue force
on citizens--something we've been only somewhat spared from because of the
difficulty they have in collecting information.

Turning over to them that capability--or even the just the current stockpile
and archives of information!--would be a gigantic blow against freedom.

~~~
edison_carter
But.. what about parallel construction? We know that the NSA is feeding tips
to, among others, the DEA and ATFE -- they're just pretending to find out
about criminal activity in other-than-blanket-surveilance ways. The practice
is so commonplace that the NSA has a special division for seeding the evidence
to other agencies, and there are indications that even state and local law
enforcement agencies are in on the fun.

~~~
randcraw
Exactly. Right now the NSA can escape all legal oversight because it has
historically operated physically outside the US and under military governance.
Since 9-11 and the Patriot Acts, BSA operations have moved inside the US. And
in concert with the sharing of intel across military and civilian, the NSA now
operates freely across all spaces. This was never intended by statute, and
virtually no oversight is in place to ensure 1) intel is gathered lawfully or
2) info is shared lawfully. Unlike the NSA, the FBI must operate wholly within
the US and state civilian court system, so its gathering and disbursing of
info is much more closely overseen and regulated.

It's also become very clear from their response to Snowden's revelations that
NSA is not going to get any closer oversight any time soon. The FBI and its
partners cannot hope to maintain a comparable cloak of invulnerability. To
Bruce's suggestion, I vote yea.

~~~
angersock
Here's your oversight:

[http://en.wikipedia.org/wiki/J._Edgar_Hoover](http://en.wikipedia.org/wiki/J._Edgar_Hoover)

 _Giving NSA powers (or archives) to the NSA is a really, really, really bad
idea._

The court system and legal system in the US these days is a joke and a farce--
just look at the number of cases that make it to trial. We can't afford to
give this sort of power over to any law enforcement agency.

------
belorn
"Actively attacking enemy networks is an offensive military operation, and
should be part of an offensive military unit."

Key word here is _offensive military unit_ , like a bomber squad or tank
devision. You should not send out this kind of units to allies, neutral states
or neighbors, not matter how "valuable" it would be in trade negotiations. Its
to the benefit of all that on-line communication is restored to peace, rather
than a free-for-all combat zone.

Of the 3 changes suggested by Schneier, this I feel is the most important
change that internationally need to happen. Since NSA is the biggest offender
here, fixing that actor would encourage other nations to do the same.

~~~
rhino369
But this sort of spying clearly isn't like ordering a bombing run on Berlin or
sending a tank division to capture Athens.

Spying isn't even a military operation, it is mostly diplomatic.

Spying has always been common even amongst allies. It is a form of hacked
transparency. Countries hide as much as they can.

~~~
amirmc
There's a distinction to be drawn between James Bond-style spying ("Humint" \-
which is the kind you're actually referring to) and the large-scale,
indiscriminate, archived, mass-surveillence of _otherwise ordinary people_
("Sigint" \- which is what we've learned about over the last couple of years).

~~~
rhino369
Sigint has been around signals signals were around.

The only reason I see a reason to distinguish is what the info collected is
being used to so America can blackmail German citizens, that is shitty. But if
we are just trying to collect information about Germany or people who just
happen to be in German who are people of interest? That is the NSA mission.

The real issue is the potential for abuse. But the US government has plenty of
stuff it could really abuse.

~~~
amirmc
> _"... who are people of interest?"_

I think you've missed the part where _everyone_ is now (effectively) a person
of interest.

~~~
rhino369
That is just not true. Sure, they are collecting some limited information on
every, but mostly because its harder to collect targeted information than to
just get it all.

So maybe the US has a record of every call made in Germany, but nobody is
tracking some random bus driver in Bavaria.

Right now there aren't is the manpower to actually look at even a tiny
fraction of what is collected.

I guess in the future, if an AI with human like ability is created, the actual
monitoring of every person could occur. But it just isn't a fear right now.

I'd call it psuedo-pirvacy.

------
tessierashpool
the NSA's surveillance is an unprecedented power grab. add Moore's Law to the
mix, let that policy sit for 20 years, and what kind of power do they have?
they can predict everything, they can track everything, they have no oversight
- what they're doing is setting themselves up to completely replace the
government in 2035.

hopefully, that's not deliberate. hopefully, they're just that naively
convinced of their own goodness. but that's what they're doing.

the NSA's unconstitutional surveillance is a total disgrace, a national shame,
a total failure to uphold the Constitution. that's the GOOD news. that's what
it is today. add Moore's Law and 20 years, it's going to be something much
worse.

(shoutout to everyone who was on Hacker News back when mentioning how Moore's
Law ties into this would be worth an upvote.)

~~~
cryoshon
Yeah, you hit the nail on the head.

Right now it's Orwellian and sophisticated-- if they have Amazon's level of
data crunching and prediction ability, they might be able to predict certain
things about you, and, on average, be more right than wrong.

Wait until they have 20 more years of data on you, and 20 more years of
advancing the quality of their algorithms and machine intelligences. You will
be owned, and your buttons will be pushed as necessary to maintain what has
already been built.

~~~
LLWM
And the same will be true of all the billions of people that you think are
making bad decisions today.

~~~
EdSharkey
This dragnet collection and _permanent storage_ of all movement and
communications data is not justifiable, though.

Fundamental risk assessment fail!

~~~
LLWM
As the cost of doing so diminishes, so does the requirement for justification.
These days, the only noticeable cost is psychological. IMO, sufficiently
justified by "we might need it one day".

Of course, 20 years ago, or even 5 years ago, that wouldn't have been true,
and that's the mindset most critics are coming from. That you need a really
strong reason to be doing some kind of mass data collection like this. I just
don't agree with that claim. If you _can_ do it, you'd be stupid not to.

------
acidburnNSA
This reminds me a little of the breakup of the Atomic Energy Commission. The
AEC was supposed regulate and promote nuclear energy. This conflict of
interest was recognized in the 70s and it was split into the Nuclear
Regulatory Commission and ERDA (which soon became the DOE).

~~~
peterwwillis
This reminds me of the surreal world of the stock market, where organizations
largely make their own rules and regulate and enforce them themselves.

In 1971, the National Association of Securities Dealers (NASD) gave birth to
NASDAQ, which became publicly traded in 2000, and then a national securities
exchange in 2006. NASDAQ wasn't really independent of NASD until 2000, so for
a while the same people who owned the exchange also regulated it.

The NYSE is much older and became a Not-for-Profit in 1971. In 2006 it merged
with ArcaEx and became a publicly owned for-profit, later merging with
Euronext in 2007 and acquiring AMEX in 2008.

Here's the weird thing: exchanges are supposed to self-regulate, with the SEC
basically just approving the rules they make for themselves. And the exchanges
kind of 'outsource' their regulation - but not all of it - and that's not all
that well defined anyway.

In 2007, NASD's and NYSE's regulatory and enforcement committees were merged
into a new organization, FINRA, which basically makes the rules their members
are supposed to abide by and enforces them in coordination with the SEC.

The SEC has been investigating exchanges since the "flash crash" of 2010, when
it was shown how completely fragile the market had become by large players
making very large trades, as well as new high-frequency automated trading.

In 2011, NYSE Euronext tried to merge with Deutsche Börse, which would have
become the largest stock market in the world by far. It actually passed US
antitrust investigation. But in 2012 the European Commission blocked the
merger as it would have created a 93% monopoly on European derivatives
trading. This doesn't have anything to do with the exchanges violating rules,
but it does show how without regulation, monopolies would be a virtual
certainty.

In 2012 NYSE was fined 5 million for giving data to its customers before the
public. In 2014 NYSE was fined 4.5 million when it was found to have violated
its own rules, or lacked rules it should have had.

Compare this to NASDAQ settling with the SEC for 10 million just for
mishandling Facebook's IPO in 2013. This is apparently because the SEC stopped
short of finding the NYSE's actions as felonies. And all of this is relatively
new, as exchanges historically were never legally scrutinized or punished for
their actions. (Their revenue is in the billions, so these fines are basically
just for show)

------
Balgair
Bruce makes a good point here. There is a balance between the COMSEC and
SIGINT. Any advance you make in SIGINT is a failure of COMSEC and vice versa.
The issue is then the 'viruses' of our internet ecosystem, the hackers and
state level threats. How do you balance the two? Will the nature of the system
self-balance as threats are discovered and then bandaged?

Still, good job not just demonizing the NSA, they serve a purpose in the game
of international relations, one that the free world may not like, but that we
all need.

~~~
canistr
It seems to be a sort of universal truth in that the people trying to break a
system will always be ahead of people trying to secure/protect it. Why then,
would prioritizing COMSEC over SIGINT change any of that? COMSEC will never
catch up to SIGINT.

I'm curious to know what exactly the NSA currently does to protect the US. Do
they already use their existing SIGINT knowledge to update systems ahead of
attacks?

~~~
Balgair
Well, maybe the lemma is flawed. Maybe they are not always ahead. I mean, to
date, no one has even been able to decode Kryptos, right out front of the CIA
in plain view:
[https://en.wikipedia.org/wiki/Kryptos](https://en.wikipedia.org/wiki/Kryptos)

Again, what the NSA does to protect the US is an open question; if they did
their job right, you'll likely not know it. Updating systems, at least large
commercial ones that foreign governments use as well as the US citizenry, is
not in the purview of their mandate, its the opposite. They do try to tell the
world what they do, so as to justify themselves in some degree to their
ultimate bosses (the US voting public). The Iranian nuke viruses are a good
example, though, as far as I know, they have not claimed that particular hack
yet.

------
logn
Regarding NSA and CIA, what do they have to do to get shut down completely? Do
we wait until genocide? It doesn't seem like a re-org is the proper response
to institutionalized torture, semi-automated assassination campaigns, and
creation of a panopticon.

~~~
unreal37
It's better to keep the good parts and reform the bad parts than to throw the
entire baby out completely.

Let's draw a parallel to something more tangible than the cyberwar we don't
see. Recently there was a number of high-profile cases where police got into a
clash with unarmed civilians, with disastrous results. Should police be shut
down completely? Would you be safe in a city with no police? Many cities in
the world have places where the police don't go, and those are dangerous
places.

NSA and CIA serve important functions. They just need to be properly balanced.

~~~
LordKano
\-- _Should police be shut down completely?_

Sometimes, yes. When the corruption and brutality is so bad that there's no
other option.

\-- _Would you be safe in a city with no police?_

In Acapulco, the answer was yes. The police went on strike and it was so much
better without them that the people didn't want them back.

------
Zigurd
Imagine if the Centers for Disease Control, instead of researching cures for
diseases, had a budget in the billions for buying weaponized viruses and
bacteria, and was subverting disease prevention. Nobody would stand for that.
It would be poisoning health care worldwide.

As another commenter pointed out here: _" Can we just flip their budget over
to making sure US companies are secure?"_ That is, of course, what should be
done. We get the results we spend money on. If the NSA's budget were spent on
making security easy and routine, we would have easy and routine security. But
that's not how we express our intentions with the budget right now.

~~~
rikacomet
I think that is a excellent example of how information might get abused.

------
craigjb
The NSA is probably the worst-case of the general public not trusting
government institutions. However, it seems that government has lost trust
across all functions, despite only marginal increase in corruption. Is new,
faster communication just making us more acutely away of the corruption that
inevitably happens? I don't think it's bad to be aware, but we really need to
learn to scale our response. A program can have a % of corruption and still
achieve success. Also, I wonder whether mistrust of institutions stems from
the record wealth disparity. In general, institutions seem much less
trustworthy when a small percentage of people can disproportionately influence
them.

~~~
joshontheweb
While the level of corruption may not be that much bigger, the ability of the
corrupt to cause harm has greatly increase through use of modern technology.

------
jasonzemos
Is it possible to hold the position that the NSA should be conducting signals
intelligence, data collection, and code-breaking (and yes, email snooping) --
yet at the same time hold the position that the blatantly malicious
activities: 0day exploits, software and hardware backdooring, etc should not
be allowed?

Why commit ourselves to a massive overhaul of the entire NSA when we can
address the actual problem here with some granularity and minimal cost
yielding an impact almost all of us would enjoy?

~~~
Balgair
True, I think the Snowden events have uncovered the unfortunate reality that
there is a gigantic hole in the boat. In the end, the only way we get out of
this is to redesign the system, from hardware on up, to be secure. The NSA, as
per their mandate from Congress as an expression of the will of the people of
the USA, is using the holes in the boat to advance the security of the nation.
It is literally their job to do this. Again, the issue is that the boat is
leaky. Maybe we humans decide that this leaky problem is not all that bad, and
like biology, a certain percentage of 'sinking' is acceptable versus the cost
to make a better boat. I dont think this is true though, because lawyers.
Making a better and more secure net is the end of the game, it is only time
that stands between us.

~~~
bediger4000
The NSA does not have a mandate from Congress: it was created by an executive
order of President Truman in 1952
([https://www.nsa.gov/public_info/_files/truman/truman_memo.pd...](https://www.nsa.gov/public_info/_files/truman/truman_memo.pdf)).
That order was classified for a very long time.

That's to say that you're starting from false premises. It is not the NSA's
job to advance the security of the nation at all. Hence the need to split it
up now. It's time to move the legal basis from executive order to something
else, that something else publicly debated and mandated by the people.

------
strictnein
Read "The Puzzle Palace" and find out why the NSA is structured like it is.
The US gov has been re-orging the NSA and factions inside the gov have been
fighting over its control since its inception. To use an annoyingly beat to
death phrase: we haven't seen its final form yet.

Actually a pretty good article overall, but these two lines bother me greatly:

    
    
       > "What was supposed to be a single agency with a dual mission—protecting the security of U.S. communications and eavesdropping on the communications of our enemies"
    

That was never the mission and is not the mission of any similar org in the
past 100+ years. It is to eavesdrop on everyone, including ones allies. The
Brits were eavesdropping on everyone's telegrams over 100 years ago. This
isn't something new.

    
    
       > "The result is an agency that prioritizes intelligence gathering over security"
    

Again, that is the #1 goal of the NSA and other similar organizations.
Security never has and never will be its #1 goal.

~~~
mason240
Security is their objective; using all encompassing communication spying is
their strategy for accomplishing that objective.

 _This comment is not an endorsement of any NSA policies._

~~~
strictnein
Security, in terms of the NSA, refers to their COMSEC work.

------
josefresco
"collecting data on innocent Americans either incidentally or deliberately,
and data on foreign citizens indiscriminately. It doesn't make us any safer,
and it is liable to be abused. "

If you are collecting data in order to analyze and identify threats to
national security, how would you possibly exclude "the innocent" beforehand?
These people are not innocent as much as they aren't guilty - however blinding
oneself to observation seems like a knee-jerk alternative.

If these practices are "liable to be abused" isn't the solution proper
oversight or accountability and not to shut down the entire program?

------
rikacomet
I would rather not agree with this "Break up the NSA" thing. I do follow the
public opinion that its surveillance is wrong, but this is not the fix.

NSA is a organization, a empty shell without its people. If the people are not
going to change their mindset in short-term (social change in mentality), it
means that law has to be changed in short-term, so that very mentality gets
more time to change.

But this is where I must contradict myself, does these people who are
benefiting from such "Its abuse, not use of power" deserve such a delay? Given
that for every second the situation remains the same, countless bottom-of-
pyramid-people across the globe would keep suffering? Or have we become TOO
used to looking away?

Also, a very important question is, that 'has NSA's Information Collection
System become such a tool, where bulk of Americans are used to collect data on
Bulk of Americans, and put that in the hands of Few, who then abuse it?' Or
NSA has more to it than just the empty shell called: "Interest".

As Voltaire said: "You must ask, whether it is 'Just Interest' or 'National
Interest'. "

A supporting question is, who is the Nation anyway? A few or all? Abraham
Lincoln ought to be right here. But, fast forward 200 years, It is also
important to question, whether "Nations" especially the idea of "America"
stands as it is, given the fact that it is America itself that pushed for a
"Globalized World" and still does.

------
axolotl_king
It's easy to casually propose such things, on a blog, while lobbing the same
tired criticisms about over-zealous intelligence gathering programs. But to
actually implement such grand, sweeping measures would require resources that
don't justify the benefits. Just scale back and increase oversight on
troubling programs, and otherwise let the NSA do its critical job as an
intelligence gathering agency.

~~~
josefresco
Finally, a pragmatic voice amongst those calling for an anarchist solution. I
will add my vote to those calling for increased oversight, and regulation over
the all out "scrapping" of these programs.

~~~
_cudgel
If you take it as a given that the NSA is spying on all parties, that includes
those supposedly providing oversight. Those providing oversight can then be
coerced into rubber-stamping whatever the NSA wishes. Therefore, "increased
oversight" is all but impossible.

------
walod
What about the problem of distinguishing domestic vs foreign communications?
NSA already minimizes American information, plus FBI doesn't have authority to
track who called to or from the US to a foreign nation like Pakistan from what
I understand, so no phone meta data. The NSA may be too big but I haven't seen
anyone bring an actual technical solution for setting the boundaries and so
forth.

~~~
spacehome
> NSA already minimizes American information

While this is the PR, in practice it's categorically untrue.

------
markc
Oh oh, looks they got to him. Link is now returning a 403:

Forbidden

You don't have permission to access
/essays/archives/2014/02/its_time_to_break_up.html on this server. Apache
Server at www.schneier.com Port 443

------
mrits
Can we just flip their budget over to making sure US companies are secure?

------
danielmiessler
I'm not sure this addresses the problem vs. just moving it to another agency.

Would it be better for the FBI to be doing these things than the NSA? Or
should we be instead fighting that they're done at all?

~~~
unreal37
I think holding the position "the United States should not be spying on
anyone, ever" is perhaps too far over on the spectrum of idealism. You do need
some spying on countries that pose genuine threats such as North Korea, Iran,
China, Russia and the like.

------
daddykotex
Note that this is from 2014, but it is more relevant than ever.

------
javert
I'm thankful to live in a country where we have the freedom to publish this
kind of thing. (That said, I think that freedom will no last too much longer.)

~~~
adventured
I've got an idea. In the faux name of net neutrality, let's give one of the
most abusive governments when it comes to privacy, vast control over
regulating the domestic Internet, and let's allow them pass those new
regulations without anyone external being allowed to review them ahead of
time. What could possibly go wrong? It's not like the government will
massively expand their direct control of the Internet, and use that to chill
free speech. And it's not like we'll be sitting here in ten years, listening
to pro net neutrality campaigners making excuses about how those weren't the
laws they had in mind; after all, who knew the government would abuse their
new powers, nobody could have guessed such a thing.

Whoops, too late:

[https://www.eff.org/deeplinks/2015/02/dear-fcc-rethink-
those...](https://www.eff.org/deeplinks/2015/02/dear-fcc-rethink-those-vague-
general-conduct-rules)

~~~
javert
I agree with the general thrust of what you're saying, and I think the FCC
takeover of the internet is much more problematic than the NSA spying scandal.

That said, the EFF is getting what it has been advocating for: A government
takeover of the internet.

That is what net neutrality has always been for and about.

Once we grant that the internet infrastructure is not private property and is
open to government regulation, that means it's open to _all_ government
regulation, including speech regulation. There is no middle ground.

To think otherwise is to not understand principles and politics.

------
coldcode
Sadly the voices of reason like Bruce will be yelled over by the voices of
"terrorism everywhere".

------
01Michael10
[http://defundthensa.com/](http://defundthensa.com/)

------
golemotron
It just seems that you can do anything on paper but covert agreements between
the agencies after break up will still occur.

~~~
javert
Not necessarily. It's just a matter of dis-empowering the people who are on a
die-hard mission of "spy on everything, and to hell with civil rights."

That is not the whole NSA; it's just a few key people in leadership positions
that have been steering the ship lately.

If you keep those same people in power but split up the agency, yes, you'll
just get the same thing again.

------
lawnchair_larry
Looks like the NSA penalty in article titles is still active? This one dropped
fast.

------
higherpurpose
To me, it's pretty obvious that the supposedly "dual" mission of NSA, that of
both anti-terrorism and cybersecurity, are completely incompatible. They are
at the extreme ends of the spectrum.

One seems to need the abolishing of (true) secure systems and privacy
(although, so far there is no evidence that mass surveillance actually helps
thwart terrorist plots - and it may never be able to do so [1] [2]), and the
other is _supposed_ to be about having super-secure systems and strong
encryption.

However, since the NSA is in charge of both, it seems the anti-terrorism side
has won, and it now causes the NSA to make _terrible cyber-policy_.

To Schneier's new post, I believe the EU is already getting ready to propose
that a _civil agency_ (not one that is run in secret) should be in charge of
cybersecurity in EU nations. Although, I think the NSA is working hard to
convince EU spy agencies to push legislation that makes _them_ responsible for
cybersecurity, at least in some EU countries that are more easily "persuaded".

EDIT: So I actually disagree with Scheneir here. I see no reason why a
_secretive unaccountable agency_ should be in charge of cybersecurity. Why
should it be a state secret that a hacker hacked into a US company? Just
because the NSA has the "expertise" in cybersecurity? If you want to keep the
experts, fine, but then turn the NSA into a civil agency.

I agree with his suggestion that surveillance (not _mass_ surveillance, though
- that should be banned for all agencies) should only be the domain of FBI.

To recap:

1) Cybersecurity = civil agency

2) Surveillance of local citizens = civil agency (FBI in US, I guess. Mind
you, this is what already happens, when referring to targeted surveillance, so
the real proposal here is that the NSA or anyone else shouldn't be spying on
local citizens, too - only the FBI and with warrants. This is not, or should
not be about giving the FBI "mass surveillance powers". If that's what
Schneier is proposing, then I completely disagree with this, too)

3) Cyber- _offense_ /cyber- _war_ = military/Pentagon/whatever

4) I'm unsure whether we need another agency for spying on "world leaders",
but right now I'm strongly inclined to give this one to the military too.
Also, it would be best if this wasn't actually targeted at _allies_ (like
Merkel), but actual rival (Russia) or rival-like (China) countries. I think
it's just good foreign policy not to do nasty stuff to your allies, just to be
slightly "ahead" in negotiations.

[1] -
[https://www.schneier.com/blog/archives/2006/03/data_mining_f...](https://www.schneier.com/blog/archives/2006/03/data_mining_for.html)

[2] -
[https://www.schneier.com/blog/archives/2006/07/terrorists_da...](https://www.schneier.com/blog/archives/2006/07/terrorists_data.html)

------
spacemanmatt
The (dollar) cost of the NSA makes us less secure.

------
PantaloonFlames
FYI: This is from 1 year ago.

~~~
drjesusphd
What has changed in the past year?

------
darkwingduck
Interesting, but I doubt it would go far in helping anything. You can't cut
and disperse the cancer growing inside of the US Government and expect
anything to be solved or fixed, it needs to be uprooted and burned. Would any
of this address secret courts, police brutality, domestic propaganda, or
corruption? It'll have to be all at once, otherwise it's just rearranging the
furniture in our cell.

