Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Government United States

Schneier: Break Up the NSA 324

New submitter BrianPRabbit writes "Bruce Schneier proposes 'breaking up' the NSA. He suggests assigning the targeted hardware/software surveillance of enemy operations to U.S. Cyber Command. Further, the NSA's surveillance of Americans needs to be scaled back and placed under the control of the FBI. Finally, he says, is 'the deliberate sabotaging of security. The primary example we have of this is the NSA's BULLRUN program, which tries to "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communication devices." This is the worst of the NSA's excesses, because it destroys our trust in the Internet, weakens the security all of us rely on and makes us more vulnerable to attackers worldwide. .... [T]he remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT (signals intelligence). Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.'"
This discussion has been archived. No new comments can be posted.

Schneier: Break Up the NSA

Comments Filter:
  • by Anonymous Coward

    Bruce Schneier can break the NSA

  • by alen ( 225700 ) on Friday February 21, 2014 @09:41AM (#46303623)

    the FBI is a federal police force, not a spy agency that collects intelligence

    • by SJHillman ( 1966756 ) on Friday February 21, 2014 @09:47AM (#46303659)

      That's exactly why. Any surveillance of Americans should only be done if it pertains to a police matter (e.g. investigation).

      • Which is exactly how it's organized. The NSA is spying on overseas comms. When it links to a date/time placed/received call stateside, they hand that information to the FBI, and say, "This phone number in the US is talking to some very bad people overseas." The FBI then starts the investigation.
        • by jythie ( 914043 )
          That is how it is supposed to be organized, but the current perception (true or false) is that this is not what is actually occurring.

          Part of this comes from historical issues of agencies not wanting to work together or share data, esp when a particular case or subject crosses back and forth between foreign and domestic, so the perception is that the NSA, rather then handing the domestic pieces over to the FBI, continues to work with the data under the umbrella target... so organizing based off the origin
          • Re: (Score:3, Insightful)

            I understand your point. Only problem then becomes, "OK now what?" Following your scenario, let's say they start tracking you stateside, after you've made an international call to known or suspected threats overseas. Their systems aren't set up to intercept your calls. It's metadata only. So, they collect reams and reams of your phone calls to mom, the store, work, co-workers, and one or two known threats. Now what? They don't have jurisdiction to go to a FISA court, and a judge would laugh them out
          • by mcgrew ( 92797 ) *

            No, that's NOT how it's supposed to be happening. The government is constitutionally prohibited from spying on Americans' communications without a warrant. Once you have a warrant, eavesdrop all you want.

            Too bad they no longer respect that document, if in fact they ever did.

        • You mean that's how it *should* happen.

          Because what actually happens is nothing near that.

        • by s.petry ( 762400 ) on Friday February 21, 2014 @01:35PM (#46305155)

          Which is exactly how it's organized. The NSA is spying on overseas comms. When it links to a date/time placed/received call stateside, they hand that information to the FBI, and say, "This phone number in the US is talking to some very bad people overseas." The FBI then starts the investigation.

          If this was what was happening, people would not have so many problems with it. If you want to claim it _is_ this way then I expect to see people charged with criminal misconduct currently holding offices and not performing their duties as they should. Here are two words for you to review. "Parallel Construction".

          Let's assume that everything is on the up and up, and we have nothing to worry about. The orifices in question are recommending to move to a 3 step system. If you call a store that has an employee that has a friend that called a "questionable" country you are within legal rights for monitoring. This is too vague of a definition, yet people think it will fix something. Play 6 degrees of Kevin Bacon and you quickly see that anyone can be associated with a "terrorist" pretty easily.

          Second, calling overseas is not bad. "Overseas" is yet another overly broad term. Do they monitor K-mart officials because they do business? Wow, what a convenient term to use! Now if you shop at K-mart you are within 3 steps! Isn't that incredible? (no, don't answer that rhetorical question)

          In a post following this one you claim "it's only metadata". Anyone that believes that metadata is "nothing" (or down plays it's significance) is either repeating propaganda or extremely ignorant. You will find few friends here repeating propaganda or making uneducated claims. You can't play down what it is, when we have studied what this data contains and can be used for. We also see the cases of IRS targeting certain groups which warrants a full open inspection of the system.

          I get it, it's hard to believe your own government has become corrupt. The truth is that we have become very corrupt, and until we have open investigations and trials we won't know the extent of corruption. The days of arguing for the innocence of America are long gone (The Gulf of Tonkin is a bitch for that delusion, and just the first of many). The arguments we should be pushing today are how we fix the corruption, and how we open offices for inspection, and how we put criminals that have held (and perhaps are holding) public offices on trial.

        • That's great, so who's going to arrest those in charge of the domestic spying that *is* happening according to the Snowden files (and corroboration elsewhere).

    • by Anonymous Coward on Friday February 21, 2014 @09:49AM (#46303677)

      FBI dropped "law enforcement" as one of their primary duties not long ago. They consider themselves a national security organ now:

      http://thecable.foreignpolicy.com/posts/2014/01/05/fbi_drops_law_enforcement_as_primary_mission

    • by cold fjord ( 826450 ) on Friday February 21, 2014 @09:55AM (#46303729)

      the FBI is a federal police force, not a spy agency that collects intelligence

      The FBI's current mission statement:

      Our Mission [fbi.gov]

      As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, to uphold and enforce the criminal laws of the United States, and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

      You might want to follow the link and read the rest.

      • by dweller_below ( 136040 ) on Friday February 21, 2014 @01:09PM (#46304997)
        Looking at the FBI Mission: http://www.fbi.gov/about-us/qu... [fbi.gov] it looks like the Priorities are based on Crazy Congressional Wishlist. There are just too many Priorities. And, they are ranked according to sensationalism, not importance to the survival of the Nation. That page lists them as:
        1. 1. Protect the United States from terrorist attack
        2. 2. Protect the United States against foreign intelligence operations and espionage
        3. 3. Protect the United States against cyber-based attacks and high-technology crimes
        4. 4. Combat public corruption at all levels
        5. 5. Protect civil rights
        6. 6. Combat transnational/national criminal organizations and enterprises
        7. 7. Combat major white-collar crime
        8. 8. Combat significant violent crime
        9. 9. Support federal, state, local and international partners
        10. 10. Upgrade technology to successfully perform the FBI’s mission

        At this point, I think we can all clearly see that Terrorism only has as much importance as we create for it. If we don't regard it as important, the Terrorism threat goes almost entirely away. If you were to rank these Priorities according to what most impacts the survival of the Nation, I believe it would look more like:

        1. 1. Combat public corruption at all levels
        2. 2. Combat transnational/national criminal organizations and enterprises
        3. 3. Protect civil rights
        4. 4. Combat major white-collar crime
        5. 5. Combat significant violent crime
        6. 6. Support federal, state, local and international partners
        7. 7. Upgrade technology to successfully perform the FBI’s mission
        8. 8. Protect the United States against cyber-based attacks and high-technology crimes
        9. 9. Protect the United States against foreign intelligence operations and espionage
        10. 10. Protect the United States from terrorist attack
    • Since they removed law enforcement from their fact sheet https://www.techdirt.com/artic... [techdirt.com]
    • by jythie ( 914043 )
      Police forces collect intelligence as part of their police duties. Things like wire taps and stake outs would fall under that category.
    • by mspohr ( 589790 )

      I think his point may be just that... The FBI is not a spy agency and shouldn't be spying on citizens. It is a police force which could use surveillance (with proper subpoenas, etc.) to find criminals. Stop indiscriminate spying on everyone.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      http://www.fbi.gov/about-us/investigate

      They are absolutely NOT a police force. For very strict reasons the US did not institute a national police force, aka a gendarme, that you see in many other countries. The Federal Government has "police" forces for very specific issues that are national interest issues, such as the Coast Guard for policing US shores, the ATF for weapons smuggling, the Customs Service for international smuggling enforcement, the DEA for drug enforcement, the Border Patrol for border s

    • by jodido ( 1052890 )
      Wrong, totally and completely. It may not be a "spy agency" but it does collect "intelligence" and always has--and frequently by spying.
    • by steelfood ( 895457 ) on Friday February 21, 2014 @02:42PM (#46305579)

      Since Hoover.

  • by Talderas ( 1212466 ) on Friday February 21, 2014 @09:44AM (#46303633)

    Security expert Bruce Schneier was found dead in his home. The cause of death is unknown but police are investigating possible foul play.

  • by gurps_npc ( 621217 ) on Friday February 21, 2014 @09:46AM (#46303651) Homepage
    It would encourage the use of espionage/security methods in criminal cases.

    That is, I think it would be more likely to corrupt the FBI than to clean up the NSA's investigation of Americans.

    The real problem is priorities more than anything else.

    The events of September 11th panicked us Americans, and we decided to overspend and over-allow security.

    We need to realize that the number of terrorism related attacks are relatively SMALL and to cut funding for all things that invade our privacy - starting with the TSA.

    When you limit their funds, they spend their money wisely on clear and present dangers.

    When you give them unlimited funding, as we have been doing, they spend it on any wild-ass crazy possibility, which means they investigate people and cases that are clearly and obviously not terrorism related.

    • Inconceivable (Score:4, Insightful)

      by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Friday February 21, 2014 @09:53AM (#46303717) Homepage

      > That is, I think it would be more likely to corrupt the FBI than to clean up the NSA's investigation of
      > Americans.

      Corrupt the FBI? The FBI are as incorruptible as the proverbial satan. We are talking about the people who have so precious little to really do that they go around creating criminals to arrest. These are the people who go after little shit online troublemakers and find mentally unstable people who they can shove a bomb in the hands of.

      Corrupt them?

    • Re: (Score:2, Troll)

      by alen ( 225700 )

      lots of terror attacks in the 80's
      in the 90's we had the WTC bombing, the USS Cole and the embassy bombings. hundreds dead
      2001 we had 9/11 and after that nothing

      so you figure the new security and intel collection stopped at least a few attacks, which now means since there were no attacks all this is a waste of money

      • by gurps_npc ( 621217 ) on Friday February 21, 2014 @10:46AM (#46304083) Homepage
        You are engagned in wishfull thinking. We have had just about as many attacks in the 2000's and 2010's as in the 80's and 90's. In particular US embass's have been under multiple terrorist attacks in 20001 - Nairobi, Ben Gahzi, etc. Not to mention the Boston Massacre, shoe bomber, the attack on the Sikh Temple, and the multiple ricin letter attacks - all against civilians for political purposes.

        Worse, you have a twisted idea of what a terrorist attack is. USS Cole bombing was not a terrorist attack. It was an act of war. If a country (Sundanese Government officially liable for the attack, as per US judge) attacks a soldier, that is an act of war. If you attack civilians for political purposes, that is an act of terrorism. It doesn't matter if you use a bomb - or if you use a suicide attack. Soldiers are armed and are supposed to be capable of defending themselves (assuming some idiot did not give stupid rules of engagement). Civilians are usually unarmed and usually not capable of defending themselves - which is why attacking civilians is a far worse thing (i.e. a crime called terrorism) than attacking soldiers - which is a bad thing, but only an act of war, not of terrorism.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        lots of terror attacks in the 80's
        in the 90's we had the WTC bombing, the USS Cole and the embassy bombings. hundreds dead
        2001 we had 9/11 and after that nothing

        so you figure the new security and intel collection stopped at least a few attacks, which now means since there were no attacks all this is a waste of money

        So I guess the Boston Marathon thing didn't happen ?

    • by bigpat ( 158134 )

      I think the point is that giving anyone (including the NSA) the NSA's current "duties" is a bad idea, but if the government still needs to spy on particular communications within the US as part of a criminal investigation, then it should be done using the government's police powers under a constitutionally valid warrant.

      Only if there was an ongoing shooting war (not periodic acts of terrorism) should the government be using its war fighting authority to monitor domestic communications, which is essentially

    • "That is, I think it would be more likely to corrupt the FBI than to clean up the NSA's investigation of Americans.

      The FBI has been marvelously corrupt on its own. There have been articles discussing "off the record" the competition between the FBI and the NSA about who could collect more data on US citizens. The FBI has escaped being put under the microscope so far, but they have plenty of data access that the general public is not aware of. Hence the change in scope and terminology on their charter. Make

    • by swb ( 14022 )

      The FBI already has a history of pretty ugly domestic surveillance, dating back at least to COINTELPRO (which was a systematic, determined project) and probably dating back further than that on an ad-hoc basis given what we know about J. Edgar Hoover and his penchant for keeping dirt on people. And all of this happened when the NSA was just trying to figure out how to tap phone lines without creating a lot of extra clicks.

      It's an open debate on whether those revelations and the changes in leadership over t

  • I'm sure they are happy to break up into as many parts as you think they need.
    I'm sure they are happy to keep people as misdirected as possible.
    I'm sure they are happy to be closed down 100% no one at this address not more... /business as usual behind the curtain.

    Tron is dead..
    Master Control Program: End of line!
  • by JohnnyComeLately ( 725958 ) on Friday February 21, 2014 @09:52AM (#46303711) Homepage Journal
    This is akin to a guy who has flown on an aircraft thinking he knows how to run an airline. "The NSA should hand off to the FBI spying on Americans." They do. NSA does not investigate domestic nor Americans unless specifically given a court order to do so (which is less than 60 Americans in the entire US as of December 2013). If the NSA stumbles upon metadata that links an American, or domestic entity tied to overseas terrorism (which is what they're lookin for), they hand off the metadata (phone number called, date/time stamp of call) and say to the FBI, "Whoever this is, is talking to terrorists overseas." Then the FBI runs with it.

    CyberCommand, a command I'm very familiar with as prior-Air Force, doesn't have a reason to take over what the NSA does. The author of this article really doesn't know what he's talking about.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Considering that Bruce has actually seen the Snowden docs, I'd say you're the one who doesn't know what he's talking about.
      When foreign intel includes patrons of wikileaks and the pirate bay, and use their powers to go after drug cartels and gun runners, then that section of the NSA is doing the work of the FBI. Whether that work should exist or not (and we all seem to agree that it should not), is another question, but they are definitely doing work of the FBI.

    • You're conflating: the NSA spies on all Americans to investigate a few. It's the spying that's the issue.

    • Breaking up the NSA will force the issues of what data on Americans may be gathered by whom. Prior to the Patriot Act(s), no data on American citizens could be gathered unless authorization was requested through a search warrant. The FISA court has been a clumsy blunt force attempt to circumvent this, and it has relied on _temporary_ wartime provisions from the Patriot Acts. If the Constitution is to survive, the Pat Acts must be rewritten (or better yet, repealed whole). Only then can these lacerations

    • Bruce Schneier knows what he is talking about, but you didn't read the article. This is what he's referring to specifically:

      This is where the NSA overreaches: collecting data on innocent Americans either incidentally or deliberately, and data on foreign citizens indiscriminately. It doesn't make us any safer, and it is liable to be abused. Even the director of national intelligence, James Clapper, acknowledged that the collection and storage of data was kept a secret for too long.

      Read it, it will clarify your concerns.

    • The author of this article really doesn't know what he's talking about.

      Pardon me, but I'm going to go with the man who is well-known for his integrity, intellect, guts to write under his own real name, Johnny.

      Even if you did actually serve, I'm still not convinced to defer to you over the right-honorable Mister Schneier.

  • CYBERCOM and NSA have the same director, so...

    Maybe he meant to add (haven't read TFA, obvs) that CYBERCOM should have its director as well.
  • I like it, assuming that their funding and capabilities get scaled way back. Splitting it into separate arms of the FBI and military could assign actual reasons and purpose to their operations; as opposed to one independent data-addicted behemoth whose sole mission is to hork down all the information it can get it's paws on, regardless of cost or actual usefulness to security. Too bad this is extremely unlikely to happen.
  • He suggests assigning the targeted hardware/software surveillance of enemy operations... [T]he remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT

    Schneier's proposals make no sense. NSA's charter is to collect and analyze electronic communications worldwide. They're not a tactical operation nor are they responsible for COMSEC.

  • Most likely, the NSA would be split along the lines of their three core missions:

    - Spy on and sabotage information systems of enemies of the United States to disrupt their operations.
    - Spy on and sabotage information systems of friendly foreign nations to maintain and enhance US hegemony.
    - Spy on and sabotage information systems of US citizens, to chill free speech that might threaten the NSA with budget cuts.

    Then the first could be downsized as not an essential contributor to their primary goal of maintain

  • by organgtool ( 966989 ) on Friday February 21, 2014 @10:18AM (#46303895)
    The NSA does not necessarily want you to be insecure. As a matter of fact, I have downloaded documents from their web site with tips on how to configure my OSes to be more secure (and I don't recall any of the tips requiring me to install any additional software, which definitely would have raised a red flag). It is in the best interest of the NSA that the computers that protect sensitive data in all public and private sectors be secure from outside threats. With that said, it is also in the NSA's interest to be able to access as much data from these same machines as they can possibly gather. Therefore, they walk a tight line where it's best when everyone's security is loose enough that the NSA can get in, but tight enough to keep less sophisticated groups out. Based on systems such as BULLRUN, it seems that the NSA has become more concerned with gaining access for themselves over encouraging tight security.
    • I work in critical infrastructure protection CIP (the power grid). My nightmare is the back doors that NSA may have inserted in our systems.

      Why would NSA do that? Because terrorists might get jobs at CIP companies and use their systems to communicate with other terrorists. Also because NSA can't selectively insert back doors only in the systems of bad guys. They do it by compromising any and all systems globally.

      What is the problem for me? If a back door exists, then I must assume that it is only a ma

  • That it stupid, short sighed and unworkable. You can't un-see goat.se.

    Instead, make them SHARE and just learn what you can.

    We will have different uses for the data, but its just data, that WE unknowingly paid for.

    The last time that happened we got Google Maps. The time before we got the internet.

  • Can we do so physically? With big bulldozers?

    Killdozer may still be in a evidence locker somewhere, maybe we can rent out time on it. I know more than a few guys that would love to drive big construction equipment for fun.

    Heck we may even be able to recoup some of our national debt. You know, do our part to support Hope and Change!

    m
  • Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.

    The common (arguably flawed) rebuttal to this is that "everyone" includes "people who want to do us harm". That is to say if the NSA were to succeed in making security stronger for "everyone" it would have made security stronger for the bad guys too, potentially allowing the existence of secure communication channels that would empower the "bad guys" to do more harm than they would be abl

  • Sad but nobody will listen to this, there's too much money and political glad handing going on in DC to keep the current status quo in place.

    The only way to get rid of the corruption and spying in DC is to get rid of the current bunch of clowns we have in office and to pass meaningful campaign finance reform legislation to eliminate the flow of money from special interests into politics. That goes for both parties.

  • The primary example we have of this is the NSA's BULLRUN program, which tries to "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communication devices." This is the worst of the NSA's excesses, because it destroys our trust in the Internet, weakens the security all of us rely on and makes us more vulnerable to attackers worldwide. .... [T]he remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT (signals intelligence). Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.'"

    In an actual war - which is what the whole DoD is there for - SIGINT is incredibly powerful. Imagine WWII again without cracking the Enigma machines, what would have happened without it is anyone's guess but an oft quoted assessment says it shortened the war by two years. For all we know a more effective sea blockade of the UK could have led to their surrender or the Russians invading all of Europe with the UK/US on the sidelines. If the Germans had known the plans for D-day it would have been a massacre.

    Of

  • The third is the deliberate sabotaging of security. The primary example we have of this is the NSA's BULLRUN program, which tries to "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communication devices."

    This is where the Free and Open source community can assist.

    1. By having free (as in GPL licensed) cryptographically secure psudorandom number generators that all can use to help secure their communications.

    2. Also having Free and Open source encryption algorith

Avoid strange women and temporary variables.

Working...