In a "How to Save the Internet" series, Wired runs the opinion of Bruce Schneier which makes a compelling case for splitting NSA in three.
By treating the Internet as a giant surveillance platform, the NSA has betrayed the Internet and the world. It has subverted the products, protocols, and standards that we use to protect ourselves. It has left us all vulnerable—to foreign governments, to cybercriminals, to hackers. And it has transformed the Internet into a medium that no one can trust.
Spying on foreign governments properly belongs within the Department of Defense under US Cyber Command. These days, espionage requires offensive actions in cyberspace—for example, breaking into networks and installing malware. [...] Attacking a foreign computer network is potentially an act of war, and we should be very careful in choosing to do so.
But the NSA's extensive domestic and foreign surveillance of individuals is an activity that is properly placed inside the Justice Department. There it can be subject to standard domestic law: the Constitution, the warrant process, conventional courts, and much less secrecy.
Finally, the NSA's defensive mission—protecting U.S. communications from eavesdropping and other attacks—should be transferred to a new organization. [...] This new agency would not have to be secret at all, because its ultimate goal ought to be a more secure Internet for everyone.
While all seems conceptually sound, I still have an uneasy feeling about placing the responsibility of fixing the internet in what used to be a part of NSA. What about you?
(Score: 2) by kaszz on Wednesday August 20 2014, @07:46PM
There's an inherent dilemma. At one end the organization shall spy at the other end it shall help others to protect their communications. If that spying is against individuals that may cause great harm to many people then you will really have a bad choice to make.
And then, trust is earned. It won't get back that easily by re-organization and announcements.
(Score: 2) by arslan on Wednesday August 20 2014, @10:47PM
Umm no it doesn't have to be a polar opposite. the NSA can spy on the rest of the world, just not on its citizens. The new agency he's proposing just have to secure the privacy of the U.S. citizens, almost like a control against the NSA to keep them honest as its been proven they can't be trusted.
The rest of the world of course is still stuffed
(Score: 2) by kaszz on Wednesday August 20 2014, @11:38PM
But the techniques to protect Americans will leak to the rest of the world.
(Score: 3, Interesting) by SlimmPickens on Thursday August 21 2014, @02:32AM
I think there's something wrong with that, it still contains the idea that some people are second class and don't deserve their human rights. There should just be three types of people, citizens, suspects and criminals.
(Score: 2) by arslan on Thursday August 21 2014, @03:16AM
No arguments from me there. I was just trying to summarize Bruce's point, not mine.
(Score: 3, Funny) by Anonymous Coward on Wednesday August 20 2014, @07:57PM
More ads, more spam! I'm aware that I'm brilliant, no need to reply about that, but I'm sitting here thinking, "I bet those fkrs don't have adblock on their TERRORISM MONITOR V1.0 boxes."
Splitting the NSA would be equivalent to splitting up a cup of coffee. At first you've got a nice, hot, delicious cup of joe that's spying on you, but then you chop it apart and suddenly you've got vengeful shards of coffee cup porcelain and scalding hot java all over the damned place. The NSA can just cover more ground that way!
(Score: 2) by nukkel on Thursday August 21 2014, @04:59AM
Actually, I had been hoping for a car analogy. Your cup of coffee analogy, Sir, has left me sorely wanting.
(Score: 4, Informative) by Zanothis on Wednesday August 20 2014, @08:00PM
This seems familiar [schneier.com]. I think he's right to keep suggesting this and I hope he can get someone to take his advice.
(Score: 3, Informative) by takyon on Wednesday August 20 2014, @08:14PM
How to Save the Net: Don't Give In to Big ISPs (Reed Hastings, CEO of Netflix) [wired.com]
How to Save the Net: Take Ownership (Mitchell Baker, executive chairwoman of Mozilla) [wired.com]
How to Save the Net: Build a Backup (Danny Hillis, cofounder of Applied Minds) [wired.com]
How to Save the Net: Keep It Open (Vint Cerf) [wired.com]
How to Save the Net: A CDC for Cybercrime (Peter W. Singer, a strategist at the New America Foundation) [wired.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by tangomargarine on Wednesday August 20 2014, @08:39PM
I suspect that without close oversight this "new" organization would steadily metastasize into what the NSA is now. However, I'm willing to give it a shot.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 3, Informative) by Anonymous Coward on Wednesday August 20 2014, @09:04PM
Save bet. Germany has a dedicated department for computer security, the BSI - in theory. The reality is they're "cooperating with" the BND - the spies -, you can't trust anything they tell you/any software they provide.
(Score: 0) by Anonymous Coward on Wednesday August 20 2014, @10:33PM
Me too... what do you think would be more appropriate: a shotgun or an RPG?
(Score: 4, Interesting) by frojack on Wednesday August 20 2014, @08:48PM
I actually disagree that surveillance of foreign individuals belongs in the Justice department. It would only increase the unfortunate tendency of US to impose its laws on other countries.
That part was the original mission of the NSA, and they were forbidden to spy on US citizens. Somewhere along the way that changed. And that has to be undone.
Spying on foreign governments is somewhat different. Other countries are trusting their military to do that, but I'm not sure that is the best idea for the US. If your military is actively trying to spy or penetrate a foreign government, what was "typical intelligence" becomes an act of war. If left to civilians, its business as usual and is in keeping with what has historically been done. It belongs in CIA, (other than the fact that those guys are a bunch of idiots these days, and have taken to funding their own armies).
So In the end,
1) I'd leave Foreign Governments and Foreign individuals in the existing NSA. Keep the military out of it.
Just keep the NSA out of the US or monitoring any US networks or accepting any monitoring data provided
by others (british germans, etc) about US citizens located in the US.
2) I'd transfer NOTHING to Justice. NOTHING. Those bastards are supposed to be working for the people.
The FBI has all the powers it needs. And I would totally outlaw National Security letters, FISA courts.
3) I would also totally outlaw any NSA data getting to law enforcement without a court review. Until the foreign subject enters the US, or until after that data passed a court review local law enforcement does not need a pipeline to the NSA. (And no, sending it via the FBI is not acceptable either).
Naive? Probably. But we've seen what happens when we trust these people. Our security doesn't depend no our being non-naive, it depends on the amount of punishment we can inflict on transgressors.
I agree splitting things up into a new set of separate agencies offers no protection. The problem is that mission creep is happening in secret programs.
Oh, and NCIS needs to go back to being a NAVY police force only. Where in the hell did they get arrest powers over civilians? That's entirely unconstitutional.
No, you are mistaken. I've always had this sig.
(Score: 5, Interesting) by CRCulver on Wednesday August 20 2014, @09:30PM
The NSA as it is, is a branch of the military, it is under the Department of Defense and is even based at Ft. Mead. Much of the US's SIGINT activity proceeds in the branches of the armed forces with their own specific departments that are all under the umbrella of the NSA. A soldier, sailor, marine or airman who goes to Defense Language Institute to train in a foreign language for SIGINT purposes (I was one, Mandarin Chinese) could find himself stationed afterwards at Ft. Mead (and that's the reason I thankfully left).
And outside the United States, in quite a few other countries SIGINT is heavily the responsibility of the armed forces, not a civilian agency. It's easy to understand why: SIGINT and electronic warfare are related fields, and any military theatre of operations is going to be sucking in as much as they can anyway. It makes more sense for HUMINT to be left to a non-military agency.
(Score: 0) by Anonymous Coward on Wednesday August 20 2014, @08:56PM
'tis laudable that at least someone proposes a solution instaed of just complaining. reality is that if a non-public government entity would be doing this then someone would probably soon see how a prison looks from the inside.
reality is also that all tax paying democratically voting american citizens are directly responsible for the current state of affairs.
as a non american citizen I have come to the conclusion that the american country is dysfunctional (see what I did there? you dont feel so bad about it anymore right?) and that all of the global internet users will have to suffer from it.
but I believe that because this situation is unprecedented (there was no previous global network) that we have non guidelines and that we will all just have "trial-and-error" through this.
something similar happend when the splitability of uranium atom was discovered and the ensuing M.A.Dness took hold.
maybe a similar total surveillance needs to happen before everybody including the people with finger on the trigger (so to speak) will realize that they are (would be effected).
its just something we have to go through.
(Score: 0) by Anonymous Coward on Thursday August 21 2014, @07:15AM
Eliza is that you?
(Score: 4, Funny) by Theophrastus on Wednesday August 20 2014, @10:15PM
In a happier time-line (which would require about seven miracles to re-join) DARPA would've ceded control of all the main trunks (at least down to city level; and everything ICANN as well) to the USPS [secret postal carrier salute]. this would thereby (a) place internet neutrality as a foregone conclusion (2) restored the central position of respected carrier of the nation's communications to the USPS and (iii) given the conspiracy theorists more fodder than they could possibly handle in a century.
(Score: 0) by Anonymous Coward on Wednesday August 20 2014, @10:57PM
...the NSA isn't going anywhere or to be broken into pieces.
The Feds didn't break up Microsoft on antitrust grounds years ago so why do you think they would break up The Puzzle Palace--FVEY Central? It's the workplace of 'highly-placed, high-value Federal agents...Federal agents!!!' as Jack [imdb.com] might say.... :P
All we can do is three things:
1) Use 'strong encryption'. More and more websites are going HTTPS thanks to Edward Snowden's [wikipedia.org] revelations. [wikipedia.org] This means more time lost, more energy wasted, and more wear and tear on computer hardware to stay secure all the time instead of only when someone spends money at a website and uses a credit card number or equivalent electronic funds transfer number/ID to pay for their purchase.
2) Hope our computer hardware isn't 0wned [soylentnews.org] by the NSA.
[relevant part of the post is about halfway down but please read it from the beginning. :)]
3) Hope the NSA hasn't got non-trivial quantuum computing working. If they do, from what I've heard, non-QC based/resistant encryption will be POINTLESS.... :( ;_;
That is all we can do....
(Score: 1, Insightful) by Anonymous Coward on Thursday August 21 2014, @02:38AM
'highly-placed, high-value Federal agents...Federal agents!!!'
Top. men. [imdb.com]
They have a mission problem. They both attack and protect. Protect is always going to fall bellow attack. What these guys have been doing they should be beefing up our networks. Instead they are treating it as their playground. They should be *happy* it is harder to get in. Not looking for ways to make it easier. For whatever they can do someone else can do with a bit of time and resources. Their hubris is that only they can figure it out.
(Score: 2) by Phoenix666 on Thursday August 21 2014, @01:43AM
The first step to dealing with the NSA is to put every last one of them in a prison cell or a firing squad. The second step is to put Diane Feinstein and the rest of the cronies in a prison cell or in front of a firing squad. Then we can talk about how to form a more perfect union.
Unless we can emphatically demonstrate to ourselves and the world that the Constitution and our laws mean something, what's the point?
Washington DC delenda est.
(Score: 3, Insightful) by Yog-Yogguth on Thursday August 21 2014, @02:52PM
In fact this would make things worse not better because it would be even easier to disregard the daily and continuous consequences of exactly the same abilities as are being used and improved right now. Only on paper does it appear “cleaner” because you've put the right words in the right boxes and consider it not only reality but automagically “good”.
It is an exercise in feel-good and make-believe.
In addition I've got to say that despite their size those are some mighty shallow rabbit holes people are trying to patch :(
What if Bruce Schneier and people in general realized it's not just a(ny) government entity, or the internet, or even computers, or methods, policy, individuals, or approach?
For something of the magnitude we're facing things have to be seriously wrong just about everywhere in everything involved and also be generally accepted as both normal and “good” or outright awesome, and that's not a hard sell when all negative ramifications are ignored all the way from the most immediate and small that can be clearly seen: your life and freedom aka “privacy”.
I'm not saying there aren't technical problems, we should all know there are very serious and deep technical problems throughout all the tech (in fact so many and so serious ones that one could argue someone trying to grasp a “control monopoly” as the NSA has are forced to aim for being the most intrusive and manipulative whether they realize it or not), but what I'm trying to say is that are there far more to this than “only” those and the deeper down one gets the more it should hopefully become obvious.
This mess is not only about technology.
And this is where Bruce veers close to the truth: because on one side you have a massive and expanding pool of all kinds of knowledge and experience that is used towards continuous nearly unlimited subversion (not just surveillance) of anything (including possibly diffuse concepts such as freedom) with nearly unlimited funding and few if any ethical limits. It's so big that meaningful centralized human oversight is impossible even from the inside; it would at least take a shared culture of self-imposed limits which almost no one seems to see any benefit in. On the other side is you. You and in particular any flaws you do not realize you have be it in your person, your biology, your actions, your thoughts, and your possessions.
Thus no: if the "solutions" are actually little else than a paint job or icing or the shuffling of deck chairs then they're not solutions but additional problems.
If the US (and the NSA) is gone tomorrow I would expect the system and its capabilities to live on regardless because so many people all over the world think it's a marvelous idea and aren't the least bit worried about any consequences; they're completely blinded by the silver lining of the gathering storm-clouds.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by etherscythe on Thursday August 21 2014, @04:08PM
This is exactly what I (now confirmed correctly) suspected of the Total Information Awareness program years ago. The thing is, though, this is all protected under the umbrella of the US black budget. If you strip that part away, there will be nowhere for the roaches to regroup with anything like their current effectiveness. They'll have to send it overseas where it will be cut off from support of the big power players. Such a well-established machine is not easily dismantled, but it can be heavily de-fanged.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by Yog-Yogguth on Sunday August 24 2014, @06:52PM
Sorry for the late reply! I run on a broken engine that mostly just crawls along very slowly :)
Yes I would like that to be the case and I've heard of some such efforts that have already been made by for example the state of California and others. It is going to take much more but it is one way of trying to fight it for sure.
However the capabilities are already widely distributed and a lot of it has to be: one isn't automatically cut off from anything by moving overseas and it has already been shown that a lot of NSA funds are spent on establishing “internal” capabilities overseas (Five Eyes and Nine Eyes first and foremost but there's no shortage of “countries” that want in). Remember also that Snowden worked for a sub-contractor who in turn likely used many different subcontractors for whatever their needs were. Wasn't he located in Hawaii? Even as a US state that's almost over half a sea already, pretty remote :)
What one is doing is that one is applying evolutionary pressure to the system; as an organization it will try anything to become more fit and survive including faking its own “death” or faking the dismantlement of whatever parts draws the most ire (which is part of why for example the debate centered on excluding US citizens from surveillance and manipulation is such a joke: it wouldn't remove a single capability).
And if it all breaks down it's the juiciest (worst) parts that have the best chance of surviving just in the same manner as if we were talking nuclear proliferation after the fall of the Soviet Union: experience and knowledge.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by etherscythe on Tuesday August 26 2014, @08:40PM
Right. My whole point is, defund the black budget significantly and you will see them cut out a lot of the non-performing cruft like watching everyone's spending habits and recording phone calls in order to focus on their core mission-critical capabilities that actually work (how much did that new datacenter cost!?). The bad tech may end up in the hands of dictatorships and such, but it will be far less of a threat to the developed world. I think you might find the careful integration of the systems will make it hard to transfer without a lot of reworking that may water down its capabilities quite a bit. That's when the whole thing becomes manageable.
"Fake News: anything reported outside of my own personally chosen echo chamber"