Schneier: Break Up the NSA

New submitter BrianPRabbit writes "Bruce Schneier proposes 'breaking up' the NSA. He suggests assigning the targeted hardware/software surveillance of enemy operations to U.S. Cyber Command. Further, the NSA's surveillance of Americans needs to be scaled back and placed under the control of the FBI. Finally, he says, is 'the deliberate sabotaging of security. The primary example we have of this is the NSA's BULLRUN program, which tries to "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communication devices." This is the worst of the NSA's excesses, because it destroys our trust in the Internet, weakens the security all of us rely on and makes us more vulnerable to attackers worldwide. .... [T]he remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT (signals intelligence). Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.'"

since when is the FBI a spy agency?

[alen]

the FBI is a federal police force, not a spy agency that collects intelligence

Re:since when is the FBI a spy agency?

[SJHillman]

That's exactly why. Any surveillance of Americans should only be done if it pertains to a police matter (e.g. investigation).

Re:since when is the FBI a spy agency?

[SJHillman]

"By law, the CIA is specifically prohibited from collecting foreign intelligence concerning the domestic activities of US citizens. Its mission is to collect information related to foreign intelligence and foreign counterintelligence. By direction of the president in Executive Order 12333 of 1981 and in accordance with procedures approved by the Attorney General, the CIA is restricted in the collection of intelligence information directed against US citizens. Collection is allowed only for an authorized intelligence purpose; for example, if there is a reason to believe that an individual is involved in espionage or international terrorist activities. The CIA's procedures require senior approval for any such collection that is allowed, and, depending on the collection technique employed, the sanction of the Director of National Intelligence and Attorney General may be required. These restrictions on the CIA have been in effect since the 1970s."

Of course, that's from the CIA's website, so it's exactly what they want you to think...

Re:since when is the FBI a spy agency?

[cold+fjord]

the FBI is a federal police force, not a spy agency that collects intelligence

The FBI's current mission statement:

Our Mission

As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, to uphold and enforce the criminal laws of the United States, and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

You might want to follow the link and read the rest.

Re:since when is the FBI a spy agency?

[dweller_below]

Looking at the FBI Mission: http://www.fbi.gov/about-us/qu... it looks like the Priorities are based on Crazy Congressional Wishlist. There are just too many Priorities. And, they are ranked according to sensationalism, not importance to the survival of the Nation. That page lists them as:

1. 1. Protect the United States from terrorist attack
2. 2. Protect the United States against foreign intelligence operations and espionage
3. 3. Protect the United States against cyber-based attacks and high-technology crimes
4. 4. Combat public corruption at all levels
5. 5. Protect civil rights
6. 6. Combat transnational/national criminal organizations and enterprises
7. 7. Combat major white-collar crime
8. 8. Combat significant violent crime
9. 9. Support federal, state, local and international partners
10. 10. Upgrade technology to successfully perform the FBI’s mission

At this point, I think we can all clearly see that Terrorism only has as much importance as we create for it. If we don't regard it as important, the Terrorism threat goes almost entirely away. If you were to rank these Priorities according to what most impacts the survival of the Nation, I believe it would look more like:

1. 1. Combat public corruption at all levels
2. 2. Combat transnational/national criminal organizations and enterprises
3. 3. Protect civil rights
4. 4. Combat major white-collar crime
5. 5. Combat significant violent crime
6. 6. Support federal, state, local and international partners
7. 7. Upgrade technology to successfully perform the FBI’s mission
8. 8. Protect the United States against cyber-based attacks and high-technology crimes
9. 9. Protect the United States against foreign intelligence operations and espionage
10. 10. Protect the United States from terrorist attack

Re:since when is the FBI a spy agency?

[s.petry]

Which is exactly how it's organized. The NSA is spying on overseas comms. When it links to a date/time placed/received call stateside, they hand that information to the FBI, and say, "This phone number in the US is talking to some very bad people overseas." The FBI then starts the investigation.

If this was what was happening, people would not have so many problems with it. If you want to claim it _is_ this way then I expect to see people charged with criminal misconduct currently holding offices and not performing their duties as they should. Here are two words for you to review. "Parallel Construction".

Let's assume that everything is on the up and up, and we have nothing to worry about. The orifices in question are recommending to move to a 3 step system. If you call a store that has an employee that has a friend that called a "questionable" country you are within legal rights for monitoring. This is too vague of a definition, yet people think it will fix something. Play 6 degrees of Kevin Bacon and you quickly see that anyone can be associated with a "terrorist" pretty easily.

Second, calling overseas is not bad. "Overseas" is yet another overly broad term. Do they monitor K-mart officials because they do business? Wow, what a convenient term to use! Now if you shop at K-mart you are within 3 steps! Isn't that incredible? (no, don't answer that rhetorical question)

In a post following this one you claim "it's only metadata". Anyone that believes that metadata is "nothing" (or down plays it's significance) is either repeating propaganda or extremely ignorant. You will find few friends here repeating propaganda or making uneducated claims. You can't play down what it is, when we have studied what this data contains and can be used for. We also see the cases of IRS targeting certain groups which warrants a full open inspection of the system.

I get it, it's hard to believe your own government has become corrupt. The truth is that we have become very corrupt, and until we have open investigations and trials we won't know the extent of corruption. The days of arguing for the innocence of America are long gone (The Gulf of Tonkin is a bitch for that delusion, and just the first of many). The arguments we should be pushing today are how we fix the corruption, and how we open offices for inspection, and how we put criminals that have held (and perhaps are holding) public offices on trial.

Re:since when is the FBI a spy agency?

[steelfood]

Since Hoover.

Tomorrow's News

[Talderas]

Security expert Bruce Schneier was found dead in his home. The cause of death is unknown but police are investigating possible foul play.

Re:Tomorrow's News

[TheCarp]

bb dayorder doubleplusungood refs unpersons rewrite fullwise

Re:Tomorrow's News

[XxtraLarGe]

Security expert Bruce Schneier was found dead in his home. The cause of death is unknown but police are investigating possible foul play.

The cause of death has been revealed. Schneier died from a single gunshot wound to the back of the head. Investigators have ruled his death a suicide.

Giving the FBI NSA's duties is a BAD idea.

[gurps_npc]

It would encourage the use of espionage/security methods in criminal cases.

That is, I think it would be more likely to corrupt the FBI than to clean up the NSA's investigation of Americans.

The real problem is priorities more than anything else.

The events of September 11th panicked us Americans, and we decided to overspend and over-allow security.

We need to realize that the number of terrorism related attacks are relatively SMALL and to cut funding for all things that invade our privacy - starting with the TSA.

When you limit their funds, they spend their money wisely on clear and present dangers.

When you give them unlimited funding, as we have been doing, they spend it on any wild-ass crazy possibility, which means they investigate people and cases that are clearly and obviously not terrorism related.

Re:Giving the FBI NSA's duties is a BAD idea.

[gurps_npc]

You are engagned in wishfull thinking. We have had just about as many attacks in the 2000's and 2010's as in the 80's and 90's. In particular US embass's have been under multiple terrorist attacks in 20001 - Nairobi, Ben Gahzi, etc. Not to mention the Boston Massacre, shoe bomber, the attack on the Sikh Temple, and the multiple ricin letter attacks - all against civilians for political purposes.

Worse, you have a twisted idea of what a terrorist attack is. USS Cole bombing was not a terrorist attack. It was an act of war. If a country (Sundanese Government officially liable for the attack, as per US judge) attacks a soldier, that is an act of war. If you attack civilians for political purposes, that is an act of terrorism. It doesn't matter if you use a bomb - or if you use a suicide attack. Soldiers are armed and are supposed to be capable of defending themselves (assuming some idiot did not give stupid rules of engagement). Civilians are usually unarmed and usually not capable of defending themselves - which is why attacking civilians is a far worse thing (i.e. a crime called terrorism) than attacking soldiers - which is a bad thing, but only an act of war, not of terrorism.

Maybe you missed the memo

FBI dropped "law enforcement" as one of their primary duties not long ago. They consider themselves a national security organ now:

http://thecable.foreignpolicy.com/posts/2014/01/05/fbi_drops_law_enforcement_as_primary_mission

Re:Maybe you missed the memo

[cold+fjord]

They added it back.

Author doesn't understand the NSA

[JohnnyComeLately]

This is akin to a guy who has flown on an aircraft thinking he knows how to run an airline. "The NSA should hand off to the FBI spying on Americans." They do. NSA does not investigate domestic nor Americans unless specifically given a court order to do so (which is less than 60 Americans in the entire US as of December 2013). If the NSA stumbles upon metadata that links an American, or domestic entity tied to overseas terrorism (which is what they're lookin for), they hand off the metadata (phone number called, date/time stamp of call) and say to the FBI, "Whoever this is, is talking to terrorists overseas." Then the FBI runs with it.

CyberCommand, a command I'm very familiar with as prior-Air Force, doesn't have a reason to take over what the NSA does. The author of this article really doesn't know what he's talking about.

Re:Author doesn't understand the NSA

[Electricity+Likes+Me]

What are you even saying? The whole thing about parallel construction is not that evidence is invented. It's that if you actually committed a crime, then a lot of other evidence which can be reasonably discovered probably exists and its easy to find it - i.e. "this guy probably killed someone and buried him in the woods along the highway, we know from an inadmissable wiretap" - but that means there's still actually a body, and once discovered that is admissable evidence.

You can't be prosecuted from inadmissable evidence, but hohoho, you're also not as good at crime as you think. The alternative to completely eliminating parallel construction and surveillance exchange is a situation where NSA analysts happen across evidence of a crime (like the above example) and then can notify no one at all. Is that really an improvement?

Re:Author doesn't understand the NSA

[JohnnyComeLately]

What initiates the process is your act of calling internationally, and correllating to a known or suspected threat. 99.999% of us will never "accidentally" call anyone the NSA is interested in. Have you made a call and accidentally gotten the German president? Also, there are literally millions of calls. The only thing that gets an analyst looking at your specific call is multiple calls. You'd have to call President Joachim Gauck quite a few times in my ficiticous scenario. The very same thing would happen with the DEA if you called a drug dealer the next street over. "Roving wiretaps," is the term for what would catch you. "Opps, wrong number" and you're not very likely to get a surprise visit at home. Call 5-10 times asking, "for the suff," and you might come home to guests.

Also, in this specific case I believe you're trying to make, the NSA surveillence tip isn't admissible in court. If you've read an intel document, a large number state at the very beginning in no uncertain terms, "This information is not to be used in a court of law or for any judicial purposes." (I'm paraphrasing). It's on the FBI to investigate, find probable cause, get a prosecutor to agree, find a judge to agree, and then charge you. Whether it's the NSA seeing your metadata linking your phone call to a Taliban bomb-making expert in Syria, or a NYPD officer seeing, as he performs a walking patrol, large tubs of liquid in your car's backseat, leading to multiple triggers and a remote receiver, while parked at a shopping mall during Christmas season, is there really a difference? No. Before you say, "Well my car is in a public place," remember your international call crosses the same legal threshold. If you absolutely want to be unspied upon while calling your TB bombmaker by the NSA, then fly him stateside so it's a domestic phone call. This assumes the guy isn't already on a no-fly and being monitored, so good luck. Back on point, governments watch other governments. Part of this is agencies with specific missions.

The NSA is in charge of monitoring overseas communications. They are within the Legislative Branch's oversight and follow federal laws on what they can look for, how they look, etc. If you don't want to know what threats are overseas, then write your Senator and Representatives. As you draft that email, keep in mind thousands were saved during WWII by the fact we broke German encyption. 9/11 was missed because there was no system at the time to catch the two Al Quida operatives in San Diego who were calling their AQ handler overseas, and there was no process for the NSA to tip the FBI that there's two phone numbers in the US who are calling a known bomb maker overseas. If you think it's bad to catch this, mail the letter (or hit "Send" on the E-mail, "Submit" on the website submission).

Inconceivable

[TheCarp]

> That is, I think it would be more likely to corrupt the FBI than to clean up the NSA's investigation of
> Americans.

Corrupt the FBI? The FBI are as incorruptible as the proverbial satan. We are talking about the people who have so precious little to really do that they go around creating criminals to arrest. These are the people who go after little shit online troublemakers and find mentally unstable people who they can shove a bomb in the hands of.

Corrupt them?

Re:Oh, Hell Yes!

[i+kan+reed]

Well, let's elaborate, shall we. I think the number of possible satisfactory solutions to the NSA problem are infinite. This plan, like every other one that would work all fall on unshakable premise. Congress needs to pass legislation removing previously granted powers(then do something else, apparently, to mollify those who are actually scared of terrorists, in this case move those powers to law enforcement).

This one premise, though, has shown zero chance of happening. Those in congress critical of the NSA's behavior mostly seem interested in using it as an attack chip for the republican party in the next couple elections, and so leaving the power in the executive plays to their needs. The executive, for their part, have either bought, or are willing to attempt to sell, the pragmatism line, and the laws passed by congress say it's legal, so they don't see a need to change anything by fiat.

Re:Oh, Hell Yes!

[Hentai]

> This one premise, though, has shown zero chance of happening. Those in congress critical of the NSA's behavior mostly seem interested in using it as an attack chip for the republican party in the next couple elections, and so leaving the power in the executive plays to their needs.

I would support Beta 100% if they gave me the ability to moderate posts "+1 Depressing".

Oh, Hell NO!

DO NOT break up the NSA. Do away with it and replace it with nothing. The CIA too.

For those of you treasonous traitors that like to yell "national security" to cover up for your crimes, consider this: Before the CIA and NSA were founded, the US was 8-0 in war. Since those organizations were founded, the US is 0-5 in war.

You treasonous traitors that like the NSA and CIA (I'm looking at you cold fjord) are the national security risks.

Re:any notion of justice is based entirely on merc

[Immerman]

Not really. Modern justice is one of those concepts that came about as a way to stop the cycles of violence fed by vigilante justice. As such it needs to be violent and ugly enough to sate the victim's desire for revenge well enough that they don't feel the need to take things into their own hands. At the extreme, why do you suppose executions are so brutal? We know perfectly well how to kill people completely painlessly - a gas chamber filled with pure nitrogen will knock somebody unconscious in under a minute, usually without them ever noticing anything is wrong (we're not wired to detect oxygen deprivation), and they'll be dead a few minutes later. But somebody dieing peacefully in their sleep doesn't provide any catharsis for the victims. So we use techniques that induce plenty of twitching and whimpering to sate our bloodthirsty consciences.

NSA Walks a Fine Line

[organgtool]

The NSA does not necessarily want you to be insecure. As a matter of fact, I have downloaded documents from their web site with tips on how to configure my OSes to be more secure (and I don't recall any of the tips requiring me to install any additional software, which definitely would have raised a red flag). It is in the best interest of the NSA that the computers that protect sensitive data in all public and private sectors be secure from outside threats. With that said, it is also in the NSA's interest to be able to access as much data from these same machines as they can possibly gather. Therefore, they walk a tight line where it's best when everyone's security is loose enough that the NSA can get in, but tight enough to keep less sophisticated groups out. Based on systems such as BULLRUN, it seems that the NSA has become more concerned with gaining access for themselves over encouraging tight security.

Re:Oh, Hell Yes!

[interkin3tic]

But think of how awkward it would be when the N runs into S or A at the spy conventions. They'd reminisce about the old times of spying on millions of Americans. They'd probably laugh about some guy on deviantart drawing naked women and crying while masturbating. Then N would be like "So, you guys want to get out of here" and the A would be like "N, look, we can't. S and I have a good thing going, you're just too crazy for us, lets just be friends," and N would be like "Sure yeah, no you're right, it's cool." But it won't be cool. N will finish his drink and then leave, all three of them will feel bad. A and S will go home and start getting intimate, but S won't be able to get it up, thinking about how bad N must feel.

You really want to do that to N, S, and A?

Re:Oh, Hell Yes!

[cold+fjord]

Congress needs to pass legislation removing previously granted powers(then do something else, apparently, to mollify those who are actually scared of terrorists, in this case move those powers to law enforcement).

So to use your terms, Congress needs to pass something to mollify the people scared of NSA?

Mmmm... fun...

[Xaedalus]

I just love the thought of the FSB, Mossad, MI5, and just about every other foreign intelligence network on Earth (and those are merely the legal ones) running rampant throughout our country and society without the CIA to check them. Gosh, that'd be so much fun to just lower our guard and take punches! Oh hey, maybe those other nations would be so friendly towards us once we dismantled our intelligence apparatus that they'd willingly leave us alone! And forswear corporate espionage to boot! Dismantle the NSA, yes. Spread it out amongst the other agencies, yes. But don't disarm us completely. The CIA has screwed up a lot, so has the FBI--but they're still good ideas to have in place. We as a society have to reassume the responsibility, and the maturity of overseeing the operations of those two agencies on an appropriate basis.

Re:Mmmm... fun...

[RabidReindeer]

I just love the thought of the FSB, Mossad, MI5, and just about every other foreign intelligence network on Earth (and those are merely the legal ones) running rampant throughout our country and society without the CIA to check them. Gosh, that'd be so much fun to just lower our guard and take punches! Oh hey, maybe those other nations would be so friendly towards us once we dismantled our intelligence apparatus that they'd willingly leave us alone! And forswear corporate espionage to boot!
Dismantle the NSA, yes. Spread it out amongst the other agencies, yes. But don't disarm us completely. The CIA has screwed up a lot, so has the FBI--but they're still good ideas to have in place. We as a society have to reassume the responsibility, and the maturity of overseeing the operations of those two agencies on an appropriate basis.

Er, you do realize that when foreign adversaries run rampant through our country and our society, that the federal agency tasked with dealing with them is the FBI, don't you?

The CIA is supposed to be restricted to doing that job OUTSIDE the USA.

Re:Then who should do the obvious?

[lgw]

None, until and unless the damage from terrorist attacks exceeds the damage from panicked overreaction to terrorist attacks.