Reforming the NSA

Leaks from the whistleblower Edward Snowden have catapulted the NSA into newspaper headlines and demonstrated that it has become one of the most powerful government agencies in the country. From the secret court rulings that allow it to collect data on all Americans to its systematic subversion of the entire Internet as a surveillance platform, the NSA has amassed an enormous amount of power.

There are two basic schools of thought about how this came to pass. The first focuses on the agency's power. Like J. Edgar Hoover, NSA Director Keith Alexander has become so powerful as to be above the law. He is able to get away with what he does because neither political party -- and nowhere near enough individual lawmakers -- dare cross him. Longtime NSA watcher James Bamford recently quoted a CIA official: "We jokingly referred to him as Emperor Alexander -- with good cause, because whatever Keith wants, Keith gets."

Possibly the best evidence for this position is how well Alexander has weathered the Snowden leaks. The NSA's most intimate secrets are front-page headlines, week after week. Morale at the agency is in shambles. Revelation after revelation has demonstrated that Alexander has exceeded his authority, deceived Congress, and possibly broken the law. Tens of thousands of additional top-secret documents are still waiting to come. Alexander has admitted that he still doesn't know what Snowden took with him and wouldn't have known about the leak at all had Snowden not gone public. He has no idea who else might have stolen secrets before Snowden, or who such insiders might have provided them to. Alexander had no contingency plans in place to deal with this sort of security breach, and even now -- four months after Snowden fled the country -- still has no coherent response to all this.

For an organization that prides itself on secrecy and security, this is what failure looks like. It is a testament to Alexander's power that he still has a job.

The second school of thought is that it's the administration's fault -- not just the present one, but the most recent several. According to this theory, the NSA is simply doing its job. If there's a problem with the NSA's actions, it's because the rules it's operating under are bad. Like the military, the NSA is merely an instrument of national policy. Blaming the NSA for creating a surveillance state is comparable to blaming the US military for the conduct of the Iraq war. Alexander is performing the mission given to him as best he can, under the rules he has been given, with the sort of zeal you'd expect from someone promoted into that position. And the NSA's power predated his directorship.

Former NSA Director Michael Hayden exemplifies this in a quote from late July: "Give me the box you will allow me to operate in. I'm going to play to the very edges of that box."

This doesn't necessarily mean the administration is deliberately giving the NSA too big a box. More likely, it's simply that the laws aren't keeping pace with technology. Every year, technology gives us possibilities that our laws simply don't cover clearly. And whenever there's a gray area, the NSA interprets whatever law there is to give them the most expansive authority. They simply run rings around the secret court that rules on these things. My guess is that while they have clearly broken the spirit of the law, it'll be harder to demonstrate that they broke the letter of the law.

In football terms, the first school of thought says the NSA is out of bounds. The second says the field is too big. I believe that both perspectives have some truth to them, and that the real problem comes from their combination.

Regardless of how we got here, the NSA can't reform itself. Change cannot come from within; it has to come from above. It's the job of government: of Congress, of the courts, and of the president. These are the people who have the ability to investigate how things became so bad, rein in the rogue agency, and establish new systems of transparency, oversight, and accountability.

Any solution we devise will make the NSA less efficient at its eavesdropping job. That's a trade-off we should be willing to make, just as we accept reduced police efficiency caused by requiring warrants for searches and warning suspects that they have the right to an attorney before answering police questions. We do this because we realize that a too-powerful police force is itself a danger, and we need to balance our need for public safety with our aversion of a police state.

The same reasoning needs to apply to the NSA. We want it to eavesdrop on our enemies, but it needs to do so in a way that doesn't trample on the constitutional rights of Americans, or fundamentally jeopardize their privacy or security. This means that sometimes the NSA won't get to eavesdrop, just as the protections we put in place to restrain police sometimes result in a criminal getting away. This is a trade-off we need to make willingly and openly, because overall we are safer that way.

Once we do this, there needs to be a cultural change within the NSA. Like at the FBI and CIA after past abuses, the NSA needs new leadership committed to changing its culture. And giving up power.

Our society can handle the occasional terrorist act; we're resilient, and -- if we decided to act that way -- indomitable. But a government agency that is above the law... it's hard to see how America and its freedoms can survive that.

This essay previously appeared on TheAtlantic.com, with the unfortunate title of "Zero Sum: Americans Must Sacrifice Some Security to Reform the NSA." After I complained, they changed the title to "The NSA-Reform Paradox: Stop Domestic Spying, Get More Security."

Posted on September 16, 2013 at 6:55 AM • 62 Comments

Comments

Paul RenaultSeptember 16, 2013 7:11 AM

Yeesh! After that first title, you'd wonder if they actually read the piece. Or anything you ever wrote.

name.withheld.for.obvious.reasonsSeptember 16, 2013 7:27 AM

@Bruce Schneier

You said;


My guess is that while they have clearly broken the spirit of the law, it'll be harder to demonstrate that they broke the letter of the law.

Understanding ( or based on) that the FISA court 2011 opinion stated that the NSA had continuously misrpresented their case (I'd say lying to a judge is serious) and they violated the law. Additionally, you indicated you've seen the classified PPD 20/21 concerned with cyber warfare, what I understand this document sets the role of the NSA as a cyber criminal. At a minimum they suggest that they can violate the computer abuse act of 1984. So I think they HAVE violated the letter of the law.

indeedSeptember 16, 2013 7:34 AM

Maybe the FBI can find some political blackmail like they did the CIA director. That's another out of control agency, just ask Barret Brown.

DEA is also rogue, harassing states that have regulated weed such as forbidding armored cars from picking up medical dispensary cash ensuring violent robberies. They are also all over Mexico interfering in that country's internal affairs by drone spying on the population and assassination.

This is also a worldwide problem, NSA "5 eyes" partnership countries are illegally spying on their own citizens too.

Peter GalbavySeptember 16, 2013 7:36 AM

Surely the "box" you mention and quote about is the US Constitution and it appears on balance that this has been shredded by the NSA. So much for boundaries.

Snarki, child of LokiSeptember 16, 2013 7:40 AM

"...we accept reduced police efficiency caused by requiring warrants for searches and warning suspects that they have the right to an attorney before answering police questions."

Who is that "we" you are referring to? It's gotten more and more clear that a substantial segment of the American public (and the vast majority of ONE POLITICAL PARTY) would prefer a neo-fascist police state, just as long as they feel like the people running that police state look like them.

Those who give up freedom for security; those who ignore the lessons of history, yadda yadda yadda.

The UnderdougSeptember 16, 2013 7:40 AM

"Give me the box you will allow me to operate in. I'm going to play to the very edges of that box."

he omitted three words at the end:

"from the outside."

Old Bull LeeSeptember 16, 2013 7:40 AM

If we would respect the 4th Amendment, we would not need new laws every time technology changes.

PrivateISeptember 16, 2013 7:50 AM

Bruce, I recently listened to the morons at the INSA "sponsored" summitt and made a decision that it is essential that we must teach our voters how to begin getting rid of the ignorance that is running this country. I do not want to get into specifics now, but I would like to talk to you soon about a plan to initiate real change in this country's House of Representatives and Congress. We need people like you to run for office. People with knowledge of the internet and digital technology.
It is time that we demand that oversight committees incorporate security and information technology professionals without political agendas and the media needs to get this point out there that we will no longer tolerate the so-called "intelligence" officers and politicians sitting on these panels trying to Bull**** the American public with their scripts insisting that they really know whats going on and everything the media is saying is untrue, blah blah blah....
I am sure you have probably already heard about the recent INSA summit speakers and their blatant ignorance but if you or anyone else has not, Go and listen to Mr. Rogers and Ruppersberger who think that all their complaining is going to change the minds of all the Americans who are fed up with the Surveillance state.

CorwinSeptember 16, 2013 7:52 AM

Reforming the NSA? Ok.

"Nuke it from orbit, it's the only way to be sure."


There, I fixed it.

John DownSeptember 16, 2013 7:54 AM

Do we understand right that US people are 1-st sort of white people who should not be monitored in any case while all other world is some out of border where everyone should be under very intensive surveillance of nsa because they are already potential danger and no any law which can restrict organizations like nsa?

AlexSeptember 16, 2013 8:02 AM

I would also like to say, that not only Americans should be protected from a surveillance world. We don't stop being human (or having human rights) just because we're not American. Not a single word is being said about that in the US of A. Note that the European Convention on Human Rights & Fundamental Freedoms (and the UN Charter/treaties) applies to everyone, not just 'Europeans'!

HansbertSeptember 16, 2013 8:03 AM

Whenever I'm reading about this whole NSA story something important keeps missing: The global perspective. It's all about how the NSA is violating US laws forbidding them to spy on US citizens. That sure is an important topic, but the NSA is spying on a few billion people abroad, too! And there is no law they have to break in order to do this. There is just secret agencys who have nowhere near the power and expertise to even think of trying to stop them and Governments too afraid of daring to say anything critical towards the US Government.

RaoufSeptember 16, 2013 8:08 AM

Neither the NSA, the current or previous administration nor congress can reform themselves.
The lust for power is a fundamental problem that transcends this country or political system.
The genius of the US political system is that its soundness is based on the vigilance of its citizen.
The damage to this vigilance is really the biggest casualty of 9/11.
We let our guards down because we were afraid.

This is a crucial turning point, if there is reform, it has to start from the real source of power, the citizen who have abdicated theirs.
Would not be an exaggeration to say this is the sharpest crisis the system has ever encountered. If the challenge is not met it will be the end of that system. It is a defining moment as well as a test for the ideals on which this system is founded.

Daniel FackrellSeptember 16, 2013 8:15 AM

Another option:

We (USA) stop making enemies, getting rid of any excuse for having the NSA. This option actively works for many countries around the world, and saves them huge amounts of money.

This may be the most effective thing we could do to improve national security, and since it requires also rethinking the size of the military, would simultaneously be a reasonable first step toward balancing the federal budget.

Mike AckerSeptember 16, 2013 8:17 AM

="we must teach our voters how to begin getting rid of the ignorance that is running this country"

for this you need to turn back the clock.....

"Who Killed Excellence?" by Samuel L. Blumenfeld
"In 1894 John Dewey became professor of philosophy and education at the University of Chicago where he created his famous Laboratory School."

the essay is available from the Hillsdale College Library Archives

ask one of your friends to explain to you the difference between Constitutional Law and public law. this is the beginning of the problem and its roots are in the education system.

dfghdfhSeptember 16, 2013 8:29 AM

Bruce, please leave the infosec industry. You are a disgrace and a complete waste of time.

sparkygsxSeptember 16, 2013 8:51 AM

Even if the NSA would stop spying on US citizens, that still means they invade the privacy of the other 95% of the world population.

I can't help visualising the US government as Cartman (from southpark), a fat bully that starts kicking and screaming when he gets what he deserves.

kingsnakeSeptember 16, 2013 8:51 AM

dfghdfh ... I mean Gen. Ripper ... I mean Gen. Alexander, did you type that from your Captain Kirk chair?

KenSeptember 16, 2013 9:12 AM

RE: "Regardless of how we got here, the NSA can't reform itself. Change cannot come from within; it has to come from above. It's the job of government: of Congress, of the courts, and of the president. These are the people who have the ability to investigate how things became so bad, rein in the rogue agency, and establish new systems of transparency, oversight, and accountability."

NOT QUITE RIGHT -- The public is also accountable for fomenting proper change by informing their elected representatives to take the proper action(s)...while it still is a representative government.

Thinking one part of the government can be corrected by another part(s)--even when noting (elsewhere in the essay) that the government's various parts are all complicit in the situation is self-hypocritical.

Sitting back & just waiting for the government to correct itself -- one allowable interpretation of the above quote -- reflects a certain insidious mindset of the "Nanny State" where so many want the government to be the no noble parent and the people just want to be coddled.

Michael R.September 16, 2013 9:14 AM

The NSA, as a Rogue Agency, should actually be treated as a liar, or an outlier. You told us why we failed to constrain the NSA: There is very little enforcement (lack of accountability); it's profitable, and within the NSA everybody is doing it whilst from the outside you can't look into the NSA. So no transparency.

Societal pressures (in this case: oversight) need to be in place.

Actually, this would be a great example for the next edition of your book!

Joseph RatliffSeptember 16, 2013 9:15 AM

After everything I've read, it seems the only scenario will be to dissolve the NSA and start over.

(we might have to stop funding the current NSA, and at the same time create the agency that will carry forward)

Kevin an AuditorSeptember 16, 2013 9:18 AM

@ Alex and other non-US Persons;

I certainly understand your concerns, but need to elaborate as to why the focus is so often on Americans being spied upon by their own government.

Firstly; the US Government has limited ability to deprive foreigners of their rights (to have them imprisoned, fined, or executed). Although the CIA has kidnapped some overseas, a review of a few examples shows that it is costly in resources and very pricey in international reputation. https://en.wikipedia.org/wiki/Imam_Rapito
Drone strikes happen in the absence of effective government.

Secondly, the activities of the NSA are (or seem to be) in direct conflict with the supreme law of the US, its constitution: "The right of the people to secure in their persons, houses, papers and effects..." _ "and no warrant shall issue but upon probable cause.." _"particularly describing the persons or things to be seized"
https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

The effort of Americans to stop this can only start with our own government, with a demand that they comply with US law. I am unaware of, and unable to locate, any international law that addresses the issue at hand. First things first. An international protection of some sort might be part of remedial legislation.

Finally, if your own government is not up to their ears in this, I would wager they either wish they were or are running their own program (albeit less effective). I believe it is in the nature of power and politics.

Sorry for the long post, I hope it helps you understand, even if it isn't very encouraging.

Peter KnoppersSeptember 16, 2013 9:25 AM

I find it amazing that even Bruce's writing seems to imply (casually) that eavesdropping on non-Americans is fine; even if most of them are non-terrorists.

R2September 16, 2013 9:25 AM

"Gen. Alexander, did you type that from your Captain Kirk chair?"

Actually, he has a Captain Picard chair, not a Captain Kirk chair.

The General realized that if he made his "Information Dominance Center" look like the bridge of the Enterprise from Star Trek: The Next Generation, and let Congresscritters come over to "play Picard," that they'd be so excited that they'd greenlight his plan for spying on everything and everyone.

Bruce SchneierSeptember 16, 2013 9:27 AM

"Yeesh! After that first title, you'd wonder if they actually read the piece. Or anything you ever wrote."

I know. It was bad.

Bruce SchneierSeptember 16, 2013 9:29 AM

"After everything I've read, it seems the only scenario will be to dissolve the NSA and start over."

I don't believe that is ever going to happen.

Bruce SchneierSeptember 16, 2013 9:31 AM

"I find it amazing that even Bruce's writing seems to imply (casually) that eavesdropping on non-Americans is fine; even if most of them are non-terrorists."

I don't mean to. But I am largely writing for U.S. publications and a U.S. audience, so I stress the U.S. laws. That it is legally open season on non-Americans is a separate issue, and one larger than the NSA.

Some_Guy_In_A_DinerSeptember 16, 2013 9:54 AM

Defund, deauthorize, and disband.

Defunding is the fastest way to stop these illegal actions that affects most people.

Deauthorizing will make it completely clear that any spying on Americans and other innocent people is absolutely illegal. They can have no cover.

Disbanding is critical and it has be to a complete tear down. You can't let this guy sit behind their desks and keep their clearance. If you let these guys hang around they will only make trouble some time in the future. They have to walk out powerless.

Then after all this is done perhaps the courts can get these rouge government employees in jail where they belong.

This all need to be done yesterday.

CRSeptember 16, 2013 9:55 AM

@Bruce
This doesn't necessarily mean the administration is deliberately giving the NSA too big a box. More likely, it's simply that the laws aren't keeping pace with technology.

Actually they need the information for some stuff they are planning to do. So some of the involved partes are deliberate seeking to get all the possible capabilities (i.e. from the point of view of some participants this is not an accident).

Brenda J. ButlerSeptember 16, 2013 10:32 AM

The best way to reform the NSA is to cut their budget to 10% of what it was (or some similar low percentage), and keep their mandate the same. It will force them to prioritize and they will stop collecting everything "because they can". The gov't can use that money to reduce the deficit, pay for obamacare, whatever is useful for society. Fund more basic research and make the results public (not behind a prohibitive paywall), as opposed to allowing corporations do the research in their own interest and keep the results private. Perhaps basic research in security even. Maybe hire some technology hot-shots as court experts, to defend against lobbying by organizations like the NSA.

Also they should turn over 90% of their compute facilities to organizations that can use them fruitfully - medical research, say? NASA? renewable energy?

Americans need to lobby their senators and representatives to make this happen.

I read some other comments above that advocate dismantling the NSA and starting over. That is not incompatible with this suggestion.

winterSeptember 16, 2013 10:32 AM

In other news: Belgacom, the partly state owned Belgium telecom operator has declared that the NSA has hacked its international networks with and installed hithero unknown malware.


Belgium houses the headquarters of Nato. So the NSA attacks Nato "allies" and subverts their telecom infrastructure.

voidSeptember 16, 2013 10:44 AM

You forgot one thing. Have you ever thought of the rest of the world, that is pretty p***** o* by the way 'their partners' treat them? I think to have a nearly realistic estimate of the financial damage done, the Americans have to start to understand that they are not alone on this planet - nor are they 'in command' of their partner. I really think that the U.S.A. has an ego problem and that the rest of the world tries to figure out if it is just a bunch of ignorants or simply impertinent in a stupid way. Sorry, but you guys have to get working to change the way your government appears in the world - or one day you will be alone.

HansbertSeptember 16, 2013 10:51 AM

@Bruce

"That it is legally open season on non-Americans is a separate issue, and one larger than the NSA..."
and thus should be adressed with equal importance. At least from the view of your foreign followers which I assume/hope should make up half of your audience. Let me point this out more clearly: Criticizing the NSA for spying on US citizens and the US Government for allowing the NSA to do so implies spying on Non-Americans is ok. I know you don't mean it like that, but everywhere I read about it I get the same feeling. I'm afraid whatever movement or debate originating from all these revelations will stop once the NSA stops to spy on Americans and thus doesn't solve the underlying problem at all.

BTW it's not much larger than the NSA. Sure, there is Great Britain and China as well as Russia, but my guess would be that more than 50% of wordwide surveillance is carried out by the US.

@Kevin the Editor:

Concerning your first point about the US Government's ability to deprive foreigners: Any other country's power to deprive foreigners is considerably more limited than the USA's. I consider this argument absolutelly invalid.

Concerning your second point: There are laws. I don't need to explain how the NSA finds its way to "legally break" them. Not much can be done about this, as it is obviously ok under US law to read my mails as I'm a foreigner. That doesn't make it right.

I do understand that you have to deal with your own people first, but that should only be the very first step done by lawyers and politicians. Security experts and computer scientists should not stop on national borders, just like the US companies making up 95% of the internet don't stop on national borders.

CRSeptember 16, 2013 11:04 AM

Bruce, a question for you:
Were you able to review all of the Snowden documents, or just some of them? Do you know approximately how large a percentage of the documents you had access to?

I am curious about the secret partnership that Germany and other countries have with NSA. This has sometimes been alluded to but the official German reaction has been more that of a shock.

Well, at least from some people like Merkel...but then again she does not fully know what is going on anyway, and has a need to look outraged when the public seems outraged.

By the way the entire spying operation is likely more complex (involving more countries) that has so far been detailed. There is a joint process to profile the residents of all the participant (Western) countries.

Nick PSeptember 16, 2013 11:07 AM

Excellent essay. And I appreciate your including my rather controversial position in there. ;) That Hayden quote was nice too. I suggest one change for it:

Goals, not Laws

There's some truth that laws don't keep up with the times. However, that is NOT what's driving NSA activity. They're an exception. I noted in my posts that they were given GOALS (i.e. requirements) that required certain capabilities and activities. They've been kind of above the law so I'm not sure how much they even think about it. ;) Their goals, though, are a prime driving force behind everything they're doing.

So, their goals/requirements must be modified to help remove the motivation for them to do what their doing. The laws should be updated. And, due to apparent corruption you mentioned, there will be a political power battle too. All of these angles must be addressed.

vas pupSeptember 16, 2013 11:28 AM

@Some_guy:
"Disbanding is critical and it has be to a complete tear down. You can't let this guy sit behind their desks and keep their clearance. If you let these guys hang around they will only make trouble some time in the future. They have to walk out powerless."
Sorry, but that suggestion is counterproductive:
(1) Those guys in NSA (their brain power, expertise and knowledge) are very important asset. They do not establish policy, they follow it.
It is like blaming any technology for bad application. Those guys should never ever be treated as 'used condoms'.
(2) If you kick those guys out they will easily find job in private sector (hopefully company is not owned by foreign investor - China, Russsia, etc. and following laws - not drug cartel).

I just want you and other respected bloggers watch 'Burn Notice'. Yes, it is movie, but very informative to both reasons above.

Time and again, smart people are the most valuable asset of any organization/Agency (private or government).
Until fuction (spying) exists, people to do that required. People with expertise AND loyalty.


martin CTSeptember 16, 2013 11:57 AM

There is a parallel web the banking / financial industry. The spy industry is so advanced and the technology advances so quickly that it is impossible for lowly govt regulators to understand, much less regulate what is going on. The legislature and the Constitution can't adapt fast enough.

Surveillance now is like nuclear weapons in ww2 - so"technically sweet" that it may happen whatever we may want.

Or. am I too pessimistic?

GeorgeSeptember 16, 2013 11:59 AM

Start by reforming the TSA, whose ineptitude and arrogance are clearly visible to the public. That's the first step toward earning the credibility the entire Homeland Security establishment completely lacks.

Mike BSeptember 16, 2013 12:21 PM

Everybody here sounds like the privacy equivalent of the "no nukes" protesters of the 70's and 80's. Yes technology is the game changer, but the NSA is the on responding to the technological change that has allowed both explosive growth in the amount and types of communication as well as the methods used to secure it. 20 years ago everyone was sending data in plain text and the NSA et al didn't need sneaky technological means to read everything. Today there's SSL and Tor so the intelligence community needs to up its game to maintain the status quo.

Furthermore this isn't some fight against guys in caves. The US needs to maintain its top flight cyber capabilities because other countries use the same techniques against us. This isn't about stopping the next suicide bomber, but about stopping China or Russia from turning off the power.

Hobbling Team USA won't free the internet, it will simply hand the keys over to the other guys. Every country with any sort of international ambition does the same thing. Our elected officials support the current state of affairs because most of them know we live in the real world and not some libertarian fantasy land.

HermanSeptember 16, 2013 12:23 PM

Since I am one of the unfortunate billions in the rest of the world being spied on with impunity, I think we should cut the cables with the USA. We neither need them, nor would we miss their war mongering, rap music and bad movies...

MadisSeptember 16, 2013 12:25 PM

" We want it to eavesdrop on our enemies"
Even you Bruce comfortably overlook the fact that it is not the "enemies" US is ok to eavesdrop, but anybody non-American".
I've been monitoring in wonder how Americans discuss with straight face that there is no problem, shame or issue monitoring your allies, friends, just anybody not you..

ThomasSeptember 16, 2013 12:48 PM

re: spying on US vs non-US citizens.

One thing that has always confused be about this is; how do you identify the nationality of a packet?

If there something akin to RFC 3514 that lets you know which packets you can spy on?

AntonioSeptember 16, 2013 1:21 PM

@Thomas:


re: spying on US vs non-US citizens.

One thing that has always confused be about this is; how do you identify the nationality of a packet?

If there something akin to RFC 3514 that lets you know which packets you can spy on?

Exactly, and are these packets then automatically updated when e.g. a "green card holder" (with lets says Dutch citizenship) goes through the nationalization process and becomes a US Citizen?

And how do they deal with people that have multiple citizenships? Since around year 2000 it was possible to e.g. retain your citizenship in many EU countries whilst going through the nationalization process to become a US citizen.

Most likely they do not know what citizenship the target has, and most likely they do not really care (they only "care" so they can legally claim to put forth a "good faith effort" to avoid spying on US citizens).

But then again a lot of the spying is done in UK and they do not have any laws saying that it is illegal to spy on Americans. Just like with US+Germany and US+Israel data is collected and thereafter shared.

JeffHSeptember 16, 2013 2:07 PM

@Mike B "Everybody here sounds like the privacy equivalent of the "no nukes" protesters of the 70's and 80's."
You mean those weapons that neither side ever used because it'd cause untold chaos & destruction, and you'd have to be certifiable to do so? Hard to make that link considering the US has pre-emptively attacked using cyber weapons, so 'you started it' as they say.

I'm not quite sure how you're managing to conflate maintaining a 'top flight' cyber arsenal with spying on everyone and weakening the very same crypto that US companies like Google use.

"Today there's SSL and Tor so the intelligence community needs to up its game to maintain the status quo."

I'm sorry; who is the enemy here again? With the exception of a few criminals that the FBI etc. seem quite capable of catching by conventional means, the targets seem to be... whistleblowers, journalists, free speech activists in China, oh yeah and billions of innocent people going about their daily online business. Nope.. not seeing a target there that justifies anything like weakening worldwide crypto to the detriment of all.

"This isn't about stopping the next suicide bomber, but about stopping China or Russia from turning off the power."

I have a simple fix for you here. Don't put your nuclear power plant on the Internet. How is this even remotely related to Tor, SSL, or crypto more generally? If China wanted to attack US infrastructure, they'd do it the same way as the US (allegedly) attacked Iran, via some thumb drive.

Your defense of these policies appears to consist of pulling together all the big bads and alleging it's all the same giant plot against the US so it must be ok. It's not and it isn't. Classic scaremongering as an excuse to do anything you like.

GweihirSeptember 16, 2013 2:09 PM

Laws are insufficient. In fact, laws are one of humanities less-bright ideas, as they basically no not work for important issues. For example, the 3rd Reich was established quite legally. Establishing a surveillance state, a police state or a totalitarian regime legally is not that hard, you just have to change the laws over time and get the right people into the positions where the law gets interpreted and there you are.

The question really is one of ethics. And for the NSA we can now say that they have no ethics and even have lost the sense of self-preservation to a degree that can only be called nihilistic. Their only purpose seems to be to increase their own power.

Personally, I am with "kill them while it is still possible".

kingsnakeSeptember 16, 2013 3:29 PM

Re, Navy Yard shooting.

So, what did Gen. Ripper ... I mean Gen. Alexander's ... Death Star buy us today? Diddly squat.

unimportantSeptember 16, 2013 5:35 PM

My little non-tech suggestions against NSA/system/matrix snoopery (= application of the data economy principle): Prefer a flat rate tax over an individalized tax, at least up to a certain threshold. Prefer a toll collect (or fee collect) system with non-individualized tokens. A token must only provide the information that the toll (or fee) has been payed and not that individual A was located in B at time C. Make the second use of the past 9/11 security laws public. Promote paying with cash.

kiwanoSeptember 16, 2013 5:57 PM

Another angle on this NSA problem that recently crossed my mind is that an agency that can't keep a whistleblower from running off with the secret documents describing its surveillance apparatus is something of a vulnerable target for infiltration, blackmail of its agents, etc.

Given the scale of its surveillance apparatus, it's also an extremely high-value target. I mean just imagine the sort of funds and political concessions you could extort based on the information in the described databases. It's an enormous national security liability, and I don't think there's an organization on Earth with the resources necessary to defend it.

Dirk PraetSeptember 16, 2013 7:09 PM

I don't think the problem lies just with General Alexander and/or the inability of current and previous administrations to keep up with technology. Over the last decade, Congress has shown itself to be at times extremely fast in adopting legislation in the name of terrorism, even though most representatives - as it turns out now - didn't have a clue what they had really voted for. I don't see any reason why it wouldn't be the same on technological issues given the right bait.

Although Alexander bashing has become a bit of a popular pastime recently, you only have to look at his resume to see that this man is by no means an idiot. Personally, I'd like to think of him as a contemporary version of Darth Vader, a man on a mission he truely believes in, very much in touch with his inner geek, and simply doing his master's bidding, being very creative with the powers he has been entrusted with.

Technically, he receives these from all three branches of government, but which in my opinion have allowed themselves to be subverted and owned by a powerful military-industrial complex of corporations, lobbies and other special interest groups that somehow managed to impose their own agendas after 9/11 and the financial crisis. This is exactly what President Eisenhower warned for in 1961.

Unless a majority in Congress can be found to curtail the NSA's current activities by meaningful legislation based on constitutional compliance, transparancy and accountability, I doubt we're ever going to see more than purely cosmetic changes with even greater secrecy. This will not only require sustained pressure from an informed electorate, but even more importantly the forced break-up of politics and big business which today in the US are way too intertwined. And that, I'm afraid, is not going to be easy.

HaukeSeptember 16, 2013 8:52 PM

If he really is an Alexander he should arrange mass marriages between his agents and Iranian persons. That could lead to peace between west and east.

Prinz Wilhelm Gotha-Saxe-CobergSeptember 16, 2013 11:34 PM

@winter

Having just looked at the NATO treaty, and remembering that the US itself has defined "cyberwar" as "war", and so

Article 4
The Parties will consult together whenever, in the opinion of any of them, the territorial integrity, political independence or security of any of the Parties is threatened.

and
Article 5
The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all and consequently they agree that, if such an armed attack occurs, each of them, in exercise of the right of individual or collective self-defence recognised by Article 51 of the Charter of the United Nations, will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area.

Where's the consultation?

Belgacom, the partly state owned Belgium telecom operator has declared that the NSA has hacked its international networks with and installed hithero unknown malware.

It looks like the US has just dissolved the NATO alliance.

Wesley ParishSeptember 16, 2013 11:52 PM

@kiwano

What took you? That was the second thing to cross my mind.The first was, thank DEITY_PLACEHOLDER that he's honest and courageous.

Of course if he can walk away with all that information with the NSA knowing diddlysquat about it, then he can't have been the first guy to do it.

And yes, with all that information about everybody - Americans and everybody else - stacked up, the foreign "Intelligence" Agency that invests and reduces the NSA, is going to find itself with the keys to the US (and Five Eyes')economy in their hands. The NSA have been setting up this huge repository of economic knowledge, in the full knowledge that they could be compromised, and doing that with the full knowledge of the possibility of compromise, fits the US Constitution's definition of Treason by providing such aid and comfort to such enemies (not competitors) as may exist.

But bacon's not the only thing
That's cured by hanging on a string

StuckInThe60sSeptember 17, 2013 9:14 PM

What about civil disobedience?
Imagine if people started taking photographs of any vehicles (on a public street) that turn into an NSA facility. If questioned, the breezy response could be, "If you quit collecting my metadata, then I'll quit collecting yours."
Please note that I'm not advocating any such thing. I'm just pointing out an asymmetric counterattack, and yes, I live near an NSA facility.

NathanaelSeptember 19, 2013 12:34 PM

Mr. Schneier:

Forget "reforming the NSA".

The institution is rotten. It needs to be liquidated.

We can start a new "signals intelligence agency" but it has to be staffed completely with fresh people.

It's like Kellogg Brown Root. It remained rotten. No company which merged with it or bought it could fix it. It still needs to be shut down and liquidated.

The NSA has developed a criminal culture. The only way to stop this is to liquidate it. Fire everyone and (after criminal investigations) destroy everything they did. Start fresh.

NathanaelSeptember 19, 2013 12:35 PM

I also appreciate kiwano's point: The NSA is an enormous national security liability. It's a threat to the security of everything in the US. It is dangerous.

NathanaelSeptember 19, 2013 12:39 PM

"Bruce Schneier • September 16, 2013 9:29 AM

"After everything I've read, it seems the only scenario will be to dissolve the NSA and start over."

I don't believe that is ever going to happen."

We can make it happen. The only thing preventing it is premature declarations of futility from people like you!

We live in revolutionary times. Many people haven't noticed this yet. The government has squandered all pretense of legitimacy and is busily throwing away all pretense of competence. *Such governments are overthrown*, whether we like it or not. Even the Roman Empire fell. The US government, with its huge, unwieldly military bureaucracies seems unassailable -- in fact it is fragile and likely to spontaneously collapse at any time. And when the different factions within the government start fighting -- as they will we can have the NSA eliminated totally. For the simplest example, I'm quite sure that a single military division could wipe it out, and *they have reasons to hate the NSA too*.

Yeah, I know, this is all taboo talk. But people have to start being realistic.

The UnknownSeptember 19, 2013 6:44 PM

Debating the proper role and scope of the NSA is unimportant unless one has the power to change the NSA. Right now nobody has that power, not even the US Congress or the President. Emperor Alexander (what a fitting name!) is now in charge of the innermost secret police agency. He has the power to blackmail anyone into doing his will because he can get at everyone's dirty secrets (and can manufacture some if necessary.) That makes him Sovereign, accountable to God (or Nature) and nobody else. No amount of whining or protests will change that.

Bruce has challenged the Sovereign in the name of various manifestly defunct concepts (freedom, trust, law, privacy, etc.) This can end one of two ways: 1. Bruce dies in jail at the hands of the Sovereign. 2. Bruce deposes the Sovereign.

As the Man of Steel once said, "Everyone imposes his own system as far as his army can reach." The NSA's army is now quite visible and well funded. Where is Bruce's army?

Michael MoserSeptember 19, 2013 10:46 PM

I think it is an unlucky combination of factors:

- Each law enforcing agency is always grabbing as much power as it can get;

- the patriot act gave them the license to do expand the box

- the technology makes it possible; digital trail that everybody is leaving is very significant, so somebody will always try to grab it, be it corporations or the state. Nature does not tolerate a vacuum of power.

Sen. Ron Wyden says: "It used to be that the limits on technologies were to a great extent a form of protection for the American people. A lot of that seems to be going to the wind."

http://www.rollingstone.com/politics/news/q-a-senator-ron-wyden-on-nsa-surveillance-and-government-transparency-20130815?page=3

- nanny state is much about extending command and control over its subjects. I think that Eric Schmidt is unfortunately right here: 'surveillance ... is the nature of our society'
http://www.theguardian.com/world/2013/sep/13/eric-schmidt-go...

- power is addicting / secret power must be very addicting.

I don't know how you want to put the genie back into the bottle, part of the equation is that society would have to change here; just seems to be an impossible problem to solve.

Michael MoserSeptember 20, 2013 11:30 AM

Interesting observation regarding Emperor Alexander and his personal power;

On the one hand the top brass is remarkably sticky - Robert Gates was appointed by Bush and Obama took him over; On the other hand we will never know why they really sacked Petraeus; I think it is not very convincing that they sacked him because of an affair, there seems to be some interesting power struggles going on in these higher spheres.

Also I don't know if Emperor Alexander can develop a personal power basis as strong as that of Edgar Hoover, Alexander does not have an army of secret policeman that are there on the spot to exert influence.

PhocksSeptember 22, 2013 7:49 AM

Just a sidelight to all those complaining that the debate is ignoring the spying the US does on non-US assets: The fact is, both in law and practice, sovereign nations have neither a legal or moral duty to respect the privacy or rights of non-citizens outside their borders, unless specifically required by treaty. In fact, historically speaking, one of the main de facto duties of sovereign states, from at least Roman times, is to defend their own citizens' rights and property from despoilation by foreign states. Spying on 'friendly' states has been an acceptable, if not 'gentlemanly' practice for literally thousands of years.

While in the post-WW2 West their seems to be little reason to spy on fellow Western powers and their citizens, it's not entirely absent - if you think the UK doesn't spy on IRA links in the US and Europe you're sadly mistaken, and Spain would be negligent not to do the same regarding ETA. Just because the US has far more resources and therefor much less limitation on scope, doesn't really change the underlying issue. If anyone here thinks that, say, France, wouldn't CHOOSE to not have all of the NSAs technical resources if they could get them for free, I think you're either naïve, or just haven't read the news in a long, long time.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..