If Bruce Schneier Ran the NSA, He'd Ask a Basic Question: "Does It Do Any Good?"
Ars asks a tech and legal all-star team how to fix America's security state.
By Cyrus Farivar
August 7, 2013
For the last two months, we've all watched the news about the National Security Agency and its friends over at the Foreign Intelligence Surveillance Court (FISC), which approves secret orders on behalf of the NSA and other spy agencies. But more often than not, a lot of these articles take the same basic structure: documents provided by NSA leaker Edward Snowden show X, and then privacy advocates and civil libertarians decry X for Y reason.
That now raises the question, what would these privacy advocates do if they were put in charge of the NSA and the FISC? Or more specifically, what changes would they immediately enact at those two opaque institutions?
Ars checked in with some of the best technical and legal minds that we know: Bruce Schneier, one of the world's foremost cryptographers, and Jennifer Granick, an attorney and director of Civil Liberties at Stanford University's Center for Internet and Society. For a historical perspective, we chatted with Gary Hart, a former United States senator from Colorado who served on the Church Committee in 1976. Its recommendations led to the creation of the Foreign Intelligence Surveillance Act (FISA) and the FISC. We also looked at recent public statements by the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU).
Schneier, who has previously criticized the Department of Homeland Security, proposed the most radical changes.
"There's a fundamental problem in that the issues are not with the NSA but with oversight," he told Ars. "[There's no way to] counterbalance the way [the NSA] looks at the world. So when the NSA says we want to get information on every American's phone call, no one is saying: you can't do that.' Without that, you have an agency that's gone rogue because there is no accountability, because there is nothing checking their power."
The way Schneier sees it, in an attempt to keep the operational details of the targets secret, the NSA (and presumably other intelligence agencies, too) has also claimed that it also needs to keep secret the legal justification for what it's doing. "That's bullshit," Schneier says.
The famed computer scientist wants to apply traditionally open and public scrutiny to how the NSA operates.
"How much does this stuff cost and does it do any good?" he said. "And if they can't tell us that, they don't get approved. Let's say the NSA costs $100 million annually and that an FBI agent is $100,000 a year. Is this worth 1,000 FBI agents? Or half and half? Nowhere will you find that analysis."
For the record: the size of the NSA's budget is officially classified as secret, but estimates put it at least at $8 to $10 billion annually--but his point stands. It's nearly impossible to judge the effectiveness of federal spending of an unknown sum, whose tactics, legal justifications, and most importantly, outcomes, are completely hidden from the public.
"We deliberately have given ourselves an inefficient form of government and an inefficient form of policing because we recognize the dangers in giving people so much power without any oversight or accountability," he concluded.
Similarly, former Senator Gary Hart said that the intelligence apparatus has ballooned out of control in the United States in recent years.
"The use of outside consultants [and] private companies by these dozen and a half intelligence agencies is out of hand," Hart said. "We don't know how many companies there are, how many people they employ. We do know there are 1 million Americans with top-secret clearance, and that's way too much."
Indeed, the Wall Street Journal recently reported that "as of last October, nearly five million people held government security clearances. Of that, 1.4 million held top-secret clearances."
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..