Share Facebook

Twitter

Whatsapp

Mail

Whatsapp Civil liberties activists hold a rally against surveillance of US citizens and the retention of hundreds of millions of telephone call records.

A year and a half after the Edward Snowden revelations, with promised reform measures stalled in congress, security expert Bruce Schneier says we should break up the National Security Agency to help build trust and transparency, while preserving its necessary functions.

Traditionally, the NSA has had two missions; attack and defence. Established during the Cold War, the agency was charged with eavesdropping on the Soviet Union and the Warsaw Pact countries while also protecting American military communications from eavesdropping by the Soviet Union.

These two missions were opposite but complimentary. The same techniques and expertise needed to attack their communications were also needed to defend our communications.

The NSA has kept the communications of the world deliberately weak so that it can spy on its traditional and modern enemies.

The reason it worked was that even though the techniques and knowledge were the same, the equipment was different. Soviet radios were different from American radios. Soviet telephone networks never carried American telephone traffic. So you could easily keep the two missions in a single organization; they required the same expertise and they didn’t conflict.

That changed with the rise of the internet. It used to be government-on-government espionage; now it's more government-on-the-whole-population surveillance.

Now everybody in the world, the good guys and the bad guys, uses Microsoft Windows, Gmail accounts, Cisco routers, the same software, the same hardware, the same internet. The communications are combined. So you can find American communications on trunks that go through Eastern Europe or China or North Korea. These missions are now in conflict, and we have to choose whether we protect our communications, thereby protecting their communications, or leave our communications vulnerable, thereby leaving their communications vulnerable. Once you do one, you can’t do the other. They’re mutually exclusive.

Related: The inside story of Edward Snowden

We really have to divide the two missions better, because the NSA has kept the communications of the world deliberately weak so that it can spy on its traditional and modern enemies. I want to break up those two missions.

The defensive mission should be very public, there's no reason for secrecy there: we are defending, we are finding vulnerabilities, we are patching them, and we are telling people how to secure their computers. I think that is a civilian mission, one that should potentially go inside the Department of Commerce. It's very much an open mission, and that's very important. In protecting US communications, we protect everybody else's communications, because everybody else is going to use the same stuff.

If we help secure the backbone of the internet, everybody in the world benefits, including the Chinese dissidents who need security to stay alive.

When you get to ‘attack’, there are two missions. Government-on-government espionage—attack, cyber war—which should move under the Department of Defence.

Last year there was a big scandal because we were spying on the German Chancellor Angela Merkel's cell phone. Maybe we should do that, but whether we should or not needs to be decided at a very high level in government, not just by an NSA analyst. So that stuff should be within the Department of Defence.

Anything that is ‘government-on-population’ should be within a civilian law enforcement agency. In the United States, the FBI does a lot of counter-terrorism. They are also much more open. The laws that govern them are about law enforcement, and are more suited to monitoring populations. So that government-on-population surveillance mission should move into the Department of Justice.

Those are the NSA’s three current functions: defence goes within something like the Department of Commerce, attack goes within the Department of Defence, and counterterrorism population surveillance goes into the Department of Justice. I think that is a much better political position for the realities of today than keeping everything inside the NSA.

Breaking up the NSA won’t be easy, but it will mean greater civilian oversight. Really we are at the very early stages of this. Currently, the problem is that we are conducting peacetime surveillance under the rules of war, but moving it under the FBI would put it under civilian control, even if the FBI isn't perfect.

Listen: The lawyer, the whistleblower and the NSA

My belief is that Edward Snowden's ultimate legacy will be a worldwide right to privacy that is enshrined in international and domestic law. However, I think that’ll be a couple of decades in coming.

Right now, the lesson the government has learned is the obvious and wrong one, which is we should have protected our secrets better and not have let him leak them. The greater lessons—that maybe we went too far, we did something wrong, we need to roll back surveillance, we need to re-enshrine privacy and liberty—those lessons really haven't been learned yet, and I think they are perhaps a decade away from being learned.

Europe is interesting in that they have much stronger rights to privacy than the United States does, but it's mostly corporate privacy. They tend to allow much greater government access to data and regulate corporate access to data. Privacy reform is more likely to come from Europe first and spread outward from there, however.

Fifty years from now, people will look back at today and look at the way we ignored privacy in the same way that today we look back at child labour laws and workplace conditions and say, ‘My God, how did we do that, how could we be that immoral?’

Privacy really is that important. However, sometimes it does take a generational change to realise those things. I'm not sure which international institutions or domestic bodies this will come from, but I do believe it is coming.

Certainly, a lot of people just don't care. Either they trust their government or they trust Google or Facebook, and they accept that this kind of intrusion is happening, and there is nothing they can do about it. I encounter that a lot. Privacy is a little abstract. It's something you tend to take for granted until you don't have it any more.

Breaking up the NSA Listen to this episode of Future Tense to find out more.

So maybe it will take another few years of us losing our privacy before people say, ‘Hey wait, this just isn't okay.’

It will be hard. There are lot of entrenched movements. Certainly a lot of corporations are making money by spying on us—there's a lot of profit in invading our privacy. So there will be hurdles to overcome.

President Obama’s review of surveillance came out with the recommendation last December that US Cyber Command, which is the military cyber-attack division, be split from the NSA. Right now, the same admiral or general in charge of the NSA is in charge of the Cyber Command.

That recommendation was a very mild version of what I’ve suggested, yet President Obama chose not to do adopt it. He appointed Vice Admiral Michael Rogers recently to head both the NSA and US Cyber Command. This is certainly not something that will happen anytime soon, but I do think it is important.

Bruce Schneier is a security technologist and fellow at the Berkman Center for Internet and Society at Harvard Law School.

Exploring new ideas, new approaches, new technologies—the edge of change. Future Tense analyses the social, cultural and economic fault lines arising from rapid transformation.



