Skip to main content

It's time to break up the NSA

By Bruce Schneier
February 20, 2014 -- Updated 2340 GMT (0740 HKT)
STORY HIGHLIGHTS
  • Director of national intelligence said U.S. should have acknowledged surveillance
  • Bruce Schneier: NSA is too big and powerful; it's time to break up the agency
  • He says all bulk surveillance of Americans should be moved to the FBI
  • Schneier: Instead of working to weaken security, NSA should try to improve security for all

Editor's note: Bruce Schneier is a security technologist and author of "Liars and Outliers: Enabling the Trust Society Needs to Thrive."

(CNN) -- The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission -- protecting the security of U.S. communications and eavesdropping on the communications of our enemies -- has become unbalanced in the post-Cold War, all-terrorism-all-the-time era.

Putting the U.S. Cyber Command, the military's cyberwar wing, in the same location and under the same commander, expanded the NSA's power. The result is an agency that prioritizes intelligence gathering over security, and that's increasingly putting us all at risk. It's time we thought about breaking up the National Security Agency.

Broadly speaking, three types of NSA surveillance programs were exposed by the documents released by Edward Snowden. And while the media tends to lump them together, understanding their differences is critical to understanding how to divide up the NSA's missions.

Bruce Schneier
Bruce Schneier

The first is targeted surveillance.

This is best illustrated by the work of the NSA's Tailored Access Operations (TAO) group, including its catalog of hardware and software "implants" designed to be surreptitiously installed onto the enemy's computers. This sort of thing represents the best of the NSA and is exactly what we want it to do. That the United States has these capabilities, as scary as they might be, is cause for gratification.

The second is bulk surveillance, the NSA's collection of everything it can obtain on every communications channel to which it can get access. This includes things such as the NSA's bulk collection of call records, location data, e-mail messages and text messages.

This is where the NSA overreaches: collecting data on innocent Americans either incidentally or deliberately, and data on foreign citizens indiscriminately. It doesn't make us any safer, and it is liable to be abused. Even the director of national intelligence, James Clapper, acknowledged that the collection and storage of data was kept a secret for too long.

Sen. Paul: NSA lawsuit not a stunt
Greenwald: I will definitely come back

The third is the deliberate sabotaging of security. The primary example we have of this is the NSA's BULLRUN program, which tries to "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communication devices." This is the worst of the NSA's excesses, because it destroys our trust in the Internet, weakens the security all of us rely on and makes us more vulnerable to attackers worldwide.

That's the three: good, bad, very bad. Reorganizing the U.S. intelligence apparatus so it concentrates on our enemies requires breaking up the NSA along those functions.

First, TAO and its targeted surveillance mission should be moved under the control of U.S. Cyber Command, and Cyber Command should be completely separated from the NSA. Actively attacking enemy networks is an offensive military operation, and should be part of an offensive military unit.

Whatever rules of engagement Cyber Command operates under should apply equally to active operations such as sabotaging the Natanz nuclear enrichment facility in Iran and hacking a Belgian telephone company. If we're going to attack the infrastructure of a foreign nation, let it be a clear military operation.

Second, all surveillance of Americans should be moved to the FBI.

The FBI is charged with counterterrorism in the United States, and it needs to play that role. Any operations focused against U.S. citizens need to be subject to U.S. law, and the FBI is the best place to apply that law. That the NSA can, in the view of many, do an end-run around congressional oversight, legal due process and domestic laws is an affront to our Constitution and a danger to our society. The NSA's mission should be focused outside the United States -- for real, not just for show.

And third, the remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT (signals intelligence). Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.

Computer and network security is hard, and we need the NSA's expertise to secure our social networks, business systems, computers, phones and critical infrastructure. Just recall the recent incidents of hacked accounts -- from Target to Kickstarter. What once seemed occasional now seems routine. Any NSA work to secure our networks and infrastructure can be done openly -- no secrecy required.

This is a radical solution, but the NSA's many harms require radical thinking. It's not far off from what the President's Review Group on Intelligence and Communications Technologies, charged with evaluating the NSA's current programs, recommended. Its 24th recommendation was to put the NSA and U.S. Cyber Command under different generals, and the 29th recommendation was to put encryption ahead of exploitation.

I have no illusions that anything like this will happen anytime soon, but it might be the only way to tame the enormous beast that the NSA has become.

Follow @CNNOpinion on Twitter.

Join us at Facebook/CNNOpinion.

The opinions expressed in this commentary are solely those of Bruce Schneier.

ADVERTISEMENT
Part of complete coverage on
December 25, 2014 -- Updated 0633 GMT (1433 HKT)
Danny Cevallos says the legislature didn't have to get involved in regulating how people greet each other
December 23, 2014 -- Updated 2312 GMT (0712 HKT)
Marc Harrold suggests a way to move forward after the deaths of NYPD officers Wenjian Liu and Rafael Ramos.
December 24, 2014 -- Updated 1336 GMT (2136 HKT)
Simon Moya-Smith says Mah-hi-vist Goodblanket, who was killed by law enforcement officers, deserves justice.
December 24, 2014 -- Updated 1914 GMT (0314 HKT)
Val Lauder says that for 1,700 years, people have been debating when, and how, to celebrate Christmas
December 23, 2014 -- Updated 2027 GMT (0427 HKT)
Raphael Sperry says architects should change their ethics code to ban involvement in designing torture chambers
December 24, 2014 -- Updated 0335 GMT (1135 HKT)
Paul Callan says Sony is right to call for blocking the tweeting of private emails stolen by hackers
December 23, 2014 -- Updated 1257 GMT (2057 HKT)
As Christmas arrives, eyes turn naturally toward Bethlehem. But have we got our history of Christmas right? Jay Parini explores.
December 23, 2014 -- Updated 0429 GMT (1229 HKT)
The late Joe Cocker somehow found himself among the rock 'n' roll aristocracy who showed up in Woodstock to help administer a collective blessing upon a generation.
December 23, 2014 -- Updated 2115 GMT (0515 HKT)
History may not judge Obama kindly on Syria or even Iraq. But for a lame duck president, he seems to have quacking left to do, says Aaron Miller.
December 23, 2014 -- Updated 1811 GMT (0211 HKT)
Terrorism and WMD -- it's easy to understand why these consistently make the headlines. But small arms can be devastating too, says Rachel Stohl.
December 22, 2014 -- Updated 1808 GMT (0208 HKT)
Ever since "Bridge-gate" threatened to derail Chris Christie's chances for 2016, Jeb Bush has been hinting he might run. Julian Zelizer looks at why he could win.
December 20, 2014 -- Updated 1853 GMT (0253 HKT)
New York's decision to ban hydraulic fracturing was more about politics than good environmental policy, argues Jeremy Carl.
December 20, 2014 -- Updated 2019 GMT (0419 HKT)
On perhaps this year's most compelling drama, the credits have yet to roll. But we still need to learn some cyber lessons to protect America, suggest John McCain.
December 22, 2014 -- Updated 2239 GMT (0639 HKT)
Conservatives know easing the trade embargo with Cuba is good for America. They should just admit it, says Fareed Zakaria.
December 20, 2014 -- Updated 0112 GMT (0912 HKT)
We're a world away from Pakistan in geography, but not in sentiment, writes Donna Brazile.
December 19, 2014 -- Updated 1709 GMT (0109 HKT)
How about a world where we have murderers but no murders? The police still chase down criminals who commit murder, we have trials and justice is handed out...but no one dies.
December 18, 2014 -- Updated 2345 GMT (0745 HKT)
The U.S. must respond to North Korea's alleged hacking of Sony, says Christian Whiton. Failing to do so will only embolden it.
December 19, 2014 -- Updated 2134 GMT (0534 HKT)
President Obama has been flexing his executive muscles lately despite Democrat's losses, writes Gloria Borger
December 18, 2014 -- Updated 1951 GMT (0351 HKT)
Jeff Yang says the film industry's surrender will have lasting implications.
December 18, 2014 -- Updated 2113 GMT (0513 HKT)
Newt Gingrich: No one should underestimate the historic importance of the collapse of American defenses in the Sony Pictures attack.
December 10, 2014 -- Updated 1255 GMT (2055 HKT)
Dean Obeidallah asks how the genuine Stephen Colbert will do, compared to "Stephen Colbert"
December 18, 2014 -- Updated 1734 GMT (0134 HKT)
Some GOP politicians want drug tests for welfare recipients; Eric Liu says bailed-out execs should get equal treatment
December 18, 2014 -- Updated 1342 GMT (2142 HKT)
Louis Perez: Obama introduced a long-absent element of lucidity into U.S. policy on Cuba.
December 16, 2014 -- Updated 1740 GMT (0140 HKT)
The slaughter of more than 130 children by the Pakistani Taliban may prove as pivotal to Pakistan's security policy as the 9/11 attacks were for the U.S., says Peter Bergen.
ADVERTISEMENT