Bruce Schneier has a provocative article on CNN Opinion about breaking up the NSA. He begins by pointing out that the NSA has three types of surveillance programs:
- Targeted Surveillance as exemplified by the actions of the Targeted Access Operations (TCO) group.
- Bulk surveillance in which they vacuum up as much information as possible. The poster child of these operations is the bulk phone metadata collection.
- Sabotaging of security by working to install vulnerabilities into crypto primitives and equipment. The reported insertion of a backdoor into the NIST certified Dual_EC_DRBG random number generator is the most notorious example of this type of program.
Schneier proposes breaking up these three functions into different organizations. Under his plan, the first program would be transferred to the U.S. Cyber Command, which would be separated from the NSA. The second, surveillance of Americans, would be moved to the FBI, which has traditionally performed this task and is subject to legal safeguards that the NSA routinely avoids or ignores. Finally, the NSA would no longer work to subvert security but would, instead, work to increase the security of our crypto and IT infrastructure, its traditional function before 911.
Schneier understands that none of this is apt to happen anytime soon but that something along these lines needs to be done to increase our security and reinstate trust in the NSA. It’s an interesting post and well worth a couple minutes of your time.