By treating the Internet as a giant surveillance platform, the NSA has betrayed the Internet and the world. It has subverted the products, protocols, and standards that we use to protect ourselves. It has left us all vulnerable—to foreign governments, to cybercriminals, to hackers. And it has transformed the Internet into a medium that no one can trust.
The world has changed dramatically since the NSA was founded 62 years ago. Back then, it was easy to spy on foreign governments while shielding our own from snoops. Today, the NSA's intelligence mission has expanded from just government-on-government espionage to government-on-population surveillance. At the same time, the communications world has shifted from dedicated circuits that can be passively tapped to a single global Internet infrastructure that requires active attack to eavesdrop on. Everyone uses the same networks, and creating the capability to eavesdrop on foreign communications by engineering backdoors into US technology leaves domestic transmissions vulnerable to eavesdropping. The NSA's aggressive data-gathering, with seemingly little regard for how that might compromise the security of everyday digital communications—and with only loose oversight (at best) by government watchdogs—has far exceeded what any modern and free society should reasonably expect. Breaking up the agency would do a lot to bring it under control.
The way I see it, the problem is that the NSA has too many missions: a military mission dedicated to network attacks and political espionage, a law enforcement mission focused on individual bad actors across the globe, and a defensive mission devoted to protecting the nation's information infrastructure.
This new agency would not have to be secret at all, because its ultimate goal ought to be a more secure Internet for everyone.
Take the NSA's military mission. Spying on foreign governments properly belongs within the Department of Defense under US Cyber Command. These days, espionage requires offensive actions in cyberspace—for example, breaking into networks and installing malware. These NSA programs should be treated with the same sensitivity as any other military operation. Attacking a foreign computer network is potentially an act of war, and we should be very careful in choosing to do so.
But the NSA's extensive domestic and foreign surveillance of individuals is an activity that is properly placed inside the Justice Department. There it can be subject to standard domestic law: the Constitution, the warrant process, conventional courts, and much less secrecy. These are mechanisms we have long used to protect ourselves while giving the police, for example, extraordinary powers of investigation.
###### The Complete ‘How to Save the Net’ Series
Finally, the NSA's defensive mission—protecting U.S. communications from eavesdropping and other attacks—should be transferred to a new organization. This function hasn't been talked about much since the Snowden revelations began in June 2013, but it's a vital one, and the NSA is good at it. It has expertise in cryptography, software security, and network security—everything we need to make ourselves safer on the Internet. This new agency would not have to be secret at all, because its ultimate goal ought to be a more secure Internet for everyone.
When I present this proposal to military-minded people, the most common reaction is to say it would be inefficient. There would be duplication of effort and redundancy of expertise. That's true. My counterargument is that efficiency is not the most important goal here; security and liberty are. Deliberately making the police less efficient is how we currently protect ourselves from overreaching police power. Similarly, separating the current functions of the NSA along legal lines rather than technical capabilities is how we can protect ourselves from an overly aggressive agency.
Breaking up the NSA would ensure that security trumps surveillance, and openness trumps secrecy. It's how we regain the trust we've lost.
Bruce Schneier is a security consultant and the CTO of Co3 Systems.
This article is part of our “Save the Net” series, featuring bold solutions to the biggest problems facing the Internet today.
