Cybersecurity Expert Bruce Schneier Calls for Breakup of the NSA

In a stark change in the overall tone of his ideas, respected cybersecurity expert Bruce Schneier, in his blog, called for the breakup of the NSA and delegating their duties to other US intelligence agencies.

His argument, which i largely agree with, is that the NSA's dual-missions are directly adversarial with one another. The National Security Agency is supposed to both assist in creating and validating technologies that help keep the US and its allies safe from intrusion, and at the same time, develop an arsenal of its own intrusion efforts.

This dual mission is in conflict with itself because there is great incentive to weaken protection of data to increase the scope and power of tools to intrude into networks, servers, and devices.

There is ample evidence that the NSA is indeed compromising security of systems worldwide by weakening standards and interfering with technologies that protect data from intrusion. They paid RSA systems $10,000,000 USD to use a compromised random number generator. They have the Quantum Insertion program, which is designed to intrude into home routers with undisclosed vulnerabilities and use them to inject data into networks. They have installed backdoors into routers and networking devices. They have created an indexed pile of browser vulnerabilities which they exploit through the FoxAcid program that exploit these vulnerabilities rather than expose and fix them. When GSM cell phone encryption standards were developing, the NSA had them weakened enough to be breakable. One of Snowden's NSA slides show the NSA is confident that it can break into iOS devices with a 100% success rate. This can only mean that they have either inserted vulnerabilities into iOS, or that they have found serious flaws with the operating system and choose not to tell Apple so that they can exploit it.

These actions impact everyone negatively. It makes all of computing and communication less secure. These problems are lying dormant waiting to be found by criminal enterprises and enemy states rather than being closed.

Bruce goes on to detail his thoughts on what duties should be delegated to which agency, but to me the message is clear. It is unacceptable to task one entity with armoring our networks and then to also task them with breaking that armor. We can split hairs over exactly what should be done, but I think we can all agree that the dual-mission of the NSA is in conflict with itself.


< last
next >