I think an even better argument for breaking up the NSA is that there's a fourth category of work they (should) do that's totally unrelated to surveillance and that I'd classify as "very good:" actively working to secure the communications of US government and companies against the NSA-equivalents of other nation-states and rogue actors. Having this is on the same list as encryption sabotage is a recipe for mismanagement and bad policy.
Yes. Imagine if the NSA were tasked with being a gatekeeper for data privacy and integrity that large companies like Facebook had to work with any time they pushed an update that sent data somewhere new, in the same way that the FDA verifies safety and efficacy of pharmaceuticals when they're applied to a new problem-domain. (I know that sounds almost satirically over-the-top, but it could work—if it were limited to companies [and branches of government] that were handling enough user data that, say, identity fraud attacks would be made possible just by having it. And any system where the government itself has specified the data-integrity requirements: voting terminals, library checkout systems, etc.)
Come to think of it, this NSA would probably also be responsible for chasing down companies who ask you for your SSN, wouldn't it?
They could also offer free pen-testing services (presumably through their defense subcontractors; they wouldn't have to employ any whitehats themselves) for small businesses who can't afford pen-testers, like a specialized form of industrial-development grant.
And, of course, they could also do the only legitimate/legal "active no-advance-notice" pen-testing for infrastructure they're concerned about (ISPs, hosts like AWS, etc.), converting taxpayer dollars directly into those "eyes that make bugs shallow."
Effectively, the NSA are to our sovereign data boundaries as the coast guard is to (most of) our physical ones. Since that's the case—where's our Lighthouse Service?
> ...any time they pushed an update that sent data somewhere new...
So you think making the NSA (or any govt agency) the gatekeeper for all data, public and private, would be a good idea? As if there's no way that could be abused? No thanks.
The data wouldn't go through them, nor would they be responsible for auditing the algorithms themselves. The comparison with the FDA was exact: they would simply require the company to execute a study proving (to peer review) the data-integrity of each change they were going to make.
The one interesting thing is that this would likely enforce an open-core-SOA software development model: companies would be incentivized to build a "trust kernel" of services that the government regs apply to, exposing an API with stringent access controls; and then a view layer that consumes that API, which can have whatever sloppy code they wish. The trust kernel would then have to be at least shared-source to enable the peer review necessary for study. (The company couldn't just pass the code around within a cabal of trusted peer companies, since those peers might be unfairly positively-biased.)
That's fairly analogous to the current NIST regulations.
Unfortunately, NIST has been dragging 140-3 in draft form on for years. 140-2 was written in the 1980's and reflects very badly on current hardware and software practices.
Another area you could look into is Common Criteria. I find these certifications to be much more modern.
I've taken products through both processes. If you're going for more than the basic levels they can be quite rigorous and thorough.
Sorry, I tried to write what I imagined was a clarifying comment, at least along the lines of what I thought you were trying to say. But while I was typing it you (who I imagine is the real authority on your own opinion) did exactly the same, but better.
The parent comment is not suggesting that they are the gatekeepers of the data, but rather that they act as a third party to authenticate data transmission. For example, company X says it wants to get you data, pass it through service Y and return Z, with the claim that the sensitive parts be secure. The role of the NSA would be to provide an audit of this process to determine whether or not security was in place. So if a service passed this hypothetical NSAs test they would actually never see any private information. The only danger is that the NSA withhold information about known insecurities, but that isn't any different from the current situation, and does not amount to "gatekeeping".
>"..in the same way the FDA verifies safety and efficacy of pharmaceuticals.."
There is some merit to what you say, but I'd not use the FDA as a model. To me that sounds like a recipe for disaster, imagine the NSA auditing our software with FDA like cronyism and inefficiency? Green-light passes to be auctioned off to the highest bidder, and otherwise legitimate products will be hampered by woe-some delays. "Sorry, cant launch your new update until the NSA approves it."
The NSA could require that certain security properties of the system be held (e.g., all wire transmission and storage of data is encrypted with certain key management policies..) and a 3rd party (e.g., like an accounting firm) could be the one doing the audit.
e; well, not actually pen testing, but knowing what personal information companies store, and mandating minimum safekeeping measures and limits on sharing.
The NSA's Information Assurance wing considers itself responsible for the security of classified US Government systems only—specifically not unclassified US Government systems, or any civilian systems whatsoever, which they feel falls under NIST's domain.
But yes, it's much smaller than their SIGINT wing, and yes, I also feel that having both teams under the same roof (so to speak) is not just an 'equities problem' - it's a full-scale irreconcilable conflict of interest.
You might feel that surely the NSA wouldn't backdoor their own stuff? But no: there they are, actually using Dual_EC_DRBG even in their own most trusted crypto hardware - in, I presume, the firm belief that "nobody but us" has the private key to use the backdoor. Which seems somewhat reckless in light of a working distinguisher and how very fragile (EC)DSA is… and a stark reminder of how the recent return to talk of backdoors - sorry, "front doors" or "secure golden keys", because they want to control the language to frame the debate in the way they want - are so much bullshit, and the only reasonable discussion we can have about things which undermine all of our collective security is one where the people who are asking for such idiotic things to - they think - make their jobs easier should kindly shut the fuck up.
Ahem.
GCHQ over here have the exact same issue with CESG and the MoD CRYPTO group versus the COMINT/ELINT/SIGINT bulk of their mission. GCHQ have even selected their own suppliers and political and other infrastructure for targeted surveillance in some cases! So for those who choose to try to work with them - surprise! - that doesn't mean they're not also working against you too. It just gives them another angle.
"And third, the remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT (signals intelligence). Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.
Computer and network security is hard, and we need the NSA's expertise to secure our social networks, business systems, computers, phones and critical infrastructure. Just recall the recent incidents of hacked accounts—from Target to Kickstarter. What once seemed occasional now seems routine. Any NSA work to secure our networks and infrastructure can be done openly—no secrecy required."
Title 10 explicitly disallows the NSA to proactively interfere (good or bad) with private industry services unless specifically requested by a law enforcement agency and in cases like you propose would have had to be requested by the private organization to the LEA in the first place.
Indeed. Compromising cybersecurity as a means of defense is fighting with a gripless sword. It makes no sense that planting backdoors in all of your systems is somehow supposed to help security.
For one, there has been little appreciable gain from this practice, but it's also way too easy for an adversary to subvert a backdoor planted for purposes of peeping around, and use it to do very serious damage. The more entrenched surveillance via cyberespionage becomes, the more it expands the attack surface for a foreign actor to exploit it.
Second, there is no guarantee at all that the NSA is impervious to the same sort of infiltration methods. If they become compromised themselves by a foreign hacking entity, then that's it for everyone they're "surveying".
And third, the remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT (signals intelligence). Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.
