Early this year, the big brains at Google admitted that they had been outsmarted. Along with 33 other companies, the search giant had been the victim of a major hack — an infiltration of international computer networks that even Google couldn't do a thing about. So the company has reportedly turned to the only place on Earth with a deeper team of geeks than the Googleplex: the National Security Agency.
Most of us know the NSA as the supersecret spook shop that allegedly slurped up our email and phone calls after the September 11 attacks. But NSA headquarters — the "Puzzle Palace" — in Fort Meade, Maryland, is actually home to two different agencies under one roof. There's the signals-intelligence directorate, the Big Brothers who, it is said, can tap into any electronic communication. And there's the information-assurance directorate, the cybersecurity nerds who make sure our government's computers and telecommunications systems are hacker- and eavesdropper-free. In other words, there's a locked-down spy division and a relatively open geek division. The problem is, their goals are often in opposition. One team wants to exploit software holes; the other wants to repair them. This has created a conflict — especially when it comes to working with outsiders in need of the NSA's assistance. Fortunately, there's a relatively simple solution: We should break up the NSA.
Here's the problem: Say you're a Google customer — and who isn't, really? You want to know that Google is safeguarding your data and your privacy. Trouble is, when Google calls the NSA, everyone watching sees it as a package deal. The company wants geeks, but it runs the risk of getting spies, too. The NSA's wiretapping directorate has a vested interest in keeping company information at least slightly open in case they need to take a look someday — the NSA is, after all, the agency that tapped AT&T switching stations (OK, OK, allegedly). So if Google appeals to the NSA, it could poison its relationship with its customers (and compromise your personal information, to boot). The NSA and Google can pinky-swear that they'll never ever put a back door in Gmail, but intelligence agencies aren't known for keeping their promises.
A broken-out bureau — call it the Cyber Security Agency, or CSA — that didn't include the spooks would obviate this conflict. "A separate information-assurance agency," says Michael Tanji, a 21-year veteran of intelligence services, including the NSA, "will have a greater level of acceptance across the government and the private sector."
That acceptance is vital — because the dotcom and dotgov universes are already having to rely on the NSA, no matter what the drawbacks are. The Defense Department turned to the director of the NSA to head its new Cyber Command. The Department of Homeland Security routinely turns to the NSA for cybersecurity help. Technically, rendering this aid isn't the NSA's job, says Richard Bejtlich, a former Air Force cybersecurity officer now with General Electric. "But when you're in trouble, you go to the guys who actually have a clue."
An independent CSA would be trusted more widely than Fort Meade, improving collaboration among cybersecurity geniuses. It was private researchers and academics who led the effort to corral the ultrasophisticated Conficker worm. And the National Institute of Standards and Technology worked on federal desktop security. A well-run, independent CSA would be able to coordinate better with these outside entities.
The idea of splitting up the NSA's geeks and spies has come up before. It's one of the reasons that the NSA's directorates have separate budgets and separate congressional oversight. But a previous push to break them up was dismissed — because back when mail was paper and banking was done with a teller, the lines between codebreaking and codemaking were fuzzy and the benefits of a trusted network protector were less clear. But that was then. Today, as unsafe as electronic information is in a world of hackers and Internet worms, it's even more unsafe locked inside the Puzzle Palace.
Contributing editor Noah Shachtman (wired.com/dangerroom) writes about commentator Andrew Breitbart in this issue.
