Q&A: Schneier on trust, NSA spying and the end of US internet hegemony
Basically, we're screwed for the next decade or so
You've written that the NSA now needs to be broken up. What's the best way to do it?
I see it along three lines. First anything done against Americans needs to be done by the FBI. We have rules for domestic surveillance, we have laws, we have procedures, and the FBI should be the organization to follow them. This should not be intelligence, it should not be the military, and should be done by civilian law enforcement.
Second, these days eavesdropping equals network attack. This is why we freak out so much when the Chinese do it to us, because it’s the same sort of techniques and attacks. Because of that it needs to be under a military command – US Cyber Command.
Finally, the NSA should focus on defense, security and defense. Cryptography, computer security, network security, critical infrastructure security, all the things they can do in the open to make everybody on the planet more secure.
What did you make of the appointment of Vice Admiral Michael Rogers as the new head of the NSA?
I think it means no change. Obama's review group actually said things along the lines of what I'm saying: break up the NSA and Cyber Command. The group's recommendations were really better than I expected. They talked about putting computer security ahead of signals intelligence, they talked about not subverting standards, and they talked about breaking [apart] the NSA and Cyber Command, and I think those suggestions should have been taken seriously.
Snowden, a whistleblower or traitor?
It's not simple. His actions were very complex and they are ongoing. Right now I believe that the abuses he has exposed are incredibly important, and they are why we're having the debates we are having now and why we're having these policy changes. The benefit of that far outweighs the damage that he might have done.
That being said, we are right in the middle of this. Those are the kind of questions that are answered by history books, not by newspapers.
What about the fallout? We're already seeing corporate profits being hit by the revelations from Snowden.
Unfortunately there's not going to be a lot of fallout. What we are learning is what the NSA is doing, but really this is what any well-funded nation state would do. This is what the Russians, Chinese, French and Israelis do.
So when you're looking to buy a cloud service, or a software program, or a piece of hardware, you kind of have to pick your adversary. You pick who you trust and you pick who you want spying on you. What are you going to do – buy Huawei equipment because you don’t trust Juniper?
If you have to choose who your spook is, the US is probably a pretty good one. Much as I hate to say this, I think once things settle down people are going to say: "Better the US than the Russians." While we need to have huge policy debates, in the near-term there often aren't options that are spy-free.
Right now who do you want recording your location data – Apple or Google? There's no "nobody" option, there should be and there will be. But right now it's pick who you hate the least. That's the cold reality, and I wish it wasn't so.
And for the US as a whole?
We need to figure out who we can trust and we need a new internet governance model. The former governance model was largely a benign US dictatorship; the world believed the US was acting in the world's best interests and looked the other way.
That's gone, that's over, and it's not coming back. Unfortunately some of the alternatives, like the International Telecommunications Union, are way worse. So we need to work out governance now that no one trusts US benevolence.
What about your personal security? You don't even lock down your home Wi-Fi
I believe in securing the endpoints. I believe having an open network is polite, like having a bathroom that isn't locked. I don't do anything magic at all.