[Infowarrior] - Feds weigh expansion of Internet monitoring

Richard Forno rforno at infowarrior.org
Thu Mar 4 13:21:38 UTC 2010 

March 4, 2010 4:00 AM PST
Feds weigh expansion of Internet monitoring
by Declan McCullagh

http://news.cnet.com/8301-13578_3-10463665-38.html?part=rss&tag=feed&subj=News-PoliticsandLaw
SAN FRANCISCO--Homeland Security and the National Security Agency may  
be taking a closer look at Internet communications in the future.

The Department of Homeland Security's top cybersecurity official told  
CNET on Wednesday that the department may eventually extend its  
Einstein technology, which is designed to detect and prevent  
electronic attacks, to networks operated by the private sector. The  
technology was created for federal networks.

Greg Schaffer, assistant secretary for cybersecurity and  
communications, said in an interview that the department is evaluating  
whether Einstein "makes sense for expansion to critical infrastructure  
spaces" over time.

Not much is known about how Einstein works, and the House Intelligence  
Committee once charged that descriptions were overly "vague" because  
of "excessive classification." The White House did confirm this week  
that the latest version, called Einstein 3, involves attempting to  
thwart in-progress cyberattacks by sharing information with the  
National Security Agency.

Greater federal involvement in privately operated networks may spark  
privacy or surveillance concerns, not least because of the NSA's  
central involvement in the Bush administration's warrantless  
wiretapping scandal. Earlier reports have said that Einstein 3 has the  
ability to read the content of emails and other messages, and that  
AT&T has been asked to test the system. (The Obama administration says  
the "contents" of communications are not shared with the NSA.)

"I don't think you have to be Big Brother in order to provide a level  
of protection either for federal government systems or otherwise,"  
Schaffer said. "As a practical matter, you're looking at data that's  
relevant to malicious activity, and that's the data that you're  
focused on. It's not necessary to go into a space where someone will  
say you're acting like Big Brother. It can be done without crossing  
over into a space that's problematic from a privacy perspective."

If Einstein 3 does perform as well as Homeland Security hopes, it  
could help less-prepared companies fend off cyberattacks, including  
worms sent through e-mail, phishing attempts, and even denial of  
service attacks.

On the other hand, civil libertarians are sure to raise questions  
about privacy, access, and how Einstein could be used in the future.  
If it can perform deep packet inspection to prevent botnets from  
accessing certain Web pages, for instance, could it also be used to  
prevent a human from accessing illegal pornography, copyright- 
infringing music, or offshore gambling sites?

"It's one thing for the government to monitor its own systems for  
malicious code and intrusions," said Greg Nojeim, senior counsel at  
the Center for Democracy and Technology. "It's quite another for the  
government to monitor private networks for those intrusions. We'd be  
concerned about any notion that a governmental monitoring system like  
Einstein would be extended to private networks."

AT&T did not respond to a request for comment on Wednesday.

At the RSA Conference here on Wednesday, Homeland Security Secretary  
Janet Napolitano stressed the need for more cooperation between the  
government and the private sector on cybersecurity, saying that "we  
need to have a system that works together."

During a House appropriations hearing on February 26, Napolitano  
refused to discuss Einstein 3 unless the hearing were closed to the  
public. "I don't want to comment publicly on Einstein 3, per se, here  
in an unclassified setting," she said. "What I would suggest, perhaps,  
is a classified briefing for members of the subcommittee who are  
interested."

Some privacy concerns about Einstein have popped up before. An  
American Bar Association panel said this about Einstein 3 in a  
September 2009 report: "Because government communications are  
commingled with the private communications of non-governmental actors  
who use the same system, great caution will be necessary to insure  
that privacy and civil liberties concerns are adequately considered."

Jacob Appelbaum, a security researcher and programmer for the Tor  
anonymity project, said that expanding Einstein 3 to the private  
sector would amount to a partial outsourcing of security. "It's  
clearly a win for people without the security know-how to protect  
their own networks," Appelbaum said. "It's also a clear loss of  
control. And anyone with access to that monitoring system, legitimate  
or otherwise, would be able to monitor amazing amounts of traffic."

Einstein grew out of a still-classified executive order, called  
National Security Presidential Directive 54, that President Bush  
signed in 2008.

While little information is available, former Homeland Security  
Secretary Michael Chertoff once likened it to a new "Manhattan  
Project," and the Washington Post reported that the accompanying  
cybersecurity initiative represented the "single largest request for  
funds" in last year's classified intelligence budget. The Electronic  
Privacy Information Center has filed a lawsuit (PDF) to obtain the  
text of the order.

Homeland Security has published (PDF) a privacy impact assessment for  
a less capable system called Einstein 2--which aimed to do intrusion  
detection and not prevention--but has not done so for Einstein 3.

The department did, however, prepare a general set of guidelines (PDF)  
for privacy and civil liberties in June 2009. In addition, the Bush  
Justice Department wrote a memo (PDF) saying Einstein 2 "complies  
with" the U.S. Constitution and federal wiretap laws.

That justification for Einstein 2 "turned on the consent of employees  
in the government that are being communicated with, and on the notion  
that a person who communicates with the government can't then complain  
that the government read the communication," said CDT's Nojeim. "How  
does that legal justification work should Einstein be extended to the  
private sector?"


Declan McCullagh is a contributor to CNET News and a correspondent for  
CBSNews.com who has covered the intersection of politics and  
technology for over a decade. Declan writes a regular feature called  
Taking Liberties, focused on individual and economic rights; you can  
bookmark his CBS News Taking Liberties site, or subscribe to the RSS  
feed. You can e-mail Declan at declan at cbsnews.com.

More information about the Infowarrior mailing list