Report: NSA will monitor government networks
Einstein 3, a President Bush initiative formerly set to go forward in February, is being re-evaluated under President Obama's administration.
A description of the Einstein program, issued by the U.S. Department of Homeland Security (DHS), said it is a process for collecting and analyzing data from federal government agencies to appropriately respond to cyberthreats or attacks and improve the security of government computer networks. Phase 3 of the classified pilot program, approved by Bush, builds on the current Einstein program to now block malicious code that has been designed to penetrate government networks, The Washington Post reported.
But the issue of the NSA's involvement in the program has reportedly been met with some debate at DHS since the NSA formerly was involved in a controversy during Bush's administration involving the “warrantless wiretapping” of private networks.
According to the paper, concerns over the NSA's involvement in the program lie in whether private data would be effectively “shielded from unauthorized scrutiny.”
A DHS spokesman contacted by SCMagazineUS.com on Monday would neither confirm nor deny reports that the NSA will be involved in the newest phase of the Einstein program.
Marci Green, an NSA spokeswoman, told SCMagazineUS.com in an email statement: "As Gen. Alexander stated in his RSA speech, NSA is part of the team that is working to protect critical national systems. DHS is leading efforts on .gov networks and we will help them in any way possible, including technical support."
James Lewis, director of technology and public policy at the Center for Strategic International Studies (CSIS), told SCMagazineUS.com on Monday that the privacy concerns center on how intrusive programs will be and how far they will extend into private networks and communications.
Though the Einstein program is intended to monitor communications on government networks, there is a concern over whether communications will be screened if a citizen communicates with the government.
“How do we know it won't be spread out to look at more than .gov networks?” Lewis asked.
In addition, Lewis said it's unclear whether the monitoring will include the content of messages or whether the program will just look for malware. For example, looking at messages in a foreign language while searching for malware is much different from reading the messages in English and comprehending its content while performing the same task, Lewis said.
Obama addressed privacy concerns in a speech he gave in late May about the government's new cybersecurity initiative. In his speech, Obama promised to secure the nation's digital infrastructure and to detect and defend against attacks, but also stressed that the government will “preserve and protect the personal privacy and civil liberties that we cherish as Americans.” He vowed that the government will not monitor private sector networks or internet traffic in its mission for cybersecurity.
Ari Schwartz, vice president of the Center for Democracy and Technology told SCMagazineUS.com on Monday that the DHS must ensure it is keeping private sector data separate from government data and make sure they are only collecting information from government visitors. He added that there is an opportunity to build privacy into the program because it's still in its early stages. Lewis that that the DHS, White House, NSA and the Department of Justice are all involved in these conversations.
“I have heard they are trying to sort out the legal issues, and until then don't want to move forward,” Lewis said.