July 9, 2009 at 2:43 pm #3986Don DonzalKeymaster
DHS Officials Debating The Privacy Implications
By Ellen Nakashima
Washington Post Staff Writer
Friday, July 3, 2009
The Obama administration will proceed with a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site, according to three current and former government officials.
President Obama said in May that government efforts to protect computer systems from attack would not involve “monitoring private-sector networks or Internet traffic,” and Department of Homeland Security officials say the new program will scrutinize only data going to or from government systems.
But the program has provoked debate within DHS, the officials said, because of uncertainty about whether private data can be shielded from unauthorized scrutiny, how much of a role NSA should play and whether the agency’s involvement in warrantless wiretapping during George W. Bush’s presidency would draw controversy. Each time a private citizen visited a “dot-gov” Web site or sent an e-mail to a civilian government employee, that action would be screened for potential harm to the network.
“We absolutely intend to use the technical resources, the substantial ones, that NSA has. But . . . they will be guided, led and in a sense directed by the people we have at the Department of Homeland Security,” the department’s secretary, Janet Napolitano, told reporters in a discussion about cybersecurity efforts.
Under a classified pilot program approved during the Bush administration, NSA data and hardware would be used to protect the networks of some civilian government agencies. Part of an initiative known as Einstein 3, the plan called for telecommunications companies to route the Internet traffic of civilian agencies through a monitoring box that would search for and block computer codes designed to penetrate or otherwise compromise networks.
AT&T, the world’s largest telecommunications firm, was the Bush administration’s choice to participate in the test, which has been delayed for months as the Obama administration determines what elements to preserve, former government officials said. The pilot program was to have begun in February.
“To be clear, Einstein 3 development is proceeding,” DHS spokeswoman Amy Kudwa said. “We are moving forward in a way that protects privacy and civil liberties.”
AT&T officials declined to comment.
A DHS official said the delay occurred because the original timeline “did not take into account all that was required to ensure the exercise would provide the data needed.”
The program is the most controversial element of the $17 billion cybersecurity initiative the Bush administration started in January 2008. Einstein 3 is crucial, advocates say, in an era in which hackers have compromised computer systems at the Commerce and State departments and have taken military jet data from a defense contractor.
The NSA declined to comment on Einstein 3, but a spokeswoman said the agency would help DHS in “any way possible, including technical support,” as it seeks to protect government networks.
The internal controversy reflects the central tension in the debate over how best to defend the nation’s mostly private system of computer networks. The techniques that work best, experts say, require the automated scrutiny of e-mail and other electronic communications content — something that commercial providers already do.
July 9, 2009 at 9:43 pm #25456
time to increase your pgp keybit size!
July 10, 2009 at 12:48 am #25457
I’m not sure why anyone even asks the NSA for comment. What do they expect? Even if they say exactly what the privacy groups want to hear, they won’t be believed.
I don’t know that I really care one way or the other whether the NSA monitors traffic to and from government web sites and mail servers. Does anyone seriously believe that if they were doing something malicious they’d tell us anyway?
In any case, we can’t have it both ways. Either we actively protect the nation’s cyber infrastructure and privacy groups complain or we don’t and privacy groups get all the privacy they want (because they can no longer get to the Internet).
July 11, 2009 at 8:25 pm #25458
its not that the monitor gov sites/traffic is that they monitor ALL traffic
July 12, 2009 at 2:44 am #25459
The way I read it, the system took steps to NOT intercept private data. Data on civilian systems that were connected to government systems (contractors and the like) could be scrutinized, but the average Joe would not. Now of course I don’t really believe that they have all these sensors in really juicy places and are willing to just ignore traffic, but that is the party line (unless I’ve read this wrong).
July 12, 2009 at 7:14 pm #25460
July 13, 2009 at 1:41 am #25461
Again, I think it was pretty clear that I don’t believe they won’t do it. Just “toeing” the party line.
July 15, 2009 at 1:05 am #25462timmedinParticipant
Part of an initiative known as Einstein 3, the plan called for telecommunications companies to route the Internet traffic of civilian agencies through a monitoring box that would search for and block computer codes designed to penetrate or otherwise compromise networks.
So the govt bought an IPS?
- You must be logged in to reply to this topic.