New worries emerge about Internet monitoring

Prospect of private-sector participation in the government's new Einstein 3 Internet monitoring system is raising concerns

Now that testing of the government’s latest Einstein 3 Internet monitoring and cyber defense system is under way, high-ranking officials have spoken again about trying to get selected companies to join agencies in using the controversial technology. But the prospect of private-sector participation in the government program, even if voluntary, has raised questions about privacy and the technology's supposed superiority over tools that companies might already be using.

Companies that operate critical infrastructure, such as power, transportation and financial networks, are the ones government officials want to get on board first, said Deputy Defense Secretary William Lynn. The Defense Department has created a task force comprised of industry and government information technology and defense interests to examine issues about sharing the Einstein technology, reported Amber Corrin in Defense Systems, a sister publication of Federal Computer Week.

The plan to include critical infrastructure operators in government cyber defense programs is a goal of National Security Presidential Directive 54, signed by President George W. Bush in 2008. Much of the directive remains secret, but the White House released a declassified summary in March, including more detail about how Einstein 3 will work and the desired role of the private sector.

The latest version of the technology, named Einstein 2, monitors Internet and e-mail message traffic into federal agencies for signatures of known malicious activity and is in place in at least 11 of the 21 agencies that run their own networks, with more to follow. The system alerts security analysts when it detects threats, but doesn’t try to stop attacks.

Einstein 3 goes further in two ways: It can analyze traffic and messages more deeply, such as reading the contents of e-mail and other messages, and it can take measures to deflect attacks in real time, reported Siobhan Gorman in the Wall Street Journal last summer.

According to the summary of the security directive, Einstein 3 will also allow the Homeland Security Department, which runs the Einstein program, to share monitored information with the National Security Agency, though that data is not supposed to include message content. The recent combination of those three elements — reading e-mail messages, asking companies to participate in the monitoring program, and getting the NSA in the loop — has set off alarm bells about future uses of Einstein 3.

“If [Einstein 3] can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?” writes Declan McCullagh for Cnet.

Those particular examples make the right technical point, but they won’t stir much outrage from law-abiding citizens. However, a comment about this story from a reader identified as osamas_pjs asks how long before Einstein “is assigned to do keyword analysis and either prevent or track messages using language which the authorities wish to censor.”

Other questions surround the willingness of companies to participate in the program. Competitive concerns may make some firms reluctant to share information about breaches that might put them at a commercial disadvantage. And from a technical standpoint, some observers point out that the use of Einstein 3-style intrusion prevention tools is already mature in private industry, so it's not clear what new benefits the government technology will offer.


About the Author

John Zyskowski is a senior editor of Federal Computer Week. Follow him on Twitter: @ZyskowskiWriter.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.


  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Fri, Mar 25, 2011 Johnyy ny

we use internet monitoring from Work Examiner ( to reduce many security risks.

Mon, Jun 7, 2010

I see an emerging market for an ISP that can guarantee its customers that they will be "free of Einstein-3". What ever the government develops along these lines, the government will also abuse. I want no part of it.

Mon, Jun 7, 2010

I bet a lot of those companies just don't want the gov to know how totally owned they are through misuse 'trust' networking, etc.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above