Potential privacy problems keep popping up

Privacy advocates, always alert for online federal programs that could infringe on civil liberties, must feel like they are playing one big game of whack-a-mole these days.

First, news broke that the Homeland Security Department had ratcheted up its surveillance of social networking sites, even creating a division to collect and analyze online chatter in the days leading up to President Barack Obama’s inauguration. Then came word that DHS was teaming with the National Security Agency to bolster the defense of public networks against cyberattacks.

It’s not that privacy watchdogs imagine a vast conspiracy aimed at turning the Internet into an all-purpose surveillance network. But they do worry that individual agencies — DHS, among others — might rush ahead with new projects without giving sufficient thought to the privacy ramifications.

That is especially a concern when it comes to homeland security because any intention to protect civil liberties must be weighed against the need to ensure the safety of people and public institutions.

Officials at the Electronic Frontier Foundation (EFF) are not convinced that DHS has struck the right balance. Working with the University of California at Berkeley’s Samuelson Law, Technology and Public Policy Clinic, they filed a Freedom of Information Act lawsuit against the department, which is how they learned about the Social Networking Monitoring Center and its role in inauguration security.

According to the documents the foundation received, experts at the center searched for items of interest on Facebook, MySpace, Twitter, news sites, political commentary sites and demographic-specific websites, such as MiGente and BlackPlanet. The documents also show that the center’s strategy included privacy guidelines known as the Fair Information Practice Principles. But EFF experts found scant comfort.

“While it is laudable to see DHS discussing the Fair Information Practice Principles as part of the design for such a project, the breadth of sites targeted is concerning,” writes Jennifer Lynch at EFF.

The documents also revealed an effort by immigration officials to surreptitiously friend Facebook users with hopes of finding evidence of illegal activities, such as fraudulent marriages arranged strictly to get citizenship. However, the documents did not mention the criteria for identifying someone as a target, which means every application is a potential target, Lynch notes.

David Gewirtz, a cyber warfare and counter cyberterrorism adviser, does not share EFF’s concerns about the Social Networking Monitoring Center. Writing at ZDnet, he notes that “good, solid, preventative intelligence work” is an important part of national security.

However, Gewirtz said the same system might be applied to more mundane matters of law enforcement. At that point, it “no longer seems like the long arm of the law wrapping itself around us in a protective hug but more like something intrusive and potentially threatening.”

The collaboration between DHS and NSA also brings the possibility of scope creep, observers say.

According to the announcement, the two agencies will send experts to each other’s operations centers to improve information sharing and give DHS the benefit of NSA’s extensive experience in network surveillance.

But how far will the collaboration go? “By letting NSA show DHS the ropes, the government is taking the risk that NSA will import too much of that intelligence culture along with its security expertise,” writes Leslie Harris at Huffington Post.

The other player that could pop onto the scene is the Defense Department’s Cyber Command. Gen. Keith Alexander, head of both the Cyber Command and NSA, has said the command will not be involved in protecting the civilian Internet. But Spencer Ackerman, writing at Wired.com’s "Danger Room" blog, questions that distinction given that numerous military operations rely on unclassified networks.

“In other words, the seemingly bright line between dot-com and dot-mil gets fuzzier and fuzzier the longer you look,” Ackerman writes.

 

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Thu, Oct 28, 2010 Jeffrey A. Williams Frisco Texas

Jennifer Lynch is right IMPO. As a IT security professional I am confident that the tracking of so many Domain names and individual user id's and than bein able to decern much useful information from a safty and/or security perspective is problamatic. Further Americans just plain don't like being snooped upon.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above