New worries emerge about Internet monitoring

Prospect of private-sector participation in the government's new Einstein 3 Internet monitoring system is raising concerns

Now that testing of the government’s latest Einstein 3 Internet monitoring and cyber defense system is under way, high-ranking officials have spoken again about trying to get selected companies to join agencies in using the controversial technology. But the prospect of private-sector participation in the government program, even if voluntary, has raised questions about privacy and the technology's supposed superiority over tools that companies might already be using.

Companies that operate critical infrastructure, such as power, transportation and financial networks, are the ones government officials want to get on board first, said Deputy Defense Secretary William Lynn. The Defense Department has created a task force comprised of industry and government information technology and defense interests to examine issues about sharing the Einstein technology, reported Amber Corrin in Defense Systems, a sister publication of Federal Computer Week.

The plan to include critical infrastructure operators in government cyber defense programs is a goal of National Security Presidential Directive 54, signed by President George W. Bush in 2008. Much of the directive remains secret, but the White House released a declassified summary in March, including more detail about how Einstein 3 will work and the desired role of the private sector.

The latest version of the technology, named Einstein 2, monitors Internet and e-mail message traffic into federal agencies for signatures of known malicious activity and is in place in at least 11 of the 21 agencies that run their own networks, with more to follow. The system alerts security analysts when it detects threats, but doesn’t try to stop attacks.

Einstein 3 goes further in two ways: It can analyze traffic and messages more deeply, such as reading the contents of e-mail and other messages, and it can take measures to deflect attacks in real time, reported Siobhan Gorman in the Wall Street Journal last summer.

According to the summary of the security directive, Einstein 3 will also allow the Homeland Security Department, which runs the Einstein program, to share monitored information with the National Security Agency, though that data is not supposed to include message content. The recent combination of those three elements — reading e-mail messages, asking companies to participate in the monitoring program, and getting the NSA in the loop — has set off alarm bells about future uses of Einstein 3.

“If [Einstein 3] can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?” writes Declan McCullagh for Cnet.

Those particular examples make the right technical point, but they won’t stir much outrage from law-abiding citizens. However, a comment about this story from a reader identified as osamas_pjs asks how long before Einstein “is assigned to do keyword analysis and either prevent or track messages using language which the authorities wish to censor.”

Other questions surround the willingness of companies to participate in the program. Competitive concerns may make some firms reluctant to share information about breaches that might put them at a commercial disadvantage. And from a technical standpoint, some observers point out that the use of Einstein 3-style intrusion prevention tools is already mature in private industry, so it's not clear what new benefits the government technology will offer.


About the Author

John Zyskowski is a senior editor of Federal Computer Week. Follow him on Twitter: @ZyskowskiWriter.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.