New worries emerge about Internet monitoring

Now that testing of the government’s latest Einstein 3 Internet monitoring and cyber defense system is under way, high-ranking officials have spoken again about trying to get selected companies to join agencies in using the controversial technology. But the prospect of private-sector participation in the government program, even if voluntary, has raised questions about privacy and the technology's supposed superiority over tools that companies might already be using.

Companies that operate critical infrastructure, such as power, transportation and financial networks, are the ones government officials want to get on board first, said Deputy Defense Secretary William Lynn. The Defense Department has created a task force comprised of industry and government information technology and defense interests to examine issues about sharing the Einstein technology, reported Amber Corrin in Defense Systems, a sister publication of Federal Computer Week.

The plan to include critical infrastructure operators in government cyber defense programs is a goal of National Security Presidential Directive 54, signed by President George W. Bush in 2008. Much of the directive remains secret, but the White House released a declassified summary in March, including more detail about how Einstein 3 will work and the desired role of the private sector.

The latest version of the technology, named Einstein 2, monitors Internet and e-mail message traffic into federal agencies for signatures of known malicious activity and is in place in at least 11 of the 21 agencies that run their own networks, with more to follow. The system alerts security analysts when it detects threats, but doesn’t try to stop attacks.

Einstein 3 goes further in two ways: It can analyze traffic and messages more deeply, such as reading the contents of e-mail and other messages, and it can take measures to deflect attacks in real time, reported Siobhan Gorman in the Wall Street Journal last summer.

According to the summary of the security directive, Einstein 3 will also allow the Homeland Security Department, which runs the Einstein program, to share monitored information with the National Security Agency, though that data is not supposed to include message content. The recent combination of those three elements — reading e-mail messages, asking companies to participate in the monitoring program, and getting the NSA in the loop — has set off alarm bells about future uses of Einstein 3.

“If [Einstein 3] can perform deep packet inspection to prevent botnets from accessing certain Web pages, for instance, could it also be used to prevent a human from accessing illegal pornography, copyright-infringing music, or offshore gambling sites?” writes Declan McCullagh for Cnet.

Those particular examples make the right technical point, but they won’t stir much outrage from law-abiding citizens. However, a comment about this story from a reader identified as osamas_pjs asks how long before Einstein “is assigned to do keyword analysis and either prevent or track messages using language which the authorities wish to censor.”

Other questions surround the willingness of companies to participate in the program. Competitive concerns may make some firms reluctant to share information about breaches that might put them at a commercial disadvantage. And from a technical standpoint, some observers point out that the use of Einstein 3-style intrusion prevention tools is already mature in private industry, so it's not clear what new benefits the government technology will offer.