Just a week after the Defense Department announced plans to put the National Security Agency in charge of military cyber defense and attack, the agency’s reach has already expanded to include monitoring of government civilian networks.
The Obama administration has decided to proceed with a classified Bush administration plan to let the NSA monitor traffic going to and from government civilian networks to protect the networks from malicious code and activity, according to a Washington Post story on Friday.
Given the NSA’s involvement in the Bush administration’s warrantless eavesdropping program, critics are concerned that the monitoring of government traffic on private-sector telecommunication networks that are used by the general public would allow the agency to once again spy on large swaths of non-government traffic without a warrant.
AT&T, which was scheduled to launch a pilot project last February to test the monitoring program, has insisted on government assurances that its cooperation is legal. The company, along with other U.S. telecoms, were sued in 2006 for their involvement in the Bush administration’s warrantless eavesdropping scheme before being given retroactive immunity by Congress last year.
In the monitoring program, called Einstein 3, telecommunication companies would route data going to and from government networks through an NSA monitoring box, which would examine the traffic for malicious code or suspicious activity suggestive of a network attack.
But critics are concerned that proper oversight is in place to prevent non-government traffic from being vacuumed into the system. There are also concerns that the content of correspondence sent to and from government officials and workers, including personal communication sent via private e-mail accounts accessed from a government computer, would be collected and scrutinized by the NSA. The classified NSA technology that would be used to monitor the communications is codenamed Tutelage, according to the Post, and is already used on military networks.
Department of Homeland Security officials say that although the technology being used for the project will come from the NSA, DHS will oversee its implementation on private networks.
“We absolutely intend to use the technical resources, the substantial ones, that NSA has,” DHS secretary Janet Napolitano said. “But . . . they will be guided, led and in a sense directed by the people we have at the Department of Homeland Security.”
In May, President Obama declared that the government’s “pursuit of cybersecurity will not include — I repeat, will not include — monitoring private sector networks or internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans.”
Ari Schwartz, a vice president of the Center for Democracy and Technology, received a classified briefing of the Einstein program in March, along with other civil liberties advocates, and expressed some faith in Obama’s pledge to protect the public’s privacy.
“There are a number of concerns that come with this process, the main one being how do you go about protecting the system in a way that insures you’re not monitoring private systems,” Schwartz told the Associated Press. “I don’t have a full answer to that question, but the president made that pledge. That makes me more comfortable that it won’t happen.”