The Bushization of Obama continues with a plan to involve the NSA in screening private-sector networks, The Washington Post reports.
The plan not only uses the NSA to monitor private networks but it does so in a way that makes it unclear who exactly is in charge of the effort.
"We absolutely intend to use the technical resources, the substantial ones, that NSA has. But . . . they will be guided, led and in a sense directed by the people we have at the Department of Homeland Security," the department's secretary, Janet Napolitano, told reporters in a discussion about cybersecurity efforts.
"In a sense?" Great.
Indeed, DHS also offers this none-too-satisfying assurance: "the new program will scrutinize only data going to or from government systems."
Hmm, wasn't that the promise Bush made about warrantless NSA wiretaps - that only calls going between the U.S. and certain countries would be monitored? And then we found out the NSA was listening to calls between U.S. locations.
First private site to be followed: good ol' NSA buddy AT&T.
AT&T, the world's largest telecommunications firm, was the Bush administration's choice to participate in the test, which has been delayed for months as the Obama administration determines what elements to preserve, former government officials said. The pilot program was to have begun in February. "To be clear, Einstein 3 development is proceeding," DHS spokeswoman Amy Kudwa said. "We are moving forward in a way that protects privacy and civil liberties."
So, what's going on exactly? The Post story says:
Each time a private citizen visited a "dot-gov" Web site or sent an e-mail to a civilian government employee, that action would be screened for potential harm to the network.
The AT&T test is part of a Bush-era pilot program for Einstein 3, a program that calls for telecommunications companies to route the Internet traffic of civilian agencies through a monitoring box that would search for and block computer codes designed to penetrate or otherwise compromise networks.
According to Wikipedia, Einstein is:
designed to collect session data including:
- Autonomous system numbers (ASN)
- ICMP type and code
- Packet length
- Sensor identification and connection status (the location of the source of the data)
- Source and destination IP address
- Source and destination port
- TCP flag information
- Timestamp and duration information
There's also a classified NSA system, known as Tutelage, that can decide how to handle malicious intrusions. It's currently in place defending military networks.
Privacy advocates are watching carefully but appear to be willing to listen to assurances that plans are in place to support privacy and civil liberties.
"We came away saying they have a lot of work in front of them to get this done right," the Center for Democracy and Technology's Ari Schwartz said. "We're looking forward to their next steps."