U.S. President Barack Obama’s administration needs to answer several questions about the privacy implications of a new version of a computer intrusion detection system that can reportedly read e-mail, a privacy and civil rights advocacy group said.
The Center for Democracy and Technology (CDT), in a report released Tuesday, called on the Obama administration to release information about the legal authority for the so-called Einstein intrusion detection system, a version of which has been rolled out at the U.S. Department of Homeland Security.
The CDT report also asks the Obama administration to release information about the role of the U.S. National Security Agency (NSA) in the development and operation of Einstein 3, a new version of the software reportedly being developed.
The second version of Einstein is deployed at the DHS and is being rolled out to other U.S. agencies. While Einstein 2 is able to detect malicious code during predefined code signatures, Einstein 3 will also be able to read e-mail and other Internet traffic, according to recent press reports.
“This raises serious privacy concerns,” the CDT report says. “While its predecessor merely detected and reported malicious code, Einstein 3 is to have the capability of intercepting threatening Internet traffic before it reaches a government system, raising additional concerns. According to press accounts, Einstein 3 will operate inside the networks of the telecoms …”
The Einstein 3 used capabilities created by the NSA, the CDT paper says. NSA is the agency that partnered with U.S. telecom carriers in recent years to conduct surveillance on U.S. residents exchanging telephone calls or e-mail messages with foreigners with suspected ties to terrorism.
Spokespeople for DHS and NSA didn’t immediately return messages seeking comment on the CDT report.
The kind of information the CDT is asking the Obama administration to disclose about Einstein is similar in some ways to information released in a privacy impact statement for Einstein 2, released in May 2008, said Gregory Nojeim, CDT’s senior counsel. The information CDT is seeking “wouldn’t help an adversary overcome the system,” he said.
Among other things, CDT wants to know what law gives DHS the legal authority to conduct such surveillance, Nojeim said. “Some facts about the program might need to remain secret, but the law that supports it cannot be a secret,” he added.
CDT also wants to know:
— If the private sector was involved in developing Einstein 2 and 3.
— What safeguards will be put in place to prevent the misuse of private information collected.
— What personally identifiable information will be collected by Einstein 3.
— How will DHS share data collected with Einstein 3?