The Department of Homeland Security’s Privacy Office has released a new Privacy Impact Assessment (DHS pdf; archive pdf) cybersecurity program Einstein. It is a Bush-era pilot program, continued under Obama, that seeks to have private telecommunications companies route the Internet traffic of civilian government agencies through hardware and software that would search for and block malicious computer codes; see more here and here. Recently, the Constitution Project included a discussion of EINSTEIN and privacy and civil liberties in a report, “Recommendations for the Implementation of a Comprehensive and Constitutional Cybersecurity Policy” (Project pdf; archive pdf), calling on Congress to include strong privacy protections in any cybersecurity legislation it adopts.
From the Privacy Impact Assessment:
The Department of Homeland Security (DHS) and the Department of Defense (DoD) are jointly undertaking a proof of concept known as the Joint Cybersecurity Services Pilot (JCSP). The JCSP extends the existing operations of the Defense Industrial Base (DIB) Exploratory Cybersecurity Initiative (DIB Opt-In Pilot) and shifts the operational relationship with the CSPs in the pilot to DHS. The JCSP is part of overall efforts by DHS and DoD to enable the provision of cybersecurity capabilities enhanced by U.S. government information to protect critical infrastructure information systems and networks. The purpose of the JCSP is to enhance the cybersecurity of participating DIB critical infrastructure entities and to protect sensitive DoD information and DIB intellectual property that directly supports DoD missions or the development of DoD capabilities from unauthorized access, exfiltration, and exploitation. […]
During the Defense Industrial Base (DIB) Exploratory Cybersecurity Initiative (DIB Opt-In Pilot), DoD shared classified indicators associated with cyber threat countermeasure capabilities directly with commercial service providers (CSPs) in order to protect information on DIB company networks. The DIB Opt-In Pilot focused on two cyber threat countermeasures: 1) the ability to block Domain Network System (DNS) traffic to malicious domains (referred to as DNS Sinkholing), and 2) e-mail filtering that would include quarantining incoming infected messages. The JCSP seeks to build upon the DIB Opt-In Pilot and allow DHS, through the National Cyber Security Division (NCSD) U.S. Computer Emergency Readiness Team (US-CERT), to share indicators and other information about known or suspected cyber threats directly with CSPs to enhance the protection of JCSP participants, including certain DIB companies and any participating federal agencies.