GovInfoSecurity reports on a U.S. Senate hearing about Einstein 3. It is a Bush-era pilot program, continued under Obama, that seeks to have private telecommunications companies route the Internet traffic of civilian government agencies through hardware and software that would search for and block malicious computer codes.
Philip Reitinger, Department of Homeland Security deputy undersecretary for the National Protection and Programs Directorate, told the Senate Committee on the Judiciary’s Subcommittee on Terrorism and Homeland Security that DHS envisions deploying Einstein 3 as an intrusion prevention system.
Einstein 1 monitors network flow and Einstein 2 detects system intrusions. […]
But Gregory Nojeim, senior counsel and director of Project Freedom, Security and Technology at the Center for Democracy and Technology, cited press accounts that Einstein 3 would rely on pre-defined signatures of malicious code that might contain personally identified information, and threaten the privacy of law-abiding citizens. […]
Reitinger assured the committee that DHS is sensitive to privacy rights and civil liberties protection with the deployment of Einstein. He said DHS has added layers of protection by creating an oversight and compliance officer position within the Office of the Assistant Secretary for Cybersecurity and Communications, whose primary function is the monitoring and oversight of the Einstein program. […]
Despite these assurances, Nojeim suggested the subcommittee consider legislation to require independent audits of Einstein 3 to ensure that no private-to-private communications are scrutinized, and require a report to Congress if they are.