The Washington Post reports on a public-private collaboration (the National Security Agency, AT&T, Verizon and CenturyLink) that raises privacy concerns:
The National Security Agency is working with Internet providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.
The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.
“We hope the . . . cyber pilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. […]
The prospect of a role for the NSA, the nation’s largest spy agency and a part of the Defense Department, in helping Internet providers filter domestic Internet traffic already had raised concerns among privacy activists. Lynn’s suggestion that the program might be extended beyond the work of defense contractors threatened to raise the stakes further. […]
Officials say the program does not involve direct monitoring of the contractors’ networks by the government. The pilot program uses NSA-developed “signatures,” or fingerprints of malicious code, and sequences of suspicious network behavior to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers. The trial is testing two particular sets of signatures and behavior patterns that the NSA has detected as threats. […]
But civil liberties advocates are worried that a provision in the White House’s recent legislative proposal on cybersecurity could open the way to government surveillance through public-private partnerships such as this one. They are concerned that the proposal would authorize companies to share vast amounts of communications data with the federal government.