CDT Report: Privacy, Legal Concerns Surround Secret Government Cybersecurity System

For Immediate release
July 28, 2009

Washington, D.C. — The Center for Democracy & Technology today released a report outlining a series of privacy and legal questions that surround the government computer monitoring system known as "Einstein." The report calls on the Administration to release information about the legal authority for Einstein, the role of the nation’s top spy agency, the National Security Agency, in its development and operation, and the impact of Einstein on the privacy.

According to published reports, Einstein is an "intrusion detection system" that continuously monitors government networks looking for malicious code or hacking activity. Currently, the Department of Homeland Security uses "Einstein 2," and other agencies are scheduled to follow. According to reports, a new version, Einstein 3, is being developed. While both versions monitor networks looking for pre-identified threats, such as known viruses, Einstein 3 reportedly can read the content of email and other Internet traffic. It can also intercept threatening Internet traffic before it reaches a government system, thanks to technology based on a similar program used by the NSA.

"Many privacy concerns involving Einstein 2 still haven’t been answered," said CDT President and CEO Leslie Harris. "The deployment of Einstein 3, with its ability to actually read the content of email and other Internet traffic, significantly raises privacy risks for Americans," Harris said. "Who is watching the system to ensure that it examines only communications with the government?"

The CDT report lists more than 30 pointed questions that the Administration should answer about the deployment and operation of Einstein system, from who designed it to what protections are in place to ensure Internet traffic between private parties isn’t monitored to what kinds of personally identifiable information will Einstein collect.

"This report calls for the release of any legal opinions about the Einstein system," said CDT Senior Counsel Gregory T. Nojeim. "We saw how secrecy in the last Administration shielded widespread violation of civil liberties," Nojeim said. "We’re trying to make sure that cybersecurity efforts of the new Administration don’t retrace the same dangerous path."

The full report can be found online here.