It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
New cyber security system -- Einstein 3 -- will be rolled out across all U.S. government agencies; in addition to detecting malicious software, the system can read e-mails and other Internet traffic
A new version of a computer intrusion detection system being developed by DHS has raised concerns from advocacy groups over privacy and the involvement of the National Security Agency (NSA) in the development of the software. The new system, known as Einstein 3, can reportedly read email as well as its original function, to detect malicious software (see 9 July 2009 HSNW).
Futuregov's Robin Hicks writes that Einstein 2 is able to detect malicious code during predefined code signatures, while Einstein 3 will also be able to read e-mail and other Internet traffic. Civil rights group Center for Democracy and Technology (CDT) called on the Obama administration to release information about the legal implications of Einstein 3, which will be rolled out across all government agencies.
"While its predecessor merely detected and reported malicious code, Einstein 3 is to have the capability of intercepting threatening Internet traffic before it reaches a government system," said a CDT spokesperson.
Hicks writes that concerns over the involvement of NSA have been raised because of the agency's track record of conducting surveillance of U.S. residents exchanging telephone calls or email messages with foreigners with suspected ties to terrorism.
CDT also called to question the role of the private sector in the development of Einstein 2 and 3, and the safeguards that will be put in place to prevent the misuse of private information collected.
Don Adams, chief security officer and CTO, Worldwide, Public Sector, said, however, that the project is unlikely to be derailed because of privacy concerns. He told FutureGov: "Einstein 3 is absolutely necessary to the defense of the U.S. Government. It will move the Forward Edge of the Battle Area (FEBA) for cyber warfare to the major private sector Internet carriers where traffic is shaped and delivered to government sites."
"The two biggest differences between Einstein 2, which still exists today, and Einstein 3 are: the inclusion of U.S. Civilian Government Agencies to those protected from cyber attacks, and moving the FEBA outside of the government systems and networks under daily attack."
NSA has participated in the development of several encryption systems for public use. These include:
* Suite B - a set of public key algorithm standards based on elliptic curve cryptography.
* Advanced Encryption Standard (AES) - an encryption algorithm, selected by NIST after a public competition. In 2003, NSA certified AES for Type 1 use in some NSA-approved systems.
* Secure Hash Algorithm - a widely-used family of hash algorithms developed by NSA based on earlier designs by Ron Rivest.
* Digital Signature Algorithm
* Data Encryption Standard (DES) - NSA's degree of involvement in DES is disputed.
* Skipjack - the cipher developed for Clipper and finally published in 1998.
* Clipper chip - a controversial failure that convinced NSA that it was advisable to stay out of the public arena.
* Security-Enhanced Linux - not strictly an encryption system, but a recognition that in the 21st century, operating system improvements are more vital to information security than better ciphers.
As the premier cryptographic government agency, the NSA has huge financial and computer resources and employs a host of cryptographers. Developments in cryptography achieved at the NSA are not made public; this secrecy has led to many rumors about the NSA's ability to break popular cryptosystems like DES (see Section 3.2), as well as rumors that the NSA has secretly placed weaknesses, called ``trapdoors,'' in government-endorsed cryptosystems. These rumors have never been proved or disproved. Also the criteria used by the NSA in selecting cryptography standards have never been made public.
Originally posted by Ambient Sound
I am a computer professional and have been for 15 years. I don't know how users see it but I have ALWAYS assumed that the entire internet and anything connected to it are accessable by the government agencies (and all their bastard children) that planned and started it. I fail to understand why anyone would think otherwise.
I don't think there has ever been true privacy on the internet except for the extrememely clever and devoted among us who have taken the time to become the experts.