Thursday, March 04, 2010

More details emerging of NSA's next generation Internet surveillance

The Obama administration is continuing to expand a National Security Agency-run Internet surveillance program first started by the Bush administration.

The surveillance project, known as Einstein, was previously reported by WMR to be a surveillance program and not, primarily, a network security countermeasure as billed by NSA and the Bush administration.

On September 15, 2008, WMR reported: "WMR has learned from government sources that the Bush administration has authorized massive surveillance of the Internet using as cover a cyber-security multi-billion dollar project called the 'Einstein' program. Billed as a cyber-security intrusion detection system for federal computer systems and networks, WMR has been told that the actual intent of Einstein is to initially monitor the email and web surfing activities of federal employees and contractors and not in protecting government computer systems from intrusion by outsiders. In February 2008, President Bush signed a directive that designated the National Security Agency (NSA) as the central administrator for the federal government's computer and network security. Although Einstein is primarily a program under the aegis of the Computer Emergency Readiness Team (US-CERT) of the National Cyber Security Division of the Homeland Security Department, WMR has learned that it has the personal support of Director of National Intelligence (DNI) Mike McConnell, a former NSA director. Einstein is advertised as merely conducting traffic analysis within the dot (.) gov and dot (.) mil domains, including data packet lengths, protocols, source and destination IP addresses, source and destination ports, time stamp information, and autonomous system numbers. However, WMR has learned that Einstein will also bore down into the text of email and analyze message content. In fact, most of the classified budget allotted to Einstein is being used for collecting information from the text of messages and not the header data."

WMR further reported: " . . . WMR has learned that most of the classified technology being used for Einstein was developed for the NSA in conducting signals intelligence (SIGINT) operations on email networks in Russia. Code-named PINWALE, the NSA email surveillance system targets Russian government, military, diplomatic, and commercial email traffic and burrows into the text portions of the email to search for particular words and phrases of interest to NSA eavesdroppers. The DNI and NSA also plan to move Einstein into the private sector by claiming the nation's critical infrastructure, by nature, overlaps into the commercial sector. There are classified plans, already budgeted in so-called "black" projects, to extend Einstein surveillance into the dot (.) com, dot (.) edu, dot (.) int, and dot (.) org, as well as other Internet domains."

The Internet surveillance project reported by WMR in September 2008 is known as "Einstein 2." The system that will extend NSA surveillance into the private sector is known as "Einstein 3." On September 16, 2008, WMR reported Einstein's expansion globally: "The National Security Agency's (NSA) 'Einstein' Internet surveillance technology is set to be extended to the nations of the South Pacific if New Zealand's NSA counterpart, the Government Communications Security Bureau (GCSB) gets its way."

Speaking at the RSA Security conference in San Francisco on March 3, Greg Schaffer, assistant secretary of Homeland Security for cybersecurity and communications, tipped attendees off on the future plans of the NSA and Homeland Security Department to extend Einstein 3 surveillance to non-government networks, including the Internet.

Einstein was a personal pet project of Bush's Homeland Security Secretary Michael Chertoff. With Chertoff continuing to advise the Homeland Security Department and Secretary Janet Napolitano, the Obama administration is continuing to embrace the Internet surveillance policies adopted by the Bush administration. Napolitano is also continuing Chertoff's policies by keeping most of the details about Einstein, both versions 2 and 3, classified.

The NSA and the Obama administration are claiming that Einstein 3 does not read the content of e-mail messages, however, much of the details of the system are not only classified but AT&T, which was instrumental in conducting highly-classified warrantless wiretaps of Internet traffic on behalf of the NSA as part of STELLAR WIND, is involved in testing Einstein 3.

The history of NSA's expansion of its surveillance capabilities suggests that it is being as disingeneous about Einstein 3 as it was about previous forays into private telecommunications surveillance, including the Clipper and Capstone encryption key escrow systems that allowed NSA to possess the decryption keys to listen to and read scrambled private phone calls and e-mail messages, respectively.

NSA often will state we want to do "A" but not "B." In fact, NSA always wants to do "A" and "B," with plans to do "C."