Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/13/2012
11:34 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

DHS Network Monitoring: 4th Amendment Problems?

Einstein network monitoring system, designed to spot cyber attacks, could raise privacy concerns related to Fourth amendment, Congressional Research Service says.

10 Great iPad Apps From Uncle Sam
10 Great iPad Apps From Uncle Sam
(click image for larger view and for slideshow)
An intrusion detection program that the federal government uses to protect its computer networks could raise privacy concerns under the Fourth Amendment, Congress' policy research organization said in a recent report.

In a March report, the Congressional Research Service said that the federal government's monitoring of network traffic under the Einstein network monitoring and intrusion detection and protection program could constitute unreasonable search and seizure under the Fourth Amendment, though it noted that the government has strong arguments that the program is constitutional.

Einstein, operated by the Department of Homeland Security with some help from the National Security Agency, is a cross-government effort to monitor federal networks for cyberattacks. As part of those efforts, the system monitors all communications, including federal employee communications with private citizens, which, according to the report, "may trigger Fourth Amendment guarantees to the right to be free from unreasonable searches and excessive government intrusion," despite the steps the government has put in place to mitigate privacy concerns.

[ Read DHS Advances Einstein Cybersecurity Deployment. ]

Einstein monitors and copies all network activity into and out of federal networks, including the content of emails to and from government officials' work and private emails and any communication on Twitter and Facebook. Einstein then scans the data for known malware and other attacks, and saves the data when it discovers an attack or attack vector.

The Fourth Amendment guarantees people's right "to be secure in their own persons, papers, and effects, against unreasonable searches and seizures" and was written to protect people against the government in particular. The Amendment only applies when a government act is a "search or seizure," and is unconstitutional only where unreasonable, which turns partially on whether the individual asserting that his or her rights were violated had a reasonable expectation of privacy.

Although courts have found that Internet users don't have privacy expectations for the routing information of their Internet communications, which could indicate who someone is communicating with, the content of that communication is another issue altogether, and the fact that EINSTEIN actually stores that content is a cause for concern, according to the report.

The issue could be concerning from a legal perspective for both federal employees and for private citizens whose communications might be swept up as part of the monitoring effort, the report says. The Supreme Court has ruled that employers may read employees' communications if the monitoring is conducted for a "noninvestigatory work-related purpose" and isn't "excessively intrusive," but the report notes that the purpose could be questioned, and there are "reasonable argument[s]" that monitoring of all employee communications is intrusive. The report indicates that more serious concerns arise from the monitoring of private communications with the government.

Although the Obama administration has steadfastly defended Einstein's constitutionality, the program's adherence to the Fourth Amendment has been questioned in the past. As early as 2010, Brookings Institution fellow Jack Goldsmith, professor of law at Harvard Law School, wrote that the Fourth Amendment is a "significant hurdle" for the Einstein program.

More recently, this January, Constitutional rights watchdog The Constitution Project flagged concerns about whether the program might violate the Fourth Amendment, and said that future plans to expand the program and cybersecurity efforts like it could raise even further questions.

Put an end to insider theft and accidental data disclosure with network and host controls--and don't forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone's concern, and lessons learned from the Global Payments breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
4/14/2012 | 9:14:46 PM
re: DHS Network Monitoring: 4th Amendment Problems?
Shouldn't they be able to monitor traffic traversing their network though? Not sure that is a fourth amendment violation. @readers: what do you think?
Brian Prince, InformationWeek/Dark Reading
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.