Executive Order and Network Monitoring

Monday, April 29, 2013 @ 04:04 PM gHale

A policy through which federal departments offered prosecutorial immunity to companies that helped the U.S. military monitor Internet traffic on private networks of defense contractors expanded by Executive Order to include other critical infrastructure industries, according to the Electronic Privacy Information Center (EPIC).

EPIC said the pilot-version of the program run with the Departments of Justice (DoJ), Defense (DoD), and Homeland Security (DHS) came to light in June 2011 after The Washington Post published a report detailing the implementation of a new program by National Security Administration that let them monitor traffic flowing from some defense contractors through certain Internet service providers. At the time, The Washington Post quoted Deputy Defense Secretary William J. Lynn III saying the program was to help thwart attacks against defense firms and the government hoped to expand the program moving forward.

Web Access Means More Attacks
Phishers Hide Real Links with Javascript
APT Attacks Shut Down
Cyber Attack Against S. Korea

The documents obtained in the a Freedom of Information Act (FOIA) request, EPIC said, reveal the DoD advised private industry organizations on the ways in which they circumvent federal wiretap laws in order to aid the DoD and DHS in their surveillance of private Internet networks belonging to defense contractors.

EPIC, digital rights group the Electronic Frontier Foundation, and others fear the program’s expansion would apply to the broad swath of organizations that potentially fall under the vague category of critical infrastructure.

The government has not yet named the program, but EPIC said the NSA has partnered with AT&T, Verizon, and CenturyLink in order to keep tabs on the Internet traffic flowing into and out of some 15 defense contractors, including Lockheed Martin, CSC, SAIC, and Northrop Grumman.

For its part, the NSA said it is not directly monitoring these networks, but is rather filtering their traffic in order to detect the presence of suspicious packets based on a number of malicious code signatures the agency has developed.

EPIC issued a FOIA request in July 2011 requesting the following information: “All contracts and communications with Lockheed Martin, CSC, SAIC, Northrop Grumman, or any other defense contractors regarding the new NSA pilot program; All contracts and communications with AT&T, Verizon, and CenturyLink or any other ISPs regarding the new NSA pilot program; All analyses, legal memoranda, and related records regarding the new NSA pilot program; Any memoranda of understanding between NSA and DHS or any other government agencies or corporations regarding the new NSA pilot program; Any Privacy Impact Assessment performed as part of the development of the new NSA pilot program.”

The government failed to provide any of this information. So, EPIC filed a FOIA lawsuit on March 1, 2012 and eventually gained access to thousands of pages of previously unreleased documents, which they have posted on their website.

Leave a Reply

You must be logged in to post a comment.