Einstein Will Be Ineffective—Relatively Speaking

Ara Trembly
Insurance Experts' Forum, March 8, 2010

It’s not often I get an opportunity to say, “I told you so,” so quickly after opining on a topic. I recently noted here that one reason we are losing the battle against cyber-crime is that “privacy advocates” will stand in the way of the kind of monitoring necessary to catch Internet-based crooks and terrorists. 

Lo and behold, it didn’t take long for someone else to confirm that privacy issues are likely to dilute the effectiveness of our Internet security efforts. According to the Wall Street Journal, the National Security Agency is bolstering an existing Homeland Security program—dubbed Einstein—to detect and respond to cyber attacks on government systems, and perhaps on any business system deemed critical to U.S. interests.

“The current version of the program is widely seen as providing meager protection against attack, but a new version being built will be more robust—largely because it’s rooted in NSA technology. The program is designed to look for indicators of cyber attacks by digging into all Internet communications, including the contents of e-mails,” according to the Journal.

In an apparent nod to those worried about privacy, Homeland Security will then strip out identifying information and pass along data on new threats to NSA. It will also use threat information from NSA to better identify emerging cyber attacks. The Journal adds, however, that, “Declassifying details of the NSA’s role, in a program initially developed during the Bush administration and continued in the Obama administration, will likely ignite new debates over privacy.”

Of course there will be such debates and protests. Mainstream media that delighted in excoriating the Bush administration for such “intrusions” (but are strangely silent about the continuation of these policies under Obama) will probably jump all over this and remind us that it all started with the two-term Texas president. For its part, the Obama administration will make every effort to be “sensitive” to the privacy of the potential threats it monitors. The result will be a severely hampered effort that will yield far less than is hoped.

Now don’t go thinking that I am not in favor of keeping private information private. I certainly don’t want the government digging around in my electronic correspondence, even though I’m sure there’s nothing of interest there. Insurers, brokers and agents and other businesses probably don’t want to be so closely monitored either. Yet we must face the fact that cyber-criminals can hide behind such privacy concerns and laugh at our often-impotent efforts to track them down.

Somehow, a balance needs to be struck. After all, if the feds detect a threat but strip out identifying information, how will that help NSA or anyone else who wants to mitigate that threat?

And here’s another thought. Anyone with even basic knowledge of technology should already know that e-mail, in particular, is not a secure medium. E-mails can be hacked into and stolen any number of ways (witness the embarrassment of the climate change scientists caught trying to fudge climate data for their own ends). I’ve said this many times before, but if you wouldn’t want that e-mail running across the news ticker at Times Square, you probably shouldn’t send it.

It also amuses me that the same people who routinely reveal personal, private and confidential information about themselves on social networking sites are having a cow about the government seeing their dirty laundry.

What it comes down to is this: We have to trust someone to monitor potentially dangerous communications, especially where such communications concern our national security. The White House’s new cyber-security chief, Howard Schmidt, needs to lay down some guidelines that, while providing protection against unwarranted intrusions into the affairs (pun intended) of private citizens, also allows those who protect us to do their jobs effectively.

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Pitfalls of Using Assembly Line Methods to Create Software

Most of the time, when the business needs IT, it is for custom software development, just like creating a concept car.

Wearables and Gamification in Life Insurance Goes Mainstream?

With so many U.S. households still uninsured, insurers are going have to try new things to re-position their product, focusing on consumer needs.

Will John Hancock Vitality Transform Insurance?

The Vitality program integrates this information directly into the rewards, giving you credit for the exercise, just by virtue of reporting it.

Why Customers Should Want Innovative Insurers

At a time when confidence in the insurance industry has been compromised, innovative companies can break the mold.

Five Ways to a Positive User Experience

The user experience can make or break an application. Here are five ways to measure whether itís positive or negative.

Innovation & Insight Day Recap

The Insurance Team recognized fifteen model banks across five categories: Digital; Data Mastery; Legacy and Ecosystem Transformation; Innovation and Emerging Technologies; and Operational Excellence.