Einstein Will Be IneffectiveRelatively Speaking
Insurance Experts' Forum, March 8, 2010
It’s not often I get an opportunity to say, “I told you so,” so quickly after opining on a topic. I recently noted here that one reason we are losing the battle against cyber-crime is that “privacy advocates” will stand in the way of the kind of monitoring necessary to catch Internet-based crooks and terrorists.
Lo and behold, it didn’t take long for someone else to confirm that privacy issues are likely to dilute the effectiveness of our Internet security efforts. According to the Wall Street Journal, the National Security Agency is bolstering an existing Homeland Security program—dubbed Einstein—to detect and respond to cyber attacks on government systems, and perhaps on any business system deemed critical to U.S. interests.
“The current version of the program is widely seen as providing meager protection against attack, but a new version being built will be more robust—largely because it’s rooted in NSA technology. The program is designed to look for indicators of cyber attacks by digging into all Internet communications, including the contents of e-mails,” according to the Journal.
In an apparent nod to those worried about privacy, Homeland Security will then strip out identifying information and pass along data on new threats to NSA. It will also use threat information from NSA to better identify emerging cyber attacks. The Journal adds, however, that, “Declassifying details of the NSA’s role, in a program initially developed during the Bush administration and continued in the Obama administration, will likely ignite new debates over privacy.”
Of course there will be such debates and protests. Mainstream media that delighted in excoriating the Bush administration for such “intrusions” (but are strangely silent about the continuation of these policies under Obama) will probably jump all over this and remind us that it all started with the two-term Texas president. For its part, the Obama administration will make every effort to be “sensitive” to the privacy of the potential threats it monitors. The result will be a severely hampered effort that will yield far less than is hoped.
Now don’t go thinking that I am not in favor of keeping private information private. I certainly don’t want the government digging around in my electronic correspondence, even though I’m sure there’s nothing of interest there. Insurers, brokers and agents and other businesses probably don’t want to be so closely monitored either. Yet we must face the fact that cyber-criminals can hide behind such privacy concerns and laugh at our often-impotent efforts to track them down.
Somehow, a balance needs to be struck. After all, if the feds detect a threat but strip out identifying information, how will that help NSA or anyone else who wants to mitigate that threat?
And here’s another thought. Anyone with even basic knowledge of technology should already know that e-mail, in particular, is not a secure medium. E-mails can be hacked into and stolen any number of ways (witness the embarrassment of the climate change scientists caught trying to fudge climate data for their own ends). I’ve said this many times before, but if you wouldn’t want that e-mail running across the news ticker at Times Square, you probably shouldn’t send it.
It also amuses me that the same people who routinely reveal personal, private and confidential information about themselves on social networking sites are having a cow about the government seeing their dirty laundry.
What it comes down to is this: We have to trust someone to monitor potentially dangerous communications, especially where such communications concern our national security. The White House’s new cyber-security chief, Howard Schmidt, needs to lay down some guidelines that, while providing protection against unwarranted intrusions into the affairs (pun intended) of private citizens, also allows those who protect us to do their jobs effectively.
Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.
Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at email@example.com.
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.
Add Your Comments...
If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.
You must be registered to post a comment. Click here to register.