DHS documents reveal the programs set up in the wake of 9/11 are being used to forward federal network internet traffic to Israel and India without any oversight
A privacy compliance review of the Department of Homeland Security's cybersecurity systems has led to some stunning revelations about the framework that US is currently using which Congress plans on integrating with the private companies under new cybersecurity legislation.
Perhaps the most alarming information in the privacy compliance report is that the Einstein program, which is touted as Federal government's premier system for network intrusion detection and cyber threat prevention, is being used to intercept computer traffic that crosses federal government networks which is being forwarded to Israel and India.
While there are supposedly strict protocols in place for assuring the privacy of individuals in regard to data collected and shared among US agencies there are absolutely no such safeguards or oversight in place to monitor the information that is being forwarded overseas to India and Israel.
In what can only be described as doublespeak, the compliance report finds that cybersecurity system is complaint with privacy and sharing requirement only to later reveal that that program is complaint because there are no guidelines in place that must be complied to when the data is shared with external governments.
Sharing the data collected from the cybersecurity system requires agencies and organizations that are receiving the data to execute an agreement to follow guidelines on how personally identified information and data is to be shared as well as the retention rates of the data.
However, the compliance report that these agreements with Israel and India put no restrictions or guidelines on sharing information including information that could personally identify individuals or limits on data retention.
For those who dismiss my analysis see the Wired report below which confirms my analysis while reporting on a different angle of this story with details coming directly from a NSA whistleblower who reveals the juicy details of the operation.
As you read the following quoted section from the privacy compliance report, keep in mind that the claim that EINSTEIN program only reports on specific cyberthreats is an absolute lie. By reading the rest of the compliance report, the Privacy Impact Assessment, and the additional documents about the DHS cybersecurity program that are linked to below you get a complete picture of the operations being performed by the program which for starters intercepts and logs all traffic cross federal networks. At level 2 the program collects and logs IP and other internet traffic headers. At level 3, which is the level being ran for this compliance report, it collects additional data from upper level protocols such as email and web traffic headers. Furthermore the program interacts with all local, state, and federal databases, including NCIC, National Archives Database, and data amassed into NSA, FBI and CIA databases. The program also interacts with international shipping records, customs logs, bills of landing, international visitors records, DMV records, family court orders , and border crossing data, warrant databases and many other government databases. In addition to these records raw intelligence reports are included.
The reports also reveal that the DHS has redefined the meaning of several words to get around laws set up by congress to restrict their cybersecurity activities. For starters the the definition of a database - which requires a warrant to data mine - has been redefined so that any information available online including phone records, social network data, and other databases connected accessible by the the internet are no longer considered databases. In even further bypassing the laws, they have redefined a the meaning of a query that requires a warrant to only include search which look up individual records by using a key that points to specific data. That means that by instead of story data in a database table that uses pointers to individual records, raw data dumps - as collected by Einstein - can be mined without the need for a warrant.
Using the vast system which connects to all government databases DHS then uses specialized computer algorithms and highly advanced machine learning learning techniques to run templates to generate special reports to perform tasks such as automatically placing people on terror watch lists and no fly lists based on predictive probabilities that some one is a high risk of being a specific actor. The DHS even brags in their reports that they have been able to identify high-risk individual who have never committed a crime or ever even had a single interaction with law enforcement.
(Translated summary: DHS cyber security uses the most advanced artificial intelligence algorithms and tap into every monitor ever single digital communication, surveillance and database asset to implement an Orwellian big brother surveillance state and identifies individuals whose behaviors and characteristic reveal they are committing through crimes)
WTF IS WRONG WITH THIS