Cybersecurity Plan Doesn't Breach Employee Privacy, Administration Says

By Ellen Nakashima
Washington Post Staff Writer
Saturday, September 19, 2009

The Obama administration has agreed with its predecessor that a special surveillance program to monitor federal Internet traffic for malicious intrusions does not violate the privacy rights of government employees or others they communicate with.

By notifying government employees logging on to their computers that they have "no reasonable expectation of privacy" while using the network, the government's Einstein 2 program is lawful, according to an Aug. 14 Justice Department memo that was released Friday.

That applies to a private citizen who, say, sends an e-mail to a government employee -- even to the employee's private account if he or she opens it at work, wrote David J. Barron, acting assistant attorney general for the Office of Legal Counsel.

"A person communicating with another assumes the risk that the person has agreed to permit the Government to monitor the contents of that communication," he wrote, alluding to the "one-party consent" rule set out in the Wiretap Act of 1968.

The memo's release is part of an Obama administration effort to be more transparent than its predecessor. It drew upon the legal analysis spelled out in a 35-page opinion dated Jan. 9 -- also released Friday -- that was written by Principal Deputy Assistant Attorney General Steven G. Bradbury, then acting head of the Office of Legal Counsel.

Einstein 2, the program described in the memos, is a Department of Homeland Security program to detect harmful viruses and computer codes infiltrating government networks. The program is not supposed to capture e-mails that do not transit a government network.

Of far greater concern, civil liberties advocates said, is the legality of a more controversial, and mostly classified, government program under development, Einstein 3 , which was initiated under the Bush administration. The program aims not only to detect, but also to block malicious code and would involve placing the technology on the networks of private telecommunications companies.

As a result, Einstein 3 may risk capturing, even inadvertently, strictly private e-mail traffic, said James X. Dempsey, vice president for public policy at the Center for Democracy and Technology.

"There's a whole separate set of legal questions," he said, calling on the administration to make the Einstein 3 legal opinions public.

Stewart A. Baker, DHS assistant secretary for policy during the Bush administration, said the legal analysis should be the same, because both programs aim to protect government networks.

"If, by mistake, some private communication is directed through this system," he said, "the result will be that the malware . . . won't be delivered, to which the right response is, 'Thank you very much,' not 'You've violated my rights.' "

© 2009 The Washington Post Company