Constitution Project Report on Proposed Cybersecurity Programs
The Constitution Project's Liberty and Security Committee has released a new report warning of the potential for privacy invasion in proposed cybersecurity intitiatives, especially those providing for sharing of information between the government and private sector. The full report is here.
It is important that our nation develop and operate cybersecurity programs and policies to these vulnerabilities. These programs, however, pose a potential threat to Americans’ privacy rights and civil liberties. As proposals have arisen that would enable the federal government to move toward monitoring all information transferred over private networks, individuals face the risk of being subjected to the equivalent of a perpetual “wiretap” on their private communications and web browsing behavior.
Moreover, the debate regarding cybersecurity has been hampered by excessive secrecy surrounding the true nature and scope of the threat and the best mechanisms for protecting against it.
The report calls for safeguards to be included in government programs so as not to run afoul of the Fourth Amendment and privacy rights.
- Establish Effective Oversight
- Implement Effective Privacy Safeguards
- Limit Scope of Use or Access to Content
The report specifically calls attention to proposed modifications of the Einstein cybersecurity program.
The Einstein cybersecurity program is presently limited to traffic to and from federal agencies’ computers.
The OLC has formally stated that federal employees using government networks, as well as private citizens who communicate with federal agencies and their employees, do not have a reasonable expectation of privacy in their communications and, therefore, that Einstein technology does not violate their Fourth Amendment right “to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures.”
The OLC further argues that, even if citizens have a reasonable expectation of privacy, the government is still entitled to monitor network communications because individuals have consented. Additionally, the government has a special need to review communications in the interest of national security.
The program has been expanding (Einstein II, III, etc.) The report says:
Regardless of the government’s earnest intentions, clear and proper safeguards should be implemented to prevent unrestricted government access to individuals’ private information when searching network communications for harmful material. Otherwise, the federal government runs the risk of establishing a program akin to wiretapping all network users’ communications.
The report points out:
Although private citizens have no reasonable expectation of privacy in the basic information contained in communication flow records, they do have a legitimate expectation of privacy in the content of their communications while they are in transit.
Disclosure of information necessary to transmit data across a network does not imply willing disclosure of the content of the transmitted communications. This is a distinction the Supreme Court has repeatedly identified as the boundary between consenting disclosure and unreasonable invasion of privacy.
....However, the third-party doctrine provides a potential loophole for access to the content of communications when those communications are turned over to the government by a third party.
The report also addresses pending legislation, and says more than 50 cybersecurity bills have recently been introduced. It also reviews the White House proposal.
|< Is Hillary Really Done With Politics? | FBI Soliciting for Apps Capable of Massive Social Media Datamining >|