Homeland Security to destroy government network surveillance records
The records to be dumped – more than three years old at this point – come from the controversial monitoring system called Einstein and include data about traffic to government websites, agency network intrusions and general vulnerability, according to Nextgov.com.
The Einstein surveillance project was a Bush Administration initiative implemented in 2004 to automatically collect computer network security information from participating federal agencies. Initially only a few federal agencies participated in the monitoring system, but with additional funding it was deployed at fifteen of nearly six hundred agencies, departments and web resources of the US government.
— Say No to the TTIP (@kencampbell66) November 25, 2014
The Department of Homeland Security (DHS) said the reason for purging the records is that there is "quickly diminishing value for most of the data collected pursuant to intrusion detection, prevention and analysis."
Records considered of “no value” are emails of federal workers and public citizens communicating about potential cyber threats to DHS, “suspicious files, spam and other potential cyber threats,” indicators of known and unknown malicious activity, and a repository for threat sightings and indicators.
The destruction of records is typically made because of the costs of storing information indefinitely, but security experts say commercial storage costs are $50 a month per terbyte of data in the cloud. The National Archives and Records Administration has tentatively approved the purging plan pending a public comment period.
Security experts argue the problem with destroying records is it would be deleting historical threat data, and privacy experts say destroying the data could eliminate evidence that the government-wide surveillance system doesn’t perform as intended.
The nonprofit SANS Internet Storm Center, which monitors malicious activity on the public web, retains observation data for 12 years.
“Older intrusion-detection records provide insight into the evolution of threats,” said Johannes Ullrich, dean of research at the SANS Technology Institute, to Nextgov. Analysts there sometimes need even older data to answer today's research questions.
"The Einstein data would likely be a goldmine for researchers, as it documents attacks against very specific networks in a consistent way over a large extent of time,” said Ullrich.
Some civil liberties advocates back the plan to purge records as much of the data concerns user activity.
“We would typically not want agencies to retain that data,” Ginger McCall, director of Open Government Program at the Electronic Privacy Information Center, told Nextgov.
Rep. Elijah Cummings (D-Md.), the ranking Democrat on the House Oversight and Government Reform Committee, will review the types of records set to be discarded, a committee staffer said.