Executive Order Expands Warrantless Network Monitoring to Include Critical Infrastructure

A little-known policy through which the Departments of Justice, Defense, and Homeland Security offered prosecutorial immunity to companies that helped the U.S. military monitor Internet traffic on the private networks of defense contractors has reportedly been expanded by Executive Order to include a score of other “critical infrastructure” industries, according to information obtained as part of a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center (EPIC).

EPIC writes that the pilot-version of the program was brought to light in June 2011 after the Washington Post published a report detailing the implementation of a new program by National Security Administration that let them monitor traffic flowing from some defense contractors through certain Internet service providers. At the time, the Washington Post quoted Deputy Defense Secretary William J. Lynn III saying that the program was designed to help thwart attacks against defense firms and that the government hoped to expand the program moving forward.

The documents obtained in the FOIA request, EPIC said, reveal that the DoD advised private industry organizations on the ways in which they circumvent federal wiretap laws in order to aid the DoD and DHS in their surveillance of private Internet networks belonging to defense contractors.

EPIC, digital rights group the Electronic Frontier Foundation, and others are concerned that this program is being expanded to apply to the broad swath of organizations that potentially fall under the increasingly vague category of “critical infrastructure.”

The government has not yet named the program, but EPIC claims that the NSA has partnered with AT&T, Verizon, and CenturyLink in order to keep tabs on the Internet traffic flowing into and out of some 15 defense contractors, including Lockheed Martin, CSC, SAIC, and Northrop Grumman.

For its part, the NSA has said that it is not directly monitoring these networks, but is rather filtering their traffic in order to detect the presence of suspicious packets based on a number of malicious code signatures that the agency has developed.

EPIC issued a FOIA request in July 2011 requesting the following information: “All contracts and communications with Lockheed Martin, CSC, SAIC, Northrop Grumman, or any other defense contractors regarding the new NSA pilot program; All contracts and communications with AT&T, Verizon, and CenturyLink or any other ISPs regarding the new NSA pilot program; All analyses, legal memoranda, and related records regarding the new NSA pilot program; Any memoranda of understanding between NSA and DHS or any other government agencies or corporations regarding the new NSA pilot program; Any Privacy Impact Assessment performed as part of the development of the new NSA pilot program.”

The government failed to provide any of this information. So, EPIC filed a FOIA lawsuit on March 1, 2012 and was eventually granted access to thousands of pages of previously unreleased documents, which they have posted on their website.

Photo courtesy of Flickr user TexasGOPVote.com, Creative Commons

Suggested articles