It’s not that U.S. privacy groups are scared of what they know about Einstein 3.0. It’s what they don’t know about the next iteration of the government’s anti-cyber-intrusion initiative that scares them. That remains true even after an unusual series of “classified-level briefings” provided to them by the Obama administration.

The Einstein program is a classified effort begun by the Bush administration in 2003 to use software to protect non-defense dot-gov networks from cyber intrusion.

Einstein 1.0 and 2.0 detect network intrusions and sound alarms using commercially available software from the Maryland security company Sourcefire, according to the Department of Homeland Security (DHS), which runs the program. Einstein 3.0 would do all that and serve as an intrusion-prevention system to stop attackers before they penetrated the networks, which is where the privacy concerns come in.

DHS is testing Einstein 3.0 in an exercise that is currently underway. Using a stream of networking traffic provided by AT&T, an unnamed Einstein 3.0 vendor must show an ability to route “a specific range” of federal agency e-mail and other forms of traffic to “DHS-owned equipment,” according to a written statement from DHS. The agency plans to deploy Einstein 3.0 starting in 2010.

DHS acknowledges that in July, it issued a classified request for information regarding Einstein 3.0.

“As we look to develop systems, intrusion prevention is the logical next step in improving our security of the dot-gov domain,” DHS spokeswoman Amy Kudwa said. “We’re working to develop a program that will enable us to do so, under all of the relevant privacy and civil liberties protections that need to be in place for such a program.”

Privacy advocates nevertheless fear that traffic over private networks would be subject to monitoring and blocking by Einstein 3.0 as part of the government’s effort to stop attacks.

An August Justice Department memo probably did little to allay those concerns. The memo, published online by The Washington Post, argues that Einstein 2.0’s “intrusion detection sensors” do not constitute a “search” under U.S. law, which strictly limits when the government can search citizens or their property. Someone e-mailing information to an agency participating in Einstein 2.0 “does not have a legitimate expectation to privacy,” according to the memo.

Even so, Obama officials have been trying to win privacy advocates to their side. Kudwa said DHS has been “actively engaging with the privacy community as we develop Einstein 3. We have given clearances to the privacy community to bring them in and give them a classified-level briefing,” she said. Those who have been briefed include experts from the Center for Democracy and Technology, professors from Columbia and Indiana Universities, the Constitution Project, the Open Society Institute, the Information Security and Privacy Board, and Mitre Corp. DHS’ privacy board, which includes representatives from academia, government and the corporate sector, also received the briefing.

The briefings did not fully satisfy Ari Schwartz, vice president of the Center for Democracy and Technology. “They’ve discussed it publicly, but there hasn’t been a privacy impact assessment published. There hasn’t been a detailed analysis of what types of information they are gong to collect and use,” he said.

When asked to paint a worst-case scenario for Einstein 3.0, Schwartz responded that this would involve intelligence agencies monitoring private as well as public traffic by intercepting communications over a common network infrastructure that they share. “The worst-case scenario is that for political purposes, the government decides what to block and what not to block. Communications actually stop for political purposes,” a scenario he described as possible but which he emphasized is unlikely.

DHS is releasing few details about Einstein. Kudwa said cost figures are “procurement-sensitive.” She said DHS has gained “insights and assistance” from agencies including the National Security Agency (NSA), a revelation that is of interest to privacy advocates because NSA historically has focused on eavesdropping abroad. Einstein 3.0, like its predecessors, will be operated by the U.S. Computer Emergency Response Team (U.S.-CERT), a DHS agency that also will analyze the data.

When asked if AT&T would send test traffic with viruses attached, Kudwa said she was not in a position to speak about the “inner workings” of Einstein 3.0.

Kudwa didn’t identify any particular threats that Einstein 3.0 targets. “There are intrusion attempts millions of times a day. It is not an emerging threat. It is a fully emerged threat.”

Einstein 1.0, developed in 2003 and deployed through 2008, is a passive monitoring system that tracks network flow, including the Internet Protocol (IP) address of the computer that connect to the federal system; the port the source uses to communicate; the time the communication occurred; the federal destination IP address; the protocol used to communicate; and the destination port, according to a DHS privacy assessment released in May 2008.

Einstein 2.0 took network security to the next level by adding an intrusion-detection system (IDS) that signaled an alert when malicious activity was spotted. DHS plans to expand its deployment at government sites through 2010. The system relies on a set of pre-defined virus signatures, similar to commercial anti-virus software, and is also sensitive to anomalous network activity. The DHS privacy assessment emphasized that Einstein 2.0 would not collect personally identifiable information, known as PII.

But personal information could still be collected, according to the May privacy assessment: “For example, if a computer security exploit chose to use PII in the delivery of malicious code, a signature may be developed in response to that exploit which could contain PII. Accordingly, while the IDS will collect some PII that is directly related to malicious code being transmitted to the federal networks, its main focus is to identify the malicious code and protect federal networks, not to collect PII. All signatures will be reviewed by the U.S.-CERT in accordance with legal and privacy guidelines before being employed.”

The raw network traffic data is never viewed by DHS personnel and is quickly deleted unless it contains malicious activity, according to DHS.

DHS says it began deploying Einstein 2.0 in 2008 and will finish in 2010. “We have deployed Einstein 2 at a handful of departments and agencies, and we’re working to develop that further across government,” Kudwa said.

Schwartz, of the Center for Democracy and Technology, said he is still concerned over what the Obama administration has not said. The center has submitted a list of questions to DHS about the roles, scope and security of Einstein 2 and 3. DHS hasn’t responded, and Schwartz said he believes they can. “I felt that these were all questions that they could answer, based on unclassified information, or should be able to answer.”

Schwartz noted that intrusion prevention is already done in the private sector, with varying degrees of success. His question is whether it is “effective in stopping the kind of traffic the government would need to stop. What changes would they need to make it government oriented? And does this raise civil liberties questions?”

Lee Tien, senior staff attorney for the Electronic Frontier Foundation, said Einstein 1.0 and 2.0 are “relatively vanilla” programs. “It may be enough for them to know that you’re not a Russian or an Estonian hacker, and the 10 times you’ve come, you’ve never done anything traceable to a dangerous site.”

But Tien questioned the need for the federal government to create an intrusion prevention system instead of first concentrating on basic security solutions such as encrypted laptops. “Encrypting data on laptops will go a long way toward cybersecurity without having any real effect on someone’s privacy and civil liberties,” he said.

“If I’m not locking the doors and windows in my house, the next step is not to install surveillance cameras,” Tien added.

Tien is concerned about NSA’s involvement in the project. “I worry that the institutional culture of some agencies deflects them away from the basics and leans them more toward surveillance-oriented solutions. When you put an agency whose mission is signals intelligence in charge of cybersecurity, it is not unreasonable to wonder if they’re biased.”