The Department of Homeland Security has promised to delete records from a controversial network monitoring system called Einstein.
The files to be deleted are at least three years old, and the reasons for the deletion is not exactly altruistic.
DHS thinks the files, which include data about traffic to government websites, agency network intrusions and general vulnerabilities, are a waste of space.
The irony is that some security experts claim that the DHS would be deleting a treasure chest of historical threat data and privacy experts claim that destroying it could eliminate evidence that the government-wide surveillance system does not work.
Either way it appears that the spooks cannot win.
According to Homeland Security’s rationale a three-year retention period for reference purposes is sufficient, and “the records have no value beyond that point” but can be kept longer, if needed, appraisers said.
Some incident reports, which include records on catastrophic cyber events, must be kept permanently. Apparently the spooks are keen to save space on their servers. Keeping too much data costs an arm and a leg.
Johannes Ullrich, dean of research at the SANS Technology Institute warned that older intrusion-detection records provide insight into the evolution of threats, said. Analysts there sometimes need even older data to answer today’s research questions.
He thinks the intrusion records would be made available to the public in some form. The Einstein data would likely be a goldmine for researchers, as it documents attacks against very specific networks in a consistent way over a large extent of time, he said.
Lee Tien, senior staff attorney with the Electronic Frontier Foundation said that getting rid of data about people’s activities is a pro-privacy, pro-security step. But “if the data relates to something they’re trying to hide, that’s bad.”
It is possible the records could reveal the monitoring tools make mistakes when attempting to spot threats.
According to Next Gov The public has until Dec. 19 to request a copy of the records retention plan. Comments are due within 30 days of receipt.