Is DHS' Einstein now blocking porn on federal networks?

The security screen that monitors Internet traffic on federal networks for cybersecurity threats is getting new functionality that could have the effect of eliminating civilian federal employees' access to pornography and other suspect content on work computers.

The Department of Homeland Security's National Protection and Programs Directorate is adding "web content filtering" to the Einstein 3 Accelerated (E3A) security screen. The off-the-shelf managed service blocks certain web addresses associated with the delivery of malware, spam, phishing attempts and other potentially hazardous content.

The E3A system monitors traffic moving from federal networks to the Internet and is operated as a managed service by Internet service providers doing business with the federal government.

The new feature was made public in a May 6 privacy impact assessment from DHS. Previously, the system was focused on email filtering and Domain Name System "sinkholing," or redirecting user traffic that corresponds to known malware threats. The privacy impact assessment governing those two functions goes back to April 2013.

The new privacy assessment cites several threat categories of sites that E3A would block using content filtering. They include peer-to-peer file sharing and other file transfer sites; sites or content linked to phishing emails, botnets and malware; sites that deliver unwanted software; and sites that present hacking, piracy and copyright concerns.

Although pornography is not mentioned specifically in the assessment, porn sites would qualify under many of the threat categories named. Many pornography sites operate, wittingly or not, as delivery systems for malware, injecting rogue programs and corralling computers for botnets through malicious advertising.

For example, according to the security blog Malwarebytes, a group of porn sites that attract a combined 800 million monthly visits were attacked via a vulnerability in an online advertising network last fall.

One simple solution from a content filtering point of view is to block all known pornography sites.

That solution could appeal to certain members of Congress, who have made political hay out of isolated but embarrassing incidents of rampant online pornography consumption by individual government employees.

At an April 2015 hearing of the House Oversight and Government Reform Committee, for example, Chairman Jason Chaffetz (R-Utah) was flabbergasted by the Environmental Protection Agency's inability to summarily fire employees who admitted to watching pornography during work hours.

"If you sit watching hours of porn on your government computer, fire them," Chaffetz said. "Fire them. Then let them try to come back, but there is so much overwhelming evidence about what these people were doing."

There's even proposed legislation to curtail federal access to porn. The Eliminating Pornography from Agencies Act, sponsored by Rep. Mark Meadows (R-N.C.), passed the oversight committee in February. The bill tasks the Office of Management and Budget with issuing guidance to ban access to porn websites from agency computers, except when required for investigative purposes.

An E3A-level porn block would go a long way toward achieving the goals of Meadows' bill. According to a January statement by Homeland Security Secretary Jeh Johnson, E3A is available to all federal agencies and protects 50 percent of the government.

A DHS spokesperson contacted by FCW didn't specify by press time whether the content filtering used in E3A is set to block pornography.

If it is, porn aficionados subject to the Einstein screen apparently won't be named and shamed, at least not by Einstein. According to the privacy impact assessment, "end-user information is not provided or collected" on attempts to access sides identified as malicious and off limits. ISPs could readily collect and log such information, but efforts to visit blocked sites won't be retained as federal records, according to the assessment.