August 18, 2006:
The U.S. Department of Defense has cracked down once more on the use of the Internet by the troops. Below are the relevant portions of an INFORMATION SECURITY/WEBSITE ALERT of 06 AUG 2006 (updated 13 AUG 2006) issued by the Department of Defense. This document was marked "unclassified", so we are reasonably sure that we won't be arrested for passing it on.
This is not the first attempt by the Department of Defense to control what military information the troops share via the Internet. Apparently, those in the Department of Defense who believe that useful, to the enemy, information is getting out via the Internet, are now in control. No proof that damage is being done is provided, but this is understandable. Any proof would reveal how much, and how, enemy use of Internet data is proving useful. Then again, and this is the line that most journalists will take, this might just be another paranoid reaction by clueless brass to a form of communication they don't understand. However, journalists are never as insightful as they think they are, and generals are not always as paranoid and dumb as some appear to be.
SUBJECT: INFORMATION SECURITY/WEBSITE ALERT
All personnel have the responsibility to ensure that no information that might place our service members in jeopardy or that would be of use to our adversaries is posted to websites that are readily accessible by the public. Although not a finite list, such information includes, among other things, technical information, operational plans, troop rotation schedules, position and movement of u.s. naval craft, descriptions of overseas military bases, vulnerability of weapon systems or discussion of areas frequented by u.s. personnel overseas. Special attention shall be given to identification of information that would facilitate circumvention of DoD, component or command policies, rules, regulations or other significant guidance (e.g., orders, manuals, instructions, security classification guides). Such information should be marked FOUO (For Official Use Only) and shall not be posted to websites accessible by the public. DoD 5400.7-r, DoD freedom of information act program, chapter 3, describes exemptions 2-9 and provides guidelines for the types of information that may qualify as FOUO. As with classified information, it is the originators responsibility to identify and mark information that may be FOUO.
Blogs, or web logs, posted to public websites are increasingly used by military personnel as personal journals. Commanders shall ensure subordinates are aware that, in accordance with DoD directive 5230.9, clearance of DoD information for public release, and the joint ethics regulation (DoD 5500.7-r), personal blogs (i.e., those not having DoD sponsorship and purpose) may not be created/maintained during normal duty hours and may not contain information on military activities that is not available to the general public. Such information includes comments on daily military activities and operations, unit morale, results of operations, status of equipment, and other information that may be beneficial to adversaries.
In accordance with paragraph 6.2.7 of DoDi 5230.29, security and policy review of DoD information for public release, any information meeting the requirements of paragraph 6.1 of that instruction, including information regarding military operational plans, shall be reviewed and approved for release by the department of defense office of freedom of information and security review prior to posting on websites accessible to the public.
Where collaboration with non,-DoD personnel regarding unclassified official information will benefit the department, official chat rooms or collaboration sites shall be established and regulated through the use of positive technical controls such as proxy services and screened subnets in accordance with DoDi 8500.2, information assurance (ia) implementation and approved by the designated approving authority (DAA). Collaboration can take place among DoD personnel or among DoD personnel and authorized non-DoD personnel (including public members of the scientific community) within security and information dissemination guidelines (e.g.,
Export control restrictions). Non-DoD personnel shall be authorized access to the chat room or collaboration site on a by-name basis by the DoD sponsor in accordance with procedures established by the DAA.
User authentication shall be required for system access.
DoD personnel who engage in the unauthorized disclosure of U.S. Government information may be subject to criminal and/or administrative action.