DoD changes their social media policy

[vmstan]

I know there was a discussion last week about CAP and social media, I figured this would be of some interest

Members of the US Military will now have limited access to certain social media sites thanks to a new policy (PDF) from the Department of Defense. The DoD finally released its updated policy late last week, which will also apply to parts of the military that have banned social media use from their own networks. Commanders will still have the ability to cut down on the use of Twitter or Facebook if they feel the need to protect against malicious activity and preserve bandwidth.

According to the memorandum, members of military departments and all authorized users of the Non-classified Internet Protocol Router Network (NIPRNET) can now use the publicly accessible capabilities of various social networking and user-generated content sites, instant messaging, forums, and e-mail. This includes YouTube, Facebook, Twitter, MySpace, and others. Access to porn, gambling, or hate crime sites will remain restricted, however, and commanders can cut down on social media use if they feel the need to "preserve operations security."

In August of 2009, the US Marine Corps issued a policy of its own that banned the use of social media on the Marine Corps Enterprise Network (MCEN) due to malware concerns and "information exposure" to adversaries. It wasn't much of a surprise, either: security exploits are sprinkled throughout social networking sites, not to mention that fact that people just plain share too much. If IT admins are uneasy about the totally careless behavior of workers on social networking sites, the Marines undoubtedly had that much and more to worry about.

Of course, NIPRNET is separate from MCEN, but the Army's Chief of Public Affairs advisor Lindy Kyzer told the New York Times that the new policy will indeed override the Marine Corps' current ban, as well as the Army's older ban on YouTube. All military units will need to open up access to social media sites, and any bans that take place must be temporary. "DoD is moving away from the silly notion of having 'blacklisted' social media sites and saying, 'We're not going to lay down the hammer and tell you where you can and cannot go, we're going to mitigate risk as it comes,'" she said.

http://arstechnica.com/tech-policy/news/2010/03/us-militarys-social-media-policy-gets-a-makeover.ars
http://www.defense.gov/NEWS/DTM%2009-026.pdf

[Eclipse]

Make these nonsense, time-wasting, message-fragmenting, OPSEC-risky services more accessible would not have been the direction
I would have gone...

[raivo]

I'm rather surprised. I love Facebook as much as the next Internet junkie, but I'm the first to admit there's I can't really think of a good reason to be able to access it from your government computer (unless you're responsible for maintaining the Facebook page for a DoD organization or individual, in which case you probably were excluded from the block anyway.)

[davedove]

There would be some legitimate reasons to have the access.  What of our men and women who are deployed?  Their only access to a computer may be a government provided one.  And whatever anyone may think of the social networking sites, they do allow one to keep up with family and friends.  Of course, in this situation, there would be legitimate OPSEC concerns to be dealt with.

Other than this and similar situations, though, I don't see a big need for the access while at work.

[Spike]

Other than this and similar situations, though, I don't see a big need for the access while at work.

That is it right there!  I don't care what you do on your lunch break, but when I catch you updating facebook, myspsace sending personal emails all day long or shopping.....you are done. 

[Eclipse]

Other than this and similar situations, though, I don't see a big need for the access while at work.

That is it right there!  I don't care what you do on your lunch break, but when I catch you updating facebook, myspsace sending personal emails all day long or shopping.....you are done.

10 or fifteen years ago I would have agreed 100%, however these days there are real issues with the work/life separation "assisted" (or made worse) by technology.  Employees are tethered 24x7 to their offices by smartphones and emails, and when you're working and when you're not becomes pretty gray for a lot of folks, especially salaried employees.

That flexibility comes at a price for both sides - I can work wherever I am, even vacations and after hours, but if you want me to respond to after hours emails, then you also need to let me do some banking or send pics to grandma once in awhile during business hours - my ability to AIM the spouse 2 lines may mean I am better focused because I feel better connected.

Sadly, the balance breaks down with people who abuse the system on either side.

[Майор Хаткевич]

Thanks Eclipse...as a Business Major you made my future sound so bright...

I'm going to cry in my corner now.

[Flying Pig]

Im surprised.  At work, you have to have special permissions from County IT and your unit Commander who is a Lt. to have access to any social networking sites. Youtube, Facebook, Twitter, Hulu etc.  The only guys who get those accesses are the investigators who have a need to search.  By the way, those sites are invaluable to catching bad guys.  If you have a need, you call up IT which is 24hrs, and tell them why you need to get on youtube or facebook and they will allow it.  After 2-3 days, the access gets blocked again.

We have full internet access at work, but it registers with IT every time you log onto a web site.  While you are at work, if you are using the internet, it better have something to do with a case your working.

Now granted, I get to go home every night unlike a deployed soldier, so I could see moral being lifted a little if you allow troops accesses to modern conveniences of communication.  When I was deployed, there was one pay phone in the barracks, and a clipboard.  You signed up for a time and got 30 minutes.  Now if the phone was free, then go for it.  But if you were on it, and another guy came for his time, you getter get off ASAP. 
And God help you if you got caught on another units pay phone!

[vmstan]

There was actually a study released a few months ago that said employees who have access to Facebook, etc, we're actually happier and more productive at work because they felt like they could get access to the outside world and keep up.

I'm with Eclipse on the tethered to work argument. I get emails and phone calls at all hours of the day that I'm expect to reply or answer when I'm not "in my office" because I'm in IT and if I don't sometimes the business can't carry on without it. Likewise, I spend some time on Facebook, Twitter, online banking, forums, etc, when I'm "in my office" because of the trade off. I also frequently have IM open talking to my wife or friends while I'm monitoring my servers.

And I can guarantee my bosses have no problems with my job performance. I am consistently given high marks on yearly reviews, etc.

[Spike]

^ Lets just say some professions are different than others.  When I am paying hourly wages for a person to be doing something as quick as they can, everytime time they take a break to check out foxsports or google or spend 10 minutes on facebook it then turns into a situation where it is my money they are taking from me for something not related to what I want them to do.

If you are paying Joe-Bob the plumber to install a toilet, and it costs $100.00 an hour, do you want to pay for the 15 minutes he sat around texting his boyfriend??     

[raivo]

On the flip side of that - when you're doing work like tech support or data entry, you can only work when there's work for you to do, the rest of the time you're usually sitting around with nothing to do.

[Spike]

^ True that. 

[Mustang]

Thanks Eclipse...as a Business Major you made my future sound so bright...

I'm going to cry in my corner now.

Don't mind Eclipse, he doesn't understand the whole "morale" thing.

[Майор Хаткевич]

Thanks Eclipse...as a Business Major you made my future sound so bright...

I'm going to cry in my corner now.

Don't mind Eclipse, he doesn't understand the whole "morale" thing.

Are you disputing the "on-call 24-7?" Because I know quite a number of people who are afraid they could be terminated if the crackberry isn't on...

[DG]

On the flip side of that - when you're doing work like tech support or data entry, you can only work when there's work for you to do, the rest of the time you're usually sitting around with nothing to do.

Is it really true that you have nothing else to do?  You can't be working on something?  For the benefit of who is paying you.

If you were paying for someone to sit in a job with "nothing else to do," would you say something?  No?  Ok, then while we are at it, let's approve his request to work from home so he can play on-line all day.  In his pajamas.

If you go to a lawyer or accountant, and the job was done quickly, then he says "I can only work when there's work for me to do, so I will play poker on-line the rest of the time since I am sitting around with nothing to do, and the client will pay me for that time too."

If it is really true that you have nothing else to do, I would be worried about losing my job.

But hey that is OK, because then I will be laid off, and I can collect unemployment benefits.  The Congress just voted today to extend them again.

Then I can spend all day doing my personal game playing and such.  And still get paid.  By you if you are still working.

You should feel good about doing your patriotic duty to pay taxes so I can do that.   

Thank you for that.

[DG]

Thanks Eclipse...as a Business Major you made my future sound so bright...

I'm going to cry in my corner now.

Don't mind Eclipse, he doesn't understand the whole "morale" thing.

Yes, can somebody explain to him that working a long day requires some morale breaks.

But does he have a point if someone abuses the privileges and screws around on-line all the day long?

[Eclipse]

Thanks Eclipse...as a Business Major you made my future sound so bright...

I'm going to cry in my corner now.

Don't mind Eclipse, he doesn't understand the whole "morale" thing.

Yes, can somebody explain to him that working a long day requires some morale breaks.

But does he have a point if someone abuses the privileges and screws around on-line all the day long?

How about actually reading my posts?  I was supporting the idea that work/life balance is a trade-off, especially for what are generally referred to as "knowledge workers".

If they abuse the balance, they get disciplined and fired.

[vmstan]

^ Lets just say some professions are different than others.  When I am paying hourly wages for a person to be doing something as quick as they can, everytime time they take a break to check out foxsports or google or spend 10 minutes on facebook it then turns into a situation where it is my money they are taking from me for something not related to what I want them to do.

If you are paying Joe-Bob the plumber to install a toilet, and it costs $100.00 an hour, do you want to pay for the 15 minutes he sat around texting his boyfriend??   

No, but when Joe-Bob the plumber goes home I'm not txting him for support on how to use it.

[Fifinella]

Demonstration of hazards of Facebook to OPSEC:

http://news.yahoo.com/s/ap/20100303/ap_on_re_mi_ea/ml_israel_facebook_fiasco;_ylt=Ah7KcCGrWjdhj1qfzBkqMNNbbBAF;_ylu=X3oDMTE1aWlqN2xtBHBvcwMyBHNlYwN5bi1jaGFubmVsBHNsawNpc3JhZWxpcmFpZGM-

[raivo]

Is it really true that you have nothing else to do?  You can't be working on something?  For the benefit of who is paying you.

If you were paying for someone to sit in a job with "nothing else to do," would you say something?  No?  Ok, then while we are at it, let's approve his request to work from home so he can play on-line all day.  In his pajamas.

If you go to a lawyer or accountant, and the job was done quickly, then he says "I can only work when there's work for me to do, so I will play poker on-line the rest of the time since I am sitting around with nothing to do, and the client will pay me for that time too."

If it is really true that you have nothing else to do, I would be worried about losing my job.

Not what I'm saying.

A helpdesk guy (such as I used to be) is paid to sit at his desk, logged into his phone, in case someone calls. Even when nobody's on the line, he's still doing his job, which is to be ready to answer the phone. Now, some people may decide to work on other things, but they're not *required* to. A more relevant example might be an Air Force missileer. A missileer's job is to sit in a bunker and babysit ICBMs. When the ICBMs don't require attention, the missileer may be working on his master's degree, or he may be reading technical orders, or he may be browsing the Internet. The first two are more productive than the third, but nobody says he *has* to be productive.

[Spike]

Demonstration of hazards of Facebook to OPSEC:

http://news.yahoo.com/s/ap/20100303/ap_on_re_mi_ea/ml_israel_facebook_fiasco;_ylt=Ah7KcCGrWjdhj1qfzBkqMNNbbBAF;_ylu=X3oDMTE1aWlqN2xtBHBvcwMyBHNlYwN5bi1jaGFubmVsBHNsawNpc3JhZWxpcmFpZGM-

Thank you Judy.

I think that is a reason why DoD originally published the restriction, for things that "might happen".

I wish I can find the article about the Soldier in 2004 who gave away the unit position in an email that was intercepted.  Armed Forces Members today have it much better communication wise than they did 10 years ago or even in World War two.  No one is routinely intercepting mail and censoring it.  Phone Calls from the AT&T phone centers in Iraq are not monitored 24/7 and videoconferencing with family members back home is becoming more common.

However, as a Service Member myself I can understand giving up some freedoms we have in an operational area.  Heck, even in the States I can see where communication monitoring is a good idea when working in and with classified information centers.

We do have enemies (China being one of the biggest) and need to safeguard our secrets.  Recently China bought intel from DoD contractors. 

Honestly, Facebook and Myspace should be off limits.  We all know there are people who monitor those sites waiting for intelligence to be posted.

Heck, in the civilian sector companies pay employees to do nothing but "play" on social networking sites in hope of getting leaked information first so they can make better financial decisions.  Just think if a Ford employee posts on facebook to his friends "sell your shares, I am on my way to make an announcement that Ford will be losing 50 Billion this year".  Aside from an SEC investigation, it hurts our economy etc.

Like in the 80's and 90's...... be carefull of what you say and do, because it can be used to hurt or harm our military.  They military branches used to hang up posters regarding OPSEC, lately I Have not seen that many. 

[jimmydeanno]

http://www.usmm.org/postertalk2b.html

[Eclipse]

Part of the danger and risk is the ability to easily aggregate tidbits of public information into usable intel.

For every classified briefing, there's probably 10 open sources that have a piece of the puzzle - a guuys Facebook says, "we made it safe", another says what unit a guy is in, the third is an RFP for civilian contractors to transport gear, and the next thing you know, your position is in the open.

And in the olden days, the odds of a bad guy reading a (possibly censored) letter home were nearly nil, but these days, with the right (wrong) compromise on your computer, the bad guys can read those same letters from the comfort of their caves.

[raivo]

Still, I would argue that if people are determined to do stupid things, they're going to do stupid things regardless. It may not be on Facebook or Myspace, it may be in a bar somewhere as Airman Snuffy brags about <random classified/sensitive subject> to impress some girl he just met.

The focus should be on educating people so they don't do stupid things anywhere, rather than wasting effort trying to limit the avenues available for them to do stupid things in.

[Spike]

The focus should be on educating people so they don't do stupid things anywhere, rather than wasting effort trying to limit the avenues available for them to do stupid things in.

What?!?!  You have to eliminate the situations in which people can do stupid things.  That would be like saying "Don't lock your car door, because we have an anti-carjacking commercial on TV".

Anyone can have a lapse in good judgement, but if you take away the possible avenues that would make that lapse even worse, it is a good thing. 

I am not entirely sure of you background, but the 30 minute opsec presentation from DoD before deploying is not enough to stop military members from doing things that are detrimental to the mission.  They usually have no idea that what they write or say can be used by our enemies.

I think blocking facebook and myspace in the office is a good thing.  If you have so much free time to play "farmville" and reconnect with old friends while you should be processing my DFAS claim, you need to be separated.  Someone here can dig up the story on the civilian workers at DFAS that spent more time on the internet than they did actually taking calls from military members.  It was about 5 years ago.     

[raivo]

What?!?!  You have to eliminate the situations in which people can do stupid things.  That would be like saying "Don't lock your car door, because we have an anti-carjacking commercial on TV".

Anyone can have a lapse in good judgement, but if you take away the possible avenues that would make that lapse even worse, it is a good thing. 

I am not entirely sure of you background, but the 30 minute opsec presentation from DoD before deploying is not enough to stop military members from doing things that are detrimental to the mission.  They usually have no idea that what they write or say can be used by our enemies.

I think blocking facebook and myspace in the office is a good thing.  If you have so much free time to play "farmville" and reconnect with old friends while you should be processing my DFAS claim, you need to be separated.  Someone here can dig up the story on the civilian workers at DFAS that spent more time on the internet than they did actually taking calls from military members.  It was about 5 years ago.     

Oh, I'm not disagreeing that it should be blocked - just for different reasons. If someone's going to break OPSEC via Facebook, they'll just do it when they get home and it's not blocked.

[Eclipse]

Oh, I'm not disagreeing that it should be blocked - just for different reasons. If someone's going to break OPSEC via Facebook, they'll just do it when they get home and it's not blocked.

That's like saying you might as well give a drunk driver your keys since he'd drive his own car anyway.

You might not be able to control people's behavior with their own toys, but you can sure minimize risk by restricting toys you own.

[A.Member]

On the flip side of the argument, if members are accessing these sites using DoD equipment, it is easier to monitor certain acitivities.

[AlphaSigOU]

...commanders can cut down on social media use if they feel the need to "preserve operations security."

Don't expect the floodgates to open with the new policy. Commanders can make access more restrictive as quoted above. Here on Kwajalein, the nature of the work we do requires us to be vigilant in OPSEC procedures, yet time and again some idiot will post sensitive mission information on Facebook, thus giving security officials a bad case of agita. We can access FB, but many other social media sites are still blocked, and I don't expect the block to be removed anytime soon. We have a separate public network for private use, but are also admonished to practice OPSEC.