CAP Captain on CBS show Survivor

[754837]

On the season premiere of Survivor this week, cast member Debbie Wanner identified herself as a Captain with the Civil Air Patrol, United States Air Force Auxiliary.  She explained that she had summer & winter survival skills and had military training.  Watch the episode and make your own opinion of her representation of CAP.

[ironputts]

Just shoot me with that salute! I just went blank after that.....

[Garibaldi]

Anyone with access can find her quals in e-services. I won't post them here.

[NIN]

Anyone with access can find her quals in e-services. I won't post them here.

Are you suggesting that people use eServices for some purpose other than "For Official Use Only."

Cuz it sure sounded that way. And thats *exactly* what FOUO means.

[jeders]

Two thoughts come to mind. 1, they're still making that show? 2, there are people still watching that show?

[THRAWN]

Two thoughts come to mind. 1, they're still making that show? 2, there are people still watching that show?

Yes to both. After Rudy came in second, it lost all credibility...

[THRAWN]

Anyone with access can find her quals in e-services. I won't post them here.

Or you could just use the Google and find out all you need to know. Here's the blurb from the CPA magazine...

http://www.capvolunteernow.com/headline-news/?cap_captain_from_pennsylvania_stars_in_survivor_kaoh_rong&show=news&newsID=21515

[Garibaldi]

I am not suggesting anything. It's readily available information. I wanted to verify her claims. I found out she may or may not be telling the truth, but based on what I saw it's not readily identifiable.

[The CyBorg is destroyed]

Two thoughts come to mind. 1, they're still making that show? 2, there are people still watching that show?

Never watched it in my life.

Never watched Friends, Seinfeld, ER, etc., even though during that time most of my coworkers were addicted to those shows.

The only thing I watch right now is Supergirl, and am attempting to find a Sundance series called "Deutschland '83."  I liked it when it was on a few months ago.

http://www.imdb.com/title/tt4445154/

[Spam]

Quote (from CBS site):

"...she tells CBS that her survival skills will take her far in the competition. She stated that: I have military training in summer and winter survival, shelter building, fire making, food procurement, torture training and a superior will to survive. Plus, I'm fun too! I'm a card carrying member of the Reading Juggler's club, so I'll teach them how to juggle. (Photo: Monty Brinton /CBS Entertainment ©2016 CBS Broadcasting, Inc. All Rights. Reserved.)"


... "Torture training"? Is there a SQTR for that in PAWG?

(pulls pin, releases for comment, step back quickly)


- Spam

[THRAWN]

Quote (from CBS site):

"...she tells CBS that her survival skills will take her far in the competition. She stated that: I have military training in summer and winter survival, shelter building, fire making, food procurement, torture training and a superior will to survive. Plus, I'm fun too! I'm a card carrying member of the Reading Juggler's club, so I'll teach them how to juggle. (Photo: Monty Brinton /CBS Entertainment ©2016 CBS Broadcasting, Inc. All Rights. Reserved.)"


... "Torture training"? Is there a SQTR for that in PAWG?

(pulls pin, releases for comment, step back quickly)


- Spam

Only for the rangers. Hi-ho sliver...

[Garibaldi]

Quote (from CBS site):

"...she tells CBS that her survival skills will take her far in the competition. She stated that: I have military training in summer and winter survival, shelter building, fire making, food procurement, torture training and a superior will to survive. Plus, I'm fun too! I'm a card carrying member of the Reading Juggler's club, so I'll teach them how to juggle. (Photo: Monty Brinton /CBS Entertainment ©2016 CBS Broadcasting, Inc. All Rights. Reserved.)"


... "Torture training"? Is there a SQTR for that in PAWG?

(pulls pin, releases for comment, step back quickly)


- Spam

Only for the rangers. Hi-ho sliver...

Well, there WAS my cadet experience in the 80s....but that was before the rules against torturing initiating welcoming FNGs into the fold.

[Spam]

I could care less about her ES quals, and wish her luck on the competition (Go Get 'Em, girl).

But - that comment!

Given that she repeatedly aired her affiliation with USAF via its Auxiliary and stated that she's had "military... torture training", I'd be surprised if someone doesn't ask some pointed questions of CAP about how USAF is being made to look.

[Holding Pattern]

Anyone with access can find her quals in e-services. I won't post them here.

Are you suggesting that people use eServices for some purpose other than "For Official Use Only."

Cuz it sure sounded that way. And thats *exactly* what FOUO means.

Sir, I suggest you have someone at CAP helpdesk look at the query history of eServices for SQTR reporting. Start by looking at people who run queries of members not in their state.

I have a suspicion that no one is actually monitoring this at this point. It probably should be, and for that matter, there should probably be more restrictions on that tool.

[Garibaldi]

Anyone with access can find her quals in e-services. I won't post them here.

Are you suggesting that people use eServices for some purpose other than "For Official Use Only."

Cuz it sure sounded that way. And thats *exactly* what FOUO means.

Sir, I suggest you have someone at CAP helpdesk look at the query history of eServices for SQTR reporting. Start by looking at people who run queries of members not in their state.

I have a suspicion that no one is actually monitoring this at this point. It probably should be, and for that matter, there should probably be more restrictions on that tool.

I believe it's meant to be that way so that people who go to schools not in their wing (Hawk Mountain, NESA, etc.) can have their quals signed off right then and there. No proprietary information is available from the 101 information that I can see. No PII, no SSAN#, no address or phone number.

Now if I went ahead and posted all the information I saw, that would be a very improper use, something I could get thrown out of CAP for. I'm not saying that I'm right, but there really is nothing anyone can use for nefarious purposes. And not everyone has access to 101 information, just as not everyone has access to membership information. And I have no intention of posting or sharing that information with anyone. For all I know, I had the wrong person.

I would imagine that a lot of people have done the same thing after her pronouncement.

[Holding Pattern]

And when I worked for the phone company, I could pull up the records of any person, celebrity, company, etc.. If I didn't share that info, it would still have been wrong, because I wasn't authorized to be there.

An authorized use for CAPNHQ at this point IMO would be to pull a report to see how many CAP members accessed this individual's data for unofficial use.

[Holding Pattern]

I believe it's meant to be that way so that people who go to schools not in their wing (Hawk Mountain, NESA, etc.) can have their quals signed off right then and there. No proprietary information is available from the 101 information that I can see. No PII, no SSAN#, no address or phone number.

http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf

Organizations should identify all PII residing in their environment.
An organization cannot properly protect PII it does not know about. This document uses a broad
definition of PII to identify as many potential sources of PII as possible (e.g., databases, shared network
drives, backup tapes, contractor sites). PII is ―any information about an individual maintained by an
agency, including (1) any information that can be used to distinguish or trace an individual's identity,
such as name, social security number, date and place of birth, mother's maiden name, or biometric
records; and (2) any other information that is linked or linkable to an individual, such as medical,
educational, financial, and employment information.‖ 6
Examples of PII include, but are not limited to:
 Name, such as full name, maiden name, mother's maiden name, or alias
 Personal identification number, such as social security number (SSN), passport number, driver's
license number, taxpayer identification number, or financial account or credit card number
 Address information, such as street address or email address
 Personal characteristics, including photographic image (especially of face or other identifying
characteristic), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature,
facial geometry)

You might want to revisit your definition of PII.

[Garibaldi]

And when I worked for the phone company, I could pull up the records of any person, celebrity, company, etc.. If I didn't share that info, it would still have been wrong, because I wasn't authorized to be there.

An authorized use for CAPNHQ at this point IMO would be to pull a report to see how many CAP members accessed this individual's data for unofficial use.

We did that too when I worked for AT&T. I was young and stupid and we actually called people. Couple of them got fired for it, but the only way that AT&T had at the time to track it was if someone left notes on the account. Which they did.

Anyway, young and stupid, now old and stupid, but no PII is obtainable from the 101.

But, aside from any person making actual data entry to change anything, which I don't think they can do on just the 101, I don't see how they can track it. Oh, wait. The date the 101 card shows changes every time you view it. Whoops. Gonna be a big red flag now.

Maybe this is where the inherent flaw in the system is exposed and changed...

[Luis R. Ramos]

I am not sure I understand how that date change is going to help in this regard.

It was my impression this date appears only if you print the 101. It is not recorded or saved. Am I wrong?

[Holding Pattern]

If it's in an auditable database, there will be an access history.

[Garibaldi]

I believe it's meant to be that way so that people who go to schools not in their wing (Hawk Mountain, NESA, etc.) can have their quals signed off right then and there. No proprietary information is available from the 101 information that I can see. No PII, no SSAN#, no address or phone number.

http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf

Organizations should identify all PII residing in their environment.
An organization cannot properly protect PII it does not know about. This document uses a broad
definition of PII to identify as many potential sources of PII as possible (e.g., databases, shared network
drives, backup tapes, contractor sites). PII is ―any information about an individual maintained by an
agency, including (1) any information that can be used to distinguish or trace an individual's identity,
such as name, social security number, date and place of birth, mother's maiden name, or biometric
records; and (2) any other information that is linked or linkable to an individual, such as medical,
educational, financial, and employment information.‖ 6
Examples of PII include, but are not limited to:
 Name, such as full name, maiden name, mother's maiden name, or alias
 Personal identification number, such as social security number (SSN), passport number, driver's
license number, taxpayer identification number, or financial account or credit card number
 Address information, such as street address or email address
 Personal characteristics, including photographic image (especially of face or other identifying
characteristic), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature,
facial geometry)

You might want to revisit your definition of PII.

Name, already in the public domain. SSAN and so on, not on the card. Address not on the card. Personal characteristics to include photo, only identifies the member as a CAP member. And said member's face is all over TV now.

I'm not defending what I did as right. Based on this list, nothing that's not public domain now is readily identifiable through CAP. I can't use anything to compromise her identity any more than she has already. But you're right, viewing the information is wrong if I had no reason to do so.

[Garibaldi]

I am not sure I understand how that date change is going to help in this regard.

It was my impression this date appears only if you print the 101. It is not recorded or saved. Am I wrong?

It changes every time you view it. It is assumed, I guess, that you would either print it that same day or the person viewing it for OFFICIAL purposes would have the most up to date information available.

[Holding Pattern]

PII doesn't become not PII because someone else knows about it.

[Luis R. Ramos]

I see. Even in that case, how can someone use it to track another person who is accessing the 101? Who can see whenever it changes? I cannot see any date change, nor who accessed it, from when I last saw it. As both Squadron CC and squadron ESO I have had needs to see plenty of my squadron's members 101 multiple times...

Or was it I never realized that was possible so I never paid attention to it...? 

[Holding Pattern]

I see. Even in that case, how can someone use it to track another person who is accessing the 101? Who can see whenever it changes? I cannot see any date change, nor who accessed it, from when I last saw it. As both Squadron CC and squadron ESO I have had needs to see plenty of my squadron's members 101 multiple times...

Or was it I never realized that was possible so I never paid attention to it...? 

You can't see this. Only the DBA would pull such a report of access.

[Garibaldi]

PII doesn't become not PII because someone else knows about it.

Not gonna argue with ya there.

[NIN]

FOUO has NOTHING to do with whether or not PII is available in that system.

Lets break down some words. Because we all know words are hard.

For = This is FOR something
Official Use = Use in the course of official duties.
Only = Singularly applying to the previous words Official Use. Meaning, in this case, no other purpose.

Looking someone up so they can check into your ES activity that you're running for Civil Air Patrol?   Yes, I'm pretty sure that would fall under the definition of "official use."

Looking someone's email or phone number up so you can contact them about something pertaining to Civil Air Patrol in the course of your official duties?  Yeah, that sounds like official use, too.

But looking up the CAP Captain who isn't from your region, wing or unit because you saw her name on a TV show? Is that "Official use"?

Likely not. 

Why? Unless she's in your squadron, and you're the commander or personnel officer, or someone else who has a need to look someone up in the course of their duties that pertain to Civil Air Patrol, then accessing ANY records of hers, whether they are personally identifiable or not, is NOT OFFICIAL USE.  It sounds an awful lot like "personal use."  Because you're satisfying your personal curiosity, not a professional or official need.

I'm sitting here in my office at my job at Segway.  As the network administrator, I can jump into just about any file on the network I need to jump in to.  I can see ITAR info, probably, definitely proprietary patent info, probably sales forecasts, future engineering plans, legal documents pertaining to people being stupid on PTs, etc.

But I don't. Why? Because that's not my job. If I need to see and access something for my job (ie. "Darin, I can't open the 2016 Master Dealer Sheet, it says that Julie over the Customer Care department has it open. Can you help?") then I may have to do that.  Thats part of my duties and responsibilities.

But I don't just surf over to the pending litigation folder (I'm assuming we have one in the legal dept, but I don't know for sure because I've never looked) and browse lawsuits for my jollies while I'm waiting for Server 2012 to install on my VMWare box.

There is a difference between "I can do this" and "I should do this."

You should know it. Your cadets do. Its called "Integrity."

[Panzerbjorn]

If you are not my squadron commander,  in my squadron, or a personnel officer, please turn your head and do not view my qualification badges.  You are just viewing them to satisfy personal curiosity and clearly not for official use.  Thank you.

[Holding Pattern]

FOUO has NOTHING to do with whether or not PII is available in that system.

Lets break down some words. Because we all know words are hard.

For = This is FOR something
Official Use = Use in the course of official duties.
Only = Singularly applying to the previous words Official Use. Meaning, in this case, no other purpose.

Looking someone up so they can check into your ES activity that you're running for Civil Air Patrol?   Yes, I'm pretty sure that would fall under the definition of "official use."

Looking someone's email or phone number up so you can contact them about something pertaining to Civil Air Patrol in the course of your official duties?  Yeah, that sounds like official use, too.

But looking up the CAP Captain who isn't from your region, wing or unit because you saw her name on a TV show? Is that "Official use"?

Likely not. 

Why? Unless she's in your squadron, and you're the commander or personnel officer, or someone else who has a need to look someone up in the course of their duties that pertain to Civil Air Patrol, then accessing ANY records of hers, whether they are personally identifiable or not, is NOT OFFICIAL USE.  It sounds an awful lot like "personal use."  Because you're satisfying your personal curiosity, not a professional or official need.

I'm sitting here in my office at my job at Segway.  As the network administrator, I can jump into just about any file on the network I need to jump in to.  I can see ITAR info, probably, definitely proprietary patent info, probably sales forecasts, future engineering plans, legal documents pertaining to people being stupid on PTs, etc.

But I don't. Why? Because that's not my job. If I need to see and access something for my job (ie. "Darin, I can't open the 2016 Master Dealer Sheet, it says that Julie over the Customer Care department has it open. Can you help?") then I may have to do that.  Thats part of my duties and responsibilities.

But I don't just surf over to the pending litigation folder (I'm assuming we have one in the legal dept, but I don't know for sure because I've never looked) and browse lawsuits for my jollies while I'm waiting for Server 2012 to install on my VMWare box.

There is a difference between "I can do this" and "I should do this."

You should know it. Your cadets do. Its called "Integrity."

Furthermore, I'd say the PII issue was just a personal method of rationalization, and we all know what happens when people start rationalizing bad decisions...

[JeffDG]

If it's in an auditable database, there will be an access history.

I think you have an inflated view of the capabilities of CAP IT. 

[NIN]

If you are not my squadron commander,  in my squadron, or a personnel officer, please turn your head and do not view my qualification badges.  You are just viewing them to satisfy personal curiosity and clearly not for official use.  Thank you.

your qualification badges on your uniform come with a "FOR OFFICIAL USE ONLY" disclaimer?

You're specifically disclaimed in CAP's OPSEC training or the NDA that I agreed to? (must have missed that one)

How about we try this again?

https://www.capnhq.gov/CAP.eServices.Web/NL/PrivacyLegal.aspx
(these are the legal terms under which you are using eServices)

PRIVACY INFORMATION
Warning: THE INFORMATION YOU ARE RECEIVING IS PROTECTED FROM INTERCEPTION OR DISCLOSURE. ANY PERSON WHO INTENTIONALLY DISTRIBUTES, REPRODUCES, OR DISCLOSES ITS CONTENTS IS SUBJECT TO THE PENALTIES SET FORTH IN 18 UNITED STATES CODE SECTION 2511 AND/OR RELEATED STATE AND FEDERAL LAWS OF THE UNITED STATES.

Nevermind the obvious misspelling.. ugh

and

LEGAL INFORMATION
THIS SITE IS PROVIDED AS A PUBLIC SERVICE BY CIVIL AIR PATROL NATIONAL HEADQUARTERS. THIS SITE IS INTENDED TO BE USED BY AUTHORIZED MEMBERS FOR VIEWING, REQUESTING, AND RETRIEVING INFORMATION ONLY. UNAUTHORIZED ATTEMPTS TO UPLOAD OR CHANGE INFORMATION ON THIS SERVICE ARE STRICTLY PROHIBITED AND MAY BE PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986.

How about this?
http://capnhq.custhelp.com/app/answers/detail/a_id/1870/session/L3RpbWUvMTQ1NTk4Mjc1MS9zaWQvNDRURTl6Sm0%3D

You're denied access to eServices unless you agree to the NDA and take OPSEC training. (IOW, you are agreeing to be bound under the terms of the NDA, etc, while you use eServices.)

How about this?
http://capnhq.custhelp.com/app/answers/detail/a_id/1547/kw/%22official%20use%20only%22/session/L3RpbWUvMTQ1NTk4Mjc1MS9zaWQvNDRURTl6Sm0%3D

See CAP eServices Member Search Online Inquiry Note: This Data is for OFFICIAL CAP USE ONLY . All other use is prohibited. All access is logged by the MemberID of the searcher and the search criteria selected. Enter search criteria in the fields below. To view your entire unit, do not enter or select anything, click on the Search button.

You may search by CAPID, First and Last Name, or Region, Wing and Unit

I hate to spell this out in a simplistic fashion, but your qualification badges on your uniform are not an electronic system containing data that we're required to prevent unauthorized disclosure of.   


Bottom line: we've been specifically told and agreed to use eServices for "OFFICIAL USE ONLY."   This is to avoid Lt Col Bagodonuts using his official access to eServices and CAPWATCH from using that data for non-CAP purposes.   How angry would you be if you started getting spammed by Joe Blow's Surplus Store in Backwater, Idaho because someone who had access to CAPWATCH decided to sell your data to a 3rd party entity?   You'd stand here on CAP-Talk and scream bloody murder.


Idly looking up a member's info, for whom you have no official reason to do so, is the same thing.

[Garibaldi]

OK. Obviously I've stirred up a hornet's nest with this. It was wrong for me to do so, even more wrong to mention that I have done so. It will not happen again. Starfleet Aux is correct in his assessment as to why I did it. I am not making any excuses for it. Period. It's done, I apologize to the good captain if she reads this, and it will not happen again. I violated OPSEC and the core value of integrity. My membership is up at the end of the month and I will make a decision on my continued participation in CAP at that time. I've nothing left to offer the board here, so I will leave you in peace.

[SAREXinNY]

OK. Obviously I've stirred up a hornet's nest with this. It was wrong for me to do so, even more wrong to mention that I have done so. It will not happen again. Starfleet Aux is correct in his assessment as to why I did it. I am not making any excuses for it. Period. It's done, I apologize to the good captain if she reads this, and it will not happen again. I violated OPSEC and the core value of integrity. My membership is up at the end of the month and I will make a decision on my continued participation in CAP at that time. I've nothing left to offer the board here, so I will leave you in peace.

Just my opinion, it was a minor lapse in judgment.  Sometimes we do things like that without recognizing that it wasn't the smartest thing to do until it's too late.  Someone points it out, and you're like "crap, yes, I did mess up."  At least you accepted responsibility (which makes a huge difference in my opinion).  Learn from it and move on.  It was a mistake, and as long as you still have an interest in CAP I hope you decide to stay.  It sounds like you have a lot to offer the program.

[Holding Pattern]

OK. Obviously I've stirred up a hornet's nest with this. It was wrong for me to do so, even more wrong to mention that I have done so. It will not happen again. Starfleet Aux is correct in his assessment as to why I did it. I am not making any excuses for it. Period. It's done, I apologize to the good captain if she reads this, and it will not happen again. I violated OPSEC and the core value of integrity. My membership is up at the end of the month and I will make a decision on my continued participation in CAP at that time. I've nothing left to offer the board here, so I will leave you in peace.

Just my opinion, it was a minor lapse in judgment.  Sometimes we do things like that without recognizing that it wasn't the smartest thing to do until it's too late.  Someone points it out, and you're like "crap, yes, I did mess up."  At least you accepted responsibility (which makes a huge difference in my opinion).  Learn from it and move on.  It was a mistake, and as long as you still have an interest in CAP I hope you decide to stay.  It sounds like you have a lot to offer the program.

Well Written.

[The CyBorg is destroyed]

OK. Obviously I've stirred up a hornet's nest with this. It was wrong for me to do so, even more wrong to mention that I have done so. It will not happen again. Starfleet Aux is correct in his assessment as to why I did it. I am not making any excuses for it. Period. It's done, I apologize to the good captain if she reads this, and it will not happen again. I violated OPSEC and the core value of integrity. My membership is up at the end of the month and I will make a decision on my continued participation in CAP at that time. I've nothing left to offer the board here, so I will leave you in peace.

I always told cadets that there is a difference between an error and a mistake.

Anyone can make an error, and goodness knows I've made my share of them, many of them publicly viewable on this board.

An error only becomes a mistake if you refuse to correct it and/or you refuse to admit culpability/responsibility.

You made an error.  Cut yourself a bit of slack. (I openly admit my hypocrisy on this as my wife calls me my own worst enemy.)  Nobody died and the world did not shift on its axis.

If someone in CAP higher up the food chain calls you on the carpet, simply admit your error.

As a former 15+ year IT guy with an honours degree in computer science, who spent several years making networks/databases as secure as I possibly could, I will tell you this:  there is no such thing as completely secure cyber-information.

I got fired from one job because the daily information of the company was done on tape backup...and then the tapes were stored right above the server, in an unlocked cabinet.  I argued to the owner several times that the storage site for the backups should be offsite, in a locked facility, in locked cabinets, with keyholders being limited to owner/management/IT staff.  He said "we can't spend the money."  Well, he could spend money for his tricked-out yacht but not for security for his company's information...and I said so.  I have no regrets.

During my last tenure in CAP ('09-'15), when I saw all the things that were put online that were not before, I was mildly horrified, especially the Member Search function being available to nearly anyone who wants it.

If I would have had it my way, I would have constructed Member Search to only be available to the following:

Squadron level (not searchable outside one's own squadron):
Commanders/deputy commanders
Personnel
Professional Development
Administrative

Wing level (not searchable outside one's own wing):
Commanders/deputy commanders
Personnel
Professional Development
Administrative
Chaplains
What few AF liaison people may be there

And so on up the chain to National/BoG/CAP-USAF.

I can also tell you, from experience as a network manager, that no matter how you try, you cannot completely erase your tracks from searching databases.  I've known that since I was assistant manager on an ancient AS-400 mainframe almost 30 years ago.

No matter how much you think you've wiped a hard drive...there are still traces.   The only sure "cure" for that is to literally dismember the hard drive, and I have done plenty of those.  At one job I kept a variety of screwdrivers, hammers and battery-powered drill for just that purpose.

Garibaldi, you have always seemed like one of the "good guys" in CAP to me.  CAP needs people like you to counterbalance all the egos, personalities, etc.  You can do what you will, of course, but I would hate to see you leave CAP just because you made an error and got excoriated on CT for it.

[754837]

Nice hijack of the thread!

[Luis R. Ramos]

Garibaldi, I sentence you to 5 lashes with a wet noodle whip for your mistake. There is additional punishment. Continue giving the excellent advice you have given to others here on CAPTalk, and working with our youth in whichever CAP unit(s) you end up in until ya retire!

[SAREXinNY]

Nice hijack of the thread!

No hijack. The topic simply evolved. Plus, I think everything that should have been said, has been said.  Maybe it's time we give this one a lock.

[Panzerbjorn]

If you are not my squadron commander,  in my squadron, or a personnel officer, please turn your head and do not view my qualification badges.  You are just viewing them to satisfy personal curiosity and clearly not for official use.  Thank you.

your qualification badges on your uniform come with a "FOR OFFICIAL USE ONLY" disclaimer?

You're specifically disclaimed in CAP's OPSEC training or the NDA that I agreed to? (must have missed that one)

How about we try this again?

https://www.capnhq.gov/CAP.eServices.Web/NL/PrivacyLegal.aspx
(these are the legal terms under which you are using eServices)

PRIVACY INFORMATION
Warning: THE INFORMATION YOU ARE RECEIVING IS PROTECTED FROM INTERCEPTION OR DISCLOSURE. ANY PERSON WHO INTENTIONALLY DISTRIBUTES, REPRODUCES, OR DISCLOSES ITS CONTENTS IS SUBJECT TO THE PENALTIES SET FORTH IN 18 UNITED STATES CODE SECTION 2511 AND/OR RELEATED STATE AND FEDERAL LAWS OF THE UNITED STATES.

Nevermind the obvious misspelling.. ugh

and

LEGAL INFORMATION
THIS SITE IS PROVIDED AS A PUBLIC SERVICE BY CIVIL AIR PATROL NATIONAL HEADQUARTERS. THIS SITE IS INTENDED TO BE USED BY AUTHORIZED MEMBERS FOR VIEWING, REQUESTING, AND RETRIEVING INFORMATION ONLY. UNAUTHORIZED ATTEMPTS TO UPLOAD OR CHANGE INFORMATION ON THIS SERVICE ARE STRICTLY PROHIBITED AND MAY BE PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986.

How about this?
http://capnhq.custhelp.com/app/answers/detail/a_id/1870/session/L3RpbWUvMTQ1NTk4Mjc1MS9zaWQvNDRURTl6Sm0%3D

You're denied access to eServices unless you agree to the NDA and take OPSEC training. (IOW, you are agreeing to be bound under the terms of the NDA, etc, while you use eServices.)

How about this?
http://capnhq.custhelp.com/app/answers/detail/a_id/1547/kw/%22official%20use%20only%22/session/L3RpbWUvMTQ1NTk4Mjc1MS9zaWQvNDRURTl6Sm0%3D

See CAP eServices Member Search Online Inquiry Note: This Data is for OFFICIAL CAP USE ONLY . All other use is prohibited. All access is logged by the MemberID of the searcher and the search criteria selected. Enter search criteria in the fields below. To view your entire unit, do not enter or select anything, click on the Search button.

You may search by CAPID, First and Last Name, or Region, Wing and Unit

I hate to spell this out in a simplistic fashion, but your qualification badges on your uniform are not an electronic system containing data that we're required to prevent unauthorized disclosure of.   


Bottom line: we've been specifically told and agreed to use eServices for "OFFICIAL USE ONLY."   This is to avoid Lt Col Bagodonuts using his official access to eServices and CAPWATCH from using that data for non-CAP purposes.   How angry would you be if you started getting spammed by Joe Blow's Surplus Store in Backwater, Idaho because someone who had access to CAPWATCH decided to sell your data to a 3rd party entity?   You'd stand here on CAP-Talk and scream bloody murder.


Idly looking up a member's info, for whom you have no official reason to do so, is the same thing.

The key words seem to be distribution, reproduction, and disclosure.  None of what has been talked about fall under those categories.  Simply looking up a member's qualifications, such as bringing up a member's 101 card, appears to be covered by the viewing, requesting, and retrieving information section.

We're not talking about selling email addresses, personal addresses, or social security numbers here.  We're talking about verifying the claims of someone by doing something simple like bringing up their 101 card. 

To be honest, if some surplus store in Idaho is sending me sales circulars based on discovering that I'm AOBD qualified, I'd be curious to know what they have for sale that they believe will make my job easier.

[lordmonar]

The key words seem to be distribution, reproduction, and disclosure.  None of what has been talked about fall under those categories.  Simply looking up a member's qualifications, such as bringing up a member's 101 card, appears to be covered by the viewing, requesting, and retrieving information section.

We're not talking about selling email addresses, personal addresses, or social security numbers here.  We're talking about verifying the claims of someone by doing something simple like bringing up their 101 card. 

To be honest, if some surplus store in Idaho is sending me sales circulars based on discovering that I'm AOBD qualified, I'd be curious to know what they have for sale that they believe will make my job easier.

If you have no official need to look up a member's data.....you should not be looking up a members data.
That's the point.  It does not matter what you do with it.  It does not matter what data you are looking up. 

IF YOU DO NOT HAVE AN OFFICIAL REASON TO DO IT.......DON'T DO IT.

Sorry for yelling.

[Panzerbjorn]

We'll just leave it open to interpretation on what constitutes "official need" then and expect one to use their best judgement. 

If I start receiving junk mail from Idaho surplus stores, then I can presume someone did not use good judgement when it came to looking up my qualifications.  But honestly, let it be known that I have no problem with anyone looking at my 101 card for whatever reason...except to sell my qualifications to Idaho surplus stores.  I shall put a caveat there.

[Holding Pattern]

Good to know the Washington surplus stores are fair game.

[Holding Pattern]

So I finally watched the blurb on her, and... it looks like Hollywood played fast and loose with the video editing. My guess is her actual interview said very different things in context and this was reconstructed to sound "better" to viewers.

[PHall]

So I finally watched the blurb on her, and... it looks like Hollywood played fast and loose with the video editing. My guess is her actual interview said very different things in context and this was reconstructed to sound "better" to viewers.

And this surprises you how?

[NIN]

So I finally watched the blurb on her, and... it looks like Hollywood played fast and loose with the video editing. My guess is her actual interview said very different things in context and this was reconstructed to sound "better" to viewers.

I nearly guarantee that to be the case

[NIN]

We'll just leave it open to interpretation on what constitutes "official need" then and expect one to use their best judgement. 

If I start receiving junk mail from Idaho surplus stores, then I can presume someone did not use good judgement when it came to looking up my qualifications.  But honestly, let it be known that I have no problem with anyone looking at my 101 card for whatever reason...except to sell my qualifications to Idaho surplus stores.  I shall put a caveat there.

Good to know.

[RiverAux]

Sort of wish she was a bit more of an engaging "character".