Another wannabe web site scare tactic?

[RiverAux]

Following up on the thread of posting FOUO on documents posted on CAP websites, comes this statement found at the bottom of another Wing's website:

WARNING: The information you are receiving is proctected from interception or disclosure. Any person who intentionally distributes, reproduces, or discloses its contents is subject to the penalties set forth in 18 United Staes Code Section 2511 and/or related state and federal laws of the United States.

Now, I have seen such phrasing on emails popping up in various places inside and outside CAP, but in looking at the actual law cited, it is all about improperly intercepting electronic communications. 

What makes it especially "wannabe" is this phrase in the actual law:

(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

What is a public web site other than an electronic communication system that is readily accessible to the general public?

Now, if there were secure sections of the web site, it would probably be appropriate to post that warning there, but on the main home page?

[PhoenixRisen]

From those I've talked to who maintain CAP websites (I'm working on the one for my new squadron, myself), the majority never understood that it only needed to be displayed in areas like you mentioned (e.g. before entering a restricted access site with, say, personal member info on it).  Some others (very few, though) say they simply put it there "just in case". (In case of what... I have no clue.)

Not to hijack the thread, but I've got one semi-related / non-related question.  My wing (CAWG) has a DoD security warning page on their site (see here).  Is this something that should be added to squadron websites, as well?  (It contains the previously mentioned Section 2511 USC wordage, too.)

http://cawg.cap.gov/html/security.htm

[RiverAux]

I doubt the cap.gov domain is an actual DoD system to which that would apply, but I could be wrong.  I'm not aware of what sort of agreements are in place that let CAP use a .gov extension.  It is possible that some DoD thing would apply, but I really doubt it would apply to any CAP web sites not on .gov.  Personally, unless the CAP internet regulation says to put it there, we probably shouldn't. 

[PhoenixRisen]

In going to the .GOV domain registrar's website (www.dotgov.gov) and doing a WHOIS search for the CAP.gov domain, it states that it is registered to:

CIVIL AIR PATROL
Department of Defense


Go here and type in "CAP.gov" in the search box.

https://www.dotgov.gov/whois.aspx

[SARMedTech]

Following up on the thread of posting FOUO on documents posted on CAP websites, comes this statement found at the bottom of another Wing's website:

WARNING: The information you are receiving is proctected from interception or disclosure. Any person who intentionally distributes, reproduces, or discloses its contents is subject to the penalties set forth in 18 United Staes Code Section 2511 and/or related state and federal laws of the United States.

Now, I have seen such phrasing on emails popping up in various places inside and outside CAP, but in looking at the actual law cited, it is all about improperly intercepting electronic communications. 

What makes it especially "wannabe" is this phrase in the actual law:

(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

What is a public web site other than an electronic communication system that is readily accessible to the general public?

Now, if there were secure sections of the web site, it would probably be appropriate to post that warning there, but on the main home page?

As a former criminal law paralegal who dealt regularly with the USC and a current medical/legal research paralegal I can tell you that what 18 USC 2511 was intended to do was to protect materials being sent via fax, and in particular those which may have been inadvertently been sent to the wrong fax number. More specifically it was created to protect the use, or more accurately the illegal misuse of government and legal documents. For example, I can't even recall the vast number of times when I worked as paralegal to the lead counsel in a defense law firm we received documents pertaining to disclosure and discovery which were intended for internal use by the prosecution, not required to be disclosed under discovery laws and which, therefore, we were not entitled to use in any way either as exculpatory evidence or in any one of a hundred other ways. That is why that section  of US Title 18 is worded as it is. Of course it is also illegal to send unsolicited faxes to someone's fax number, but that is a little harder to enforce.  Basically what we are dealing with here is a method to protect some office worker or someone hanging around an office where sensitive or otherwise FUOU information may be transmitted via facsimile or on an email screen which may be accidentally left open and thus in "public" view from using such material for their own personal gain or illegal activity. You seem to be against this kind of thing, but if a FUOU fax about you was sent to your squadron's CO, and someone else got to it first or got to an email screen and printed the email containing FUOU information about you, wouldnt you want to have some legal protection and hence redress if it were in some way used against you. Say it was an internal CAP fax concerning to your sqrns HSO concerning your medical conditions or overall health....Would you want that tacked up on the bulletin board without being able to take action against the person doing so?

[JC004]

I cannot imagine that the notice needs to be on public pages, given its warning.  I keep it in the secret areas of the PAWG site, but that's it.  The only thing we do on the public pages in the link disclaimer.

[PhoenixRisen]

I cannot imagine that the notice needs to be on public pages, given its warning.  I keep it in the secret areas of the PAWG site, but that's it.  The only thing we do on the public pages in the link disclaimer.

I just sent an e-mail to the CAWG webmaster questioning whether it's necessary or not to place the DoD security notice on squadron websites (the DoD notice can be found on the CAWG site (found here), and he replied in the affirmative.

That's new to me.

[afgeo4]

I cannot imagine that the notice needs to be on public pages, given its warning.  I keep it in the secret areas of the PAWG site, but that's it.  The only thing we do on the public pages in the link disclaimer.

I just sent an e-mail to the CAWG webmaster questioning whether it's necessary or not to place the DoD security notice on squadron websites (the DoD notice can be found on the CAWG site (found here), and he replied in the affirmative.

That's new to me.

DoD notices do not belong on non-DoD websites.

IF the DoD owns and operates the www.cap.gov website then any unit using the cap.gov domain should probably use the disclaimer. If the unit's website is on some other website, then the disclaimer would be improper.

[PhoenixRisen]

I cannot imagine that the notice needs to be on public pages, given its warning.  I keep it in the secret areas of the PAWG site, but that's it.  The only thing we do on the public pages in the link disclaimer.

I just sent an e-mail to the CAWG webmaster questioning whether it's necessary or not to place the DoD security notice on squadron websites (the DoD notice can be found on the CAWG site (found here), and he replied in the affirmative.

That's new to me.

DoD notices do not belong on non-DoD websites.

IF the DoD owns and operates the www.cap.gov website then any unit using the cap.gov domain should probably use the disclaimer. If the unit's website is on some other website, then the disclaimer would be improper.

I'm just sayin' what I was told...

[wingnut]

Nay sayers

18 U.S.C. §2511
Wire and Electronic Communications Interception and Interception of Oral Communications

This is for everyones protection, it is an anti hacker law. Nothing less, read it your self. Stop being so negative about WANNA BE. We are a Governmental Agency, we are connected with both the Military and Law Enforcement Agency activity. Many professional Organizations are using this warning, all my email from the County DA, or others has this warning now.

I will be adding it on my Squadron and Grp1 Emails. Why are you worried about things you perceive to be what we exactly are THE AUXILARY OF THE UNITED STATES AIR FORCE.

[SARMedTech]

I'm not worried. I agree with you one hundred percent as far as the Title 18 warning being on DoD or other FUOU docs. When I worked in a law office, all of our faxed documents had this warning on them, along with the advisory to notify the send and destroy the document if you were not its intended recipient.

[DNall]

seriously? It's not like any of this means anything. You really think media seeing that notice (if they read it) under a freq list would prevent them putting them in a scanner? Or using details of an ops plan for whatever purpose? If you put data in the public domain, then it's out there regardless of what warning you send with it. The warnings are a very ineffective way to scare people off. You should use one, but don't get all wrapped up in it. If USC cited isn't quite perfect (as in the above case), it doesn't really matter. No one is going to go look it up, or make a legal judgment about that being applicable or not.

[RiverAux]

Unless directed to do so by the CAP regulation or by a CAP lawyer I don't think its a good idea at all to start putting legal warnings about prosecution on a web site.   

[Ricochet13]

Unless directed to do so by the CAP regulation or by a CAP lawyer I don't think its a good idea at all to start putting legal warnings about prosecution on a web site.   

Ditto!  And even then I'd be real sceptical.

[Duke Dillio]

CAPR 110-1:

7. Personal Information. Personal information regarding CAP members or employees, including but not limited to, social security number, residence address, date of birth, should only be made available through CAP internet operations to those individuals who have a specific need to have such information for official CAP business only. When this information is placed on a web server as part of a CAP internet operation, reasonable security, such as password access, should be implemented to protect the information. Such information when included in a CAP internet operation shall be accompanied by the following notice:

Warning: The information you are receiving is protected from interception or disclosure. Any person who intentionally distributes, reproduces or discloses its contents is subject to the penalties set forth in 18 United States Code Section 2511 and/or related state and federal laws of the United States.

[RiverAux]

Exactly....should be on the part of the web page that isn't open to the public, not on the public part of the site. 

[Brad]

I include the warning in CAP emails I send out, in addition to digitally signing them, that way the recipient knows they are authentic and untampered with.

[Gunner C]

I cannot imagine that the notice needs to be on public pages, given its warning.  I keep it in the secret areas of the PAWG site, but that's it.  The only thing we do on the public pages in the link disclaimer.

"SECRET areas".  Highly doubtful.  If you have an area in your website that has anything that is SECRET, there is a bunch of folks going to jail.

GC

[Gunner C]

I include the warning in CAP emails I send out, in addition to digitally signing them, that way the recipient knows they are authentic and untampered with.

At work, we have the same FOUO warning, along with an SSI (sensitive security information - not to be confused with SCI) warning.  Not all of the info we send out is FOUO or SSI, but we use it anyway.

GC

[JC004]

I cannot imagine that the notice needs to be on public pages, given its warning.  I keep it in the secret areas of the PAWG site, but that's it.  The only thing we do on the public pages in the link disclaimer.

"SECRET areas".  Highly doubtful.  If you have an area in your website that has anything that is SECRET, there is a bunch of folks going to jail.

GC

Not secret classification, d00d.  Secret location from people who don't need to see it.