DoD Official Policy on New/Social Media

[TheSiatonist]

Wondered what you guys think of this....


DoD Official Policy on New/Social Media

The Department of Defense released its official policy on new/social media today. The policy (Directive-Type Memorandum 09-026), which is effective immediately, states that the default for the DoD non-classified network (the NIPRNET) is for open access so that all of DoD can use new media. This is DoD’s first official policy on new media. Prior to today, the Services and other DoD components developed and implemented their own ad hoc policies — some banning it all together. Under this new policy, there will be open and consistent access across the board, but prohibited content sites (gambling, pornography, hate-crime activities) will still be blocked. Also, Commanders at all levels and heads of DoD components will continue to keep networks safe from malicious activity and take actions, as required, to safeguard missions.

Service members and DoD employees are welcome and encouraged to use new media to communicate with family and friends — at home stations or deployed — but it’s important to do it safely. Keep in mind that everyone has a responsibility to protect themselves and their information online, and existing regulations on ethics, operational security, and privacy still apply. Be sure never to post any information that could be considered classified, sensitive, or that might put military members or families in danger.

You can view the DTM here.

Here's a sample outcome: Facebook - US Ship Movements


Source

[x SF med]

Sandman-
Good post- scary as hell, considering some of the idiotic stuff military people post, and then wonder why they get in trouble - this is just going to make it worse...

I'm torn here - command oversight or private access... which is better. Until people start using their brains in what they post - especially from denied areas - stick to letters - ease of dissemination of information to those outside your unit is creating a quagmire of OPSEC/PERSEC issues, that's only going to get worse.

[LongWire]

Sure to get messy. I see a lot of Opsec/Persec problems for the future.

[rubberneck]

I have a first cousin who is a Captain in the Navy. His wife has a facebook page (he doesn't and never will) and I am on her list of friends. Bored one day I went through her friends list and saw a couple Captains and an Admiral with their own pages. To make matters worse they all had pictures of their families on their pages with the names of their kids and spouses tagged in the photo's. I was surprised with how much information they felt comfortable putting out there considering their jobs.

[Masochist]

DoD, just like other government agencies, has shown to be reactive and not proactive. Not until the MSM regularly disseminates articles showing that the mission was compromised because of PVT Snuffy's MySpace posts or that a soldier's family has been targeted by the bad guy because he lists their entire life history on Facebook will the majority think this is a bad idea.

[Masochist]

Quote:

Originally Posted by rubberneck

I went through her friends list and saw a couple Captains and an Admiral with their own pages. To make matters worse they all had pictures of their families on their pages with the names of their kids and spouses tagged in the photo's. I was surprised with how much information they felt comfortable putting out there considering their jobs.

Now just imagine what thousands of day-one privates and officers, who have been groomed in the MySpace/Facebook/Twitter era and with little situational awareness in this AO, might post. And since their boss has said it's okay, then it must be completely safe.

Will we see more mandatory training briefs on Internet SA in the future? I sure hope so.

[TheSiatonist]

^^ I shudder at the thought.

[Pete]

Israeli raid called off after Facebook slip

http://www.sfgate.com/cgi-bin/articl...3S95.DTL&tsp=1

[nmap]

The problem isn't just the information posted to such sites; rather, the information acquired at such sites provides a gateway to many other things. Even if one is fastidious about OPSEC/PERSEC on the specific site (facebook/myspace), the sites provide key information.

For example - let us suppose that the admiral mentioned above provides nothing but his city and state, along with his name and a picture. In at least some locales - mine, for example - one can use the name to search the public information at the property tax office and the country clerk's office. In most instances, this provides the name, physical address, and other useful information.

One can then put the name into Google and get further information. Subscription based databases (publicdata.com, Knowx.com) provide further depth for a cost that ranges from negligible to modest.

In addition, if one "friends" those at such sites, one generally gets access to their other friends. It is not unusual for people to automatically approve "friend" requests. That provides quite a lot of information to someone who one may not really know.

No doubt this is mostly old information to some here.

[Masochist]

Makes you wonder how the DoD's new policy will jive with the ability to obtain security clearances.

Quote:

Originally Posted by Surgicalcric

Dont have a link for it, as it was sent to me by my S2.

Something to think about nonetheless......

Commentary: Social sites risk security clearance
By GREG RINCKEY
November 02, 2009

If you hold a security clearance or if you ever want to apply for one, be mindful of your postings and contacts online, particularly on social networking sites such as Facebook and Twitter. These sites pose risks to gaining and keeping a security clearance.

Question 14 of the National Agency Questionnaire (SF-86) asks for names of your relatives and associates. The term “associate” is defined as any foreign national that you or your spouse “are bound by affection, obligation, or close and continuing contact.”

Continuing contact with a foreign national used to include a clear exchange between both parties — visits outside the country, mail, phone calls or e-mails. Social networking sites bring a gray area into the definition of an associate and continuing contact. Your list of friends on Facebook may include foreign nationals, or you could have foreign followers on your Twitter page. Is giving
a foreign national access to your social networking page as a “friend” considered close and continuing contact even if you never directly message them? Is having access to your updated information enough for a person to be considered an associate? Unfortunately, this uncharted territory can ensnare a potential or current clearance holder.

Foreign intelligence agencies use social networking sites. They have been known to befriend Facebook users who automatically accept their “friend” requests.

I had a client who lost her security clearance after using an online chat room. She was seeking advice on how to beat a computer game while attending a gaming convention. The “gaming” experts she chatted with online were foreign intelligence agents working out of China.

You may want to eliminate any foreign nationals from your social networking sites to eliminate any potential security concerns. A clearance holder also needs to be responsible for what he or she posts online. These sites are considered “open source intelligence,” and mining information from them is simple. Anyone can do a Web search and bring up postings from Twitter and
Facebook. Technology companies are developing more sophisticated ways to monitor social networking sites, offering the ability to scan millions of online social conversations at once. Intelligence agencies around the world are taking advantage of this technology to gain valuable information.

Social networking sites are creating new territory for many workplaces. Just this month a Staten Island, N.Y., judge had to be transferred to a new location because of his Facebook use. The judge reportedly used the site to update his whereabouts and post pictures of his courtroom. The Pentagon also is weighing if troops deployed in Iraq and Afghanistan should continue to have social networking access.

When dealing with a security clearance, keep in mind the HAM principles: honesty, accuracy and mitigation. Honesty and accuracy are the most important factors when filling out an SF-86 questionnaire. It is always better to report a contact that could jeopardize your clearance, than to appear evasive or dishonest.

During an interview following your SF-86 submission, you’ll be asked more questions about your background. Discuss any concerns with an attorney before the interview. An attorney’s advice can give you a better chance at reversing an adverse determination. If a disqualifying condition is found, you want to show that the issue is not as severe as it appears. If you receive a letter of intent to deny or revoke a clearance, you could have as little as 45 days to respond. The appeal must be a thorough brief that emphasizes mitigating factors and cites relevant legal precedents.

Greg Rinckey, a former military and federal attorney, is managing partner of Tully Rinckey PLLC, a law firm with offices in Albany, N.Y., and Washington.
E-mail your legal questions to askthelawyer@federaltimes.com.

[Joe_Snuffy]

Quote:

Originally Posted by LongWire

Sure to get messy. I see a lot of Opsec/Persec problems for the future.

Don't have too look into the future, they've already happened. We've had guys in my unit who are in trouble for posting sensitive information/pictures on their Facebook pages.

These are the same idiots who take pictures inside of a C-130/C-17/Blackhawk/Chinook despite being told about a dozen times NOT to do that prior to boarding the aircraft. Some people just can't keep their mouths shut and do what they're told I guess.

Which reminds me, anyone here ever see that old Warner Bros cartoon [WWII era training films comissioned by the US Army to help get the point across while keeping the common man's attention] about OPSEC? [They're a couple that covered just that I think]. Good stuff.