Skip to content

FW: Wikileaks data on Gov’t Computers & Personal Owned

Received the following email regarding the official Army policy on Wikileaks, at least for my unit:

From: [redacted]
Sent: Wednesday, December 08, 2010 4:03 PM
To: 2-2 AVN Staff; 2-2 ASLT COs; 2-2 ASLT 1SGs
Subject: FW: Wikileaks data on Gov’t Computers & Personal Owned
Computers (UNCLASSIFIED)
Importance: High

ALCON,

Below is the guidance for viewing material on Wikileaks’ website. ┬áTo
summarize the below, the Wikileaks website is not to be viewed on a
Government computer, the information is still considered to be
classified and any computer found containing classified information
(i.e. information from Wikileaks) will confiscated and subsequently
wiped.

If there are any questions please contact the S2 office.

v/r

[redacted]
CPT, MI
2-2 AASLT BN S2

—–Original Message—–
From: [redacted]
Sent: Wednesday, December 08, 2010 11:05 AM
To: [redacted]
Subject: Wikileaks data on Gov’t Computers & Personal Owned Computers
(UNCLASSIFIED)
Importance: High

BLUF: Do not view released or published classified data found on the
internet (Open Source) on unclassified Government systems OR on personal
owed systems. (See caveats)

Department of the Army policies regarding the issue can be found in AR
380-5 Information Security and AR 25-2 Information Assurance. All of the
information is still considered classified. Although now that it can be
found via open source, DOD still considers it as classified until
further notice and should not be viewed or process on a designated
unclassified government computer. Should a unclassified computer be
found containing classified information, it will need to be isolated and
wiped to remove the information.

As for viewing the information via personal computer, I have not seen
any official message traffic preventing military personnel from viewing
the information; however should a personal laptop be found with
classified information on it, it will be confiscated with the potential
for a 15-6 investigation based on the information on an unapproved
system and improper storage.

AR 380-5, Chapter 10-2 a.

and

AR 25-2

4-31. Employee-owned information systems a. Prohibit the use of
employee-owned information systems (EOISs) for classified or sensitive
information.

AR 25-2 Chapter 3-3

c. General users. Use of Government IS and access to Government networks
is a revocable privilege, not a right.

Users are the foundation of the DiD strategy and their actions affect
the most vulnerable portion of the AEI. Users must have a favorable
background investigation or hold a security clearance and access
approvals commensurate with the level of information processed or
available on the system. Users will-

(1) Comply with the command’s AUP for Government owned ISs and sign an
AUP prior to or upon account activation.

(2) Complete initial and/or annual IA training as defined in the IA
training BBP (https://informationassurance.us.army.mil
<https://informationassurance.us.army.mil/> ).

(3) Mark and safeguard files, output products, and storage media per the
classification level and disseminate them only to individuals authorized
to receive them with a valid need to know.

(4) Protect ISs and IS peripherals located in their respective areas in
accordance with physical security and data protection requirements.

(5) Practice safe network and Internet operating principles and take no
actions that threaten the integrity of the system or network.

(6) Obtain prior approval for the use of any media (for example, USB,
CD-ROM, floppy disk) from the SA/ IAM.

(7) Scan all files, attachments, and media with an approved and
installed AV product before opening a file or attachment or introducing
media into the IS.

(8) Report all known or suspected spam, chain letters, and violations of
acceptable use to the SA, IAM, or IASO.

(9) Immediately stop using an infected IS; and report suspicious,
erratic, or anomalous IS operations, and missing or added files,
services, or programs to the SA/IASO in accordance with local policy.

(10) Not disclose their individual account password or pass-phrase
authenticators.

(11) Invoke password-protected screen locks on your workstation after
not more than 15 minutes of non-use or inactivity.

(12) Logoff ISs at the end of each workday.

(13) Access only that data, control information, software, hardware, and
firmware for which the user is authorized access.

(14) Access only that data that they are authorized or have a need to
know.

Should someone have additional information regarding this issue please
send to me so I can review and disseminate.

V/r,

CPT [redacted]
BDE S2, 2 CAB, 2 ID

I’ve redacted the names in the emails; what matters is that they came from the BDE and BN S2. For those of you not in the Army, the S2 is the information security office; the bit of each unit in charge of classification, and the officer who signs as S2 is the person in charge of information security for that unit.

The policy they lay out here actually seems pretty sane to me: even though they’re threatening confiscation and erasure of personal computers discovered to have classified data on them, it’s not like they’re proposing to audit everyone’s individual PC; they’re just reiterating already extant policy. As it stands, on your own time and internet you’re perfectly free to look at this; just turn on porn mode and prevent your browser from caching anything!

RSS feed

Comments

No comments yet.

Sorry, the comment form is closed at this time.