Saturday, March 06, 2010

U.S. DoD pulls head out of rectum, still waiting for DND to do the same

Way back in April of 2005, the U.S. military was putting social media policy together rather piecemeal. But a number of commentators were encouraged at the time by the openness of the blogging directive put out Multi-National Corps - Iraq (pdf). It essentially said that military bloggers had to register their websites with their chain of command, the immediate supervisor was charged with monitoring for OPSEC, and any violations of policy would be punished under the UCMJ. In other words, 'trust and monitor'.

Then in April of 2007, the hammer came down in the form of AR 530-1 (pdf) (see p.12), which said:

All Department of the Army (DA)personnel (active component, reserve component to include U.S. Army Reserve, Army National Guard, and DA civilians), and DOD contractors will —
g. Consult with their immediate supervisor and their OPSEC Officer for an OPSEC review prior to publishing or posting information in a public forum.
(1) This includes, but is not limited to letters, resumes, articles for publication, electronic mail (e-mail), Web site postings, web log (blog) postings, discussion in Internet information forums, discussion in Internet message boards or other forms of dissemination or documentation.


That restrictive 'prior approval' tone echoed Canadian guidance issued in CANFORGEN 136/06 CDS 050/06:

4. CF MEMBERS ARE TO CONSULT WITH THEIR CHAIN OF COMMAND BEFORE PUBLISHING CF-RELATED INFORMATION AND IMAGERY TO THE INTERNET, REGARDLESS OF HOW INNOCUOUS THE INFORMATION MAY SEEM. THE CHAIN OF COMMAND HAS ACCESS TO EXPERT ADVISORS, SUCH AS PUBLIC AFFAIRS AND INTELLIGENCE STAFFS, WHO WILL ENSURE THAT SUCH PUBLISHED INFORMATION IS NOT ULTIMATELY PREJUDICIAL TO CF OPERATIONS AND PERSONNEL


Remember, if a reporter at KAF walks up to a Canadian battle group soldier, sticks a microphone and camera into his face, and asks what it's like going out on a foot patrol in Panjwaii, that soldier is allowed to answer. The soldier has to be cognizant of OPSEC and stay in his lane, but he can talk about what he does. But if that exact same soldier says the exact same thing on a website, he's violating policy. That makes absolutely no sense to me.

Those on both sides of the border who have argued for tight restrictions have always cited OPSEC concerns. But the reality is that U.S. DoD internal studies showed that the real OPSEC risk on the internet isn't milbloggers, it's "official" sites:

“For years, members of the military brass have been warning that soldiers' blogs could pose a security threat by leaking sensitive wartime information. But a series of online audits, conducted by the Army, suggests that official Defense Department websites post far more potentially-harmful than blogs do.

The audits, performed by the Army Web Risk Assessment Cell between January 2006 and January 2007, found at least 1,813 violations of operational security policy on 878 official military websites. In contrast, the 10-man, Manassas, Virginia, unit discovered 28 breaches, at most, on 594 individual blogs during the same period.”


So finally, the U.S. Department of Defence has extracted head from rectum and put out a more reasonable social media policy (pdf). The New York Times, of all places, has a decent summary of the high points:

"This directive recognizes the importance of balancing appropriate security measures while maximizing the capabilities afforded by 21st Century Internet tools," said Deputy Secretary of Defense William J. Lynn III in a statement.

...

Lindy Kyzer, who advices the Army's Chief of Public Affairs on social media issues, said that while the new policy does leave much discretion in the hands of local commanders, it also opens up access to social networking in several significant ways.

First, she said, all military units will be required to open access to social networking sites at least initially. And when they restrict access, she added, those restrictions are supposed to be temporary. That means, for instance, that the Marine Corps must end its ban on access to most social networking sites. And the Army, which has a list of banned sites, including YouTube, must make those sites available.

"DoD is moving away from the silly notion of having 'blacklisted' social media sites and saying, 'We're not going to lay down the hammer and tell you where you can and cannot go, we're going to mitigate risk as it comes,'" Ms. Kyzer said in an email message.


Seems pretty sensible to me.

In Canada, we trust our soldiers with matters of life and death: we don't require them to get their commander's approval before pulling the trigger on their rifle, we give them guidance and trust their judgment. And we punish them if they disobey the rules. Why can't we do the same with blogging and other forms of social media?

As prominent U.S. milblogger Matt Burden says, "My tenet is: If you restrict it too much, the only ones blogging will be the ones who don’t care about the rules." Absolutely.

0 Comments:

Post a Comment

<< Home