New Computer Banner Balances Security, Privacy Considerations
By Donna Miles
American Forces Press Service
WASHINGTON, Jun. 6, 2008 A new notice on Defense Department computer screens ensures users understand that their e-mails are subject to monitoring, but also reinforces specific user privacy and confidentiality protections, a senior defense official said.
The new language represents the first change since 1997 to the “notice and consent” banner that appears each time a user logs onto a Defense Department network or information system. Similar changes were made to DoD’s information system user agreement.
While clarifying the scope of the Defense Department’s authorized monitoring of its networks and information systems, the revised language preserves the privacy and confidentiality of certain types of privileged communications, according to John G. Grimes, the department’s chief information officer.
“These changes to the banner and user agreement language help clarify the user's understanding of the broad nature of DoD's authorized monitoring practices, while simultaneously reaffirming DoD's commitment to respecting and protecting important private and confidential communications that are guaranteed for its personnel,” Grimes said.
“Privileged” communications between Defense Department users and their attorneys, clergy or psychotherapists receive additional protections against monitoring.
“Although DoD has a long history of respecting such privileged relationships, the previous banner language did not expressly identify this protection for the user,” Grimes said. “For the first time ever, the DoD banner and user agreement now specifically addresses these important protections.”
The new banner notifies users that their systems may be monitored for purposes including “penetration testing, COMSEC (communications security) monitoring, network defense, quality control, and employee misconduct, law enforcement and counterintelligence investigations.”
It also includes a paragraph clarifying that passwords, access cards, encryption and biometric access controls are used to provide security for the benefit of the government – not to provide personal privacy to employees.
A shorter notice will appear on government BlackBerry devices and other personal digital assistants and personal electronic devices.
Grimes emphasized that the new language clarifies longstanding DoD policy and practice. The revised banner will ensure all users of government computer systems understand the limited privacy protections, officials said.
Defense Department officials said monitoring is critical in ensuring government systems aren’t compromised by viruses or hackers, and to identify threats as early as possible. “In order to protect DoD information systems, DoD needs to be able to monitor all traffic flowing through and across DoD systems,” an official said.