US Gov't Briefing For All Employees: All Music Downloads Are Stolen, Risky
from the accuracy-not-so-important dept
A bunch of folks have sent over a post on Slashdot detailing how a mandatory US gov't briefing on "information security" uses incredibly hyperbolic and inaccurate information, including the idea that all music downloads are theft and insecure. You can see the (flash-heavy) video briefing. The actual part with the music downloads is pretty far into the presentation (you can jump forward through the chapters), when it hits an interactive bit where you get to go through "real-life scenarios" of "threats." In the bottom left corner, there's a scenario involving a colleague who says he's found a "cool site" from which you can "download music" and asks you how do you respond:- I'd rather download the music from home -- email me the link
- Is it safe to download?
- Since we're on our lunch hour, I see no harm. Here's my thumb drive!
- That's stealing.
Now, to be fair, it's rather obvious that the briefing is designed to keep gov't employees from using file sharing programs and potentially exposing confidential gov't documents via file sharing. And that's reasonable. But why not be accurate and honest about it? Lying about it makes no sense.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: briefings, downloading, federal government, file sharing, music, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Legal
However, that would then put into question the "Download from home" option that may eliminate their criminal liability.
It's pretty interesting that the videos like this get put together by people that really don't understand the topic though. I have to watch things like this regularly.
[ link to this | view in chronology ]
Re: Legal
So it's arguable that the information provided is factually correct. However, it's extremely misleading in that it seems to imply that the act of downloading music is always in and of itself illegal/immoral. The training should distinguish between illegal downloading, and legal downloading that violates DoD policy.
(I'm retired Navy now working as a Network Engineer on a DoD network. I haven't had to take this training yet but I probably will in the near future.)
[ link to this | view in chronology ]
Re: Legal
[ link to this | view in chronology ]
Re: Re: Legal
[ link to this | view in chronology ]
Re: Re: Legal
[ link to this | view in chronology ]
Re: Re: Re: Legal
[ link to this | view in chronology ]
Re: Re: Re: Legal
[ link to this | view in chronology ]
Re: Re: Re: Legal
[ link to this | view in chronology ]
Re: Re: Re: Legal
Terrorism is illegal therefore, 'That's terrorism' is the same as 'That's illegal.' And since 'That's stealing' is the same as 'That's illegal', 'That's stealing' is that same as 'That's terrorism.' Now that we have established that theft is terrorism, I suppose kids that steal candies at the supermarket should be sent to Gitmo for sleep deprivation interrogations...
Furthermore, copyright infringement is not theft. That's from the Supreme Court.
[ link to this | view in chronology ]
Awesome
I mean, the fight for vocabulary is a fairly public one, even though it doesn't get much mention: everything from the privatization of Encyclopedia and Dictionary producers, to industry involvement in the education system at a level that indicates collusion, etc. etc. etc.
Seriously, how is this not a blatant attempt to infuse new, industry driven terminology into the American public?
Anyone?
[ link to this | view in chronology ]
Re: Awesome
If the tireless "National Security" denial isn't invoked, that is...
[ link to this | view in chronology ]
Re: Re: Awesome
[ link to this | view in chronology ]
Re: Re: Re: Awesome
That's stealing.
[ link to this | view in chronology ]
Re: Re: Re: Re: Awesome
[ link to this | view in chronology ]
Re: Awesome
I mean, they have allowed RIAA a LOT of leeway in their social engineering litigation campaign (for starters the fact that they ALLOW the social engineering litigation campign at all). This could very well be the first indication of *forward thinking (problem avoidance in a twisted way) by the government in a long, long time.
This could be a wall of plausible deniability to prevent the music industrinuts from suing an entire government agency (again not normally permitted, but perhaps they are rightfully afraid of the leverage this industry has in congress).
Then again, you're probably right... its all propaganda mind control tricks.
[ link to this | view in chronology ]
If you click on the 'Learn More', it goes into a good explanation for why P2P software should not be used on government computer. It gives good, logical reasons as to the dangers of P2P software on both government and home computers, and especially highligh the security risk that it opens up.
The message in this section is pretty sound and reasonable. It's a shame they had to confuse the issue on the first part of the scenario.
[ link to this | view in chronology ]
It doesn't matter if the song is an mp3, a wav, or even a midi file. In fact, the song by Madonna that Microsoft used to show off Vista is a deadly WMD that can suddenly blow up the entire Internet and kill everyone right through their keyboard. We should be thankful that the DoD is looking out for us.
And seeing as how the author of that flash movie went to such great lengths to research exactly what they're speaking of. It's obvious they went to Harvard and got those two Master's degrees, especially with that list they wrote... You can see they really know how a list works in a document, too.
-------------------------------------------------
"P2P is used to download Other."
"Downloading without purchase is may result in criminal or civil liability."
-------------------------------------------------
Yeah, I want to download an 'other'. Nice to see the people running our government can't even put together a coherent sentence properly. What'd they do? Outsource the government officials and documentation, too??
[ link to this | view in chronology ]
Dowling V. United States, 473 U.S. 207 (1985)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
That's stealing.
[ link to this | view in chronology ]
Re: Re: Re:
That's stealing.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"That's Infringing!"
Yay!
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
I like the "here's my thumb drive" option. I wonder why that one is a bad idea. That one doesn't even put the music on the DoD computer, so the DoD PC Use Policy can't even be relevant.
Also, I like the way this video is delivered in Flash. I sure hope no copies of it were stored in temp caches, because that would be wrong, Davey.
[ link to this | view in chronology ]
Fear mongering
They claim this stuff is a service, but it's not. It's fear mongering, not informing. Feeding users disinformation does not help them protect gov't IT security.
[ link to this | view in chronology ]
Re: Fear mongering
Careful with that never word. It isn't likely, but given that most of the banking elite belong to globalist groups and societies that are supra-national and actively working to disolve borders, there may come a time when the US Govt. they are propping up is no longer of use to them...
[ link to this | view in chronology ]
Re: Re: Fear mongering
[ link to this | view in chronology ]
Re: Re: Re: Fear mongering
Sigh, no that would be stupid.
I's LINED w/tin foil...
[ link to this | view in chronology ]
Re: Re: Fear mongering
Um, 2 things: locking out the us gov't would cause a fair amount of chaos which would be BAD for banks.
If it didn't bring down the us gov't , when things calmed down, the us gov't would bring the wrath of god down upon the banks.
They'd never do it.
[ link to this | view in chronology ]
Re: Re: Re: Fear mongering
If it didn't bring down the us gov't , when things calmed down, the us gov't would bring the wrath of god down upon the banks.
They'd never do it."
Correct, but you're making two assumptions that I don't agree with.
#1. The people that actually OWN the bank, either in majority or entirity, are only concerned with traditional banking incomes: they aren't. First of all, when you're an international banking organization like the Rothschilds, the detriment of one economy for the good of another is fine, because you're financing both. Winners and losers don't matter, only control and money supply does.
#2 The government and the people that own the banks aren't the same people: they essntially are. When all of these people belong to the same country clubs, secret societies, and economics forums (CFR, Bilderburgers, etc.), where they discuss goals for government policy before the elected officials in the groups then carry them out, then they're effectively the same people.
[ link to this | view in chronology ]
Re: Fear mongering
[ link to this | view in chronology ]
A Web site for downloading music....
Then the various lectures you get when you hit wrong answers lecture you about P2P applications... Which CAN BE insecure, to various degrees depending on which ones you are talking about, let's be fair.
But if we are talking about a WEB SITE... And you are not supposed to use ANY P2P type program... (I'll generalize and simply assume they mean an application commonly used to download music)...
Doesn't that description by definition have to include your Browser?
[ link to this | view in chronology ]
it's a DoD thang!
They are not talking about your personal home computer, nor are they talking about some secretary in the White House Information Office, they are specifically talking about Department of Defense (DoD).
Not only are those computers federally owned equipment (which makes misuse -- including personal use -- a FELONY) but from my experience they either lock the computers in a safe every night, or they pull the hard drives and lock them in a safe every night.
These are the computers that you hear about on the news that the Chinese stole nuclear secrets from because some moron was running P2P software on.
Would I prefer that they not sound so draconian? Sure, but people have and will lose their jobs over being stupid (remember these are federal government employees we're talking about, not brain surgeons). Would it be nice if they said, download on your time from your computer may or may not be legal? Sure, but it isn't really the point of the presentation, nor the responsibility of the government.
On a side note, when you use Google toolbar to spell check Whitehouse, it suggests Whorehouse. Must be left over from the Clinton admin!
[ link to this | view in chronology ]
Re: it's a DoD thang!
[ link to this | view in chronology ]
Re: Re: it's a DoD thang!
For example: This is at the bottom of the Tricare Online web site:
* For Official Use Only (FOUO)
TRICARE Online is a Department of Defense (DoD) computer system. Use of this site is governed by multiple DoD policies and terms outlined in the center area. Many of these policies are designed to protect the privacy of your personal information. We encourage you to review these policies.
If the FOUO tag is there, this automatically means do NOT put your own stuff on it or use it for personal downloading.
[ link to this | view in chronology ]
Re: Re: Re: it's a DoD thang!
[ link to this | view in chronology ]
Re: Re: Re: Re: it's a DoD thang!
If this was a place where more than just an ADP II security clearance was required, I'm sure it would be must stricter.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: it's a DoD thang!
MUCH stricter...
[ link to this | view in chronology ]
Re: it's a DoD thang!
...nice...
[ link to this | view in chronology ]
Re: it's a DoD thang!
You can't use a browser without downloading things to your computer.
Are you seriously going to claim this is illegal?
But you do have some valid points about some government jobs, and some government computers. Not all government jobs, and not all government computers.
Some companies are just as strict, and just as sensitive to risk.
It is all about common sense, after all. If your system handles HIPAA data, or classified data, or documents with trade secrets ... you need a certain level of security, and security training for your users.
If your system is really just there for email and access to generally public information about your company.... you need a certain, much lower level of security.
To one extent or another, everyone with a job has need of both sorts of access. In my past jobs as a government military contractor, consultant to government human services, game development, Microsoft, IBM, and even my own companies, I generally used different machines (and accounts... yeah, I am that old) with different and appropriate levels of security.
And I have taken these courses (and courses like them) through the years. And yes, they are always stupid. You just turn your brain off about information, and on about what they want you to say, and you can pass them just fine.
[ link to this | view in chronology ]
Re: it's a DoD thang!
The truth is that Government IT runs about 3 or 4 or 5 or more years behind the normal world in terms of adopted technology because of fear, laziness, stupid vendor contracts, required training, and deployment testing. Not too long ago DoI was still defaulting to IE 6, long after IE 7 and 8 had been out, with users only allowed to use one of the new browsers by request, no FF allowed. Why? No good reason.
And the basis of all government IT presentations like this basically always amounts to the generalized, but false, line of approximated by the statement 'government employees doing anything but government business is illegal because the bureaucracy owns you, thus bye extension any technology that the we haven't adopted after years of internal testing and stupid arguments, and which some guy in some office somewhere does not have complete control is also illegal. And remember, just because we gave you a laptop or cell phone doesn't mean you can use for anything personal, either. If you plan on replying to your wife's email while on a business trip, you better take 2 laptops.
Of course most stretch these policies as much as they can.
[ link to this | view in chronology ]
Re: it's a DoD thang!
Whoooaaa. Wait. Yes they are. See option 3, "download it to my thumb drive"? How is that a thread to the DoD? Maybe I just want to take it to my car which has a USB port and plays MP3s.
You've exaggerated too much with the use of "ANYTHING", and somewhat downgraded your credibility. DoD PCs download stuff all the time - if you connect to a network, that's almost a certainty. You can't browse or send email otherwise. Then you neglected the third answer where no DoD asset at all is put at risk -- yet still the mere act of downloading/sharing is cast as rife with risk and fraught with unethical stealing.
[ link to this | view in chronology ]
Re: Re: it's a DoD thang!
"Whoooaaa. Wait. Yes they are. See option 3, "download it to my thumb drive"? How is that a thread to the DoD? Maybe I just want to take it to my car which has a USB port and plays MP3s."
NO, use of the computer to transfer music to a thumb drive would be considered 'personal use' and is not allowed. (Same for the idea of e-mailing the web address -- if the option had been 'Hey let me write down that site to check at home' it would be legal).
"You've exaggerated too much with the use of "ANYTHING", and somewhat downgraded your credibility. DoD PCs download stuff all the time - if you connect to a network, that's almost a certainty. You can't browse or send email otherwise. Then you neglected the third answer where no DoD asset at all is put at risk -- yet still the mere act of downloading/sharing is cast as rife with risk and fraught with unethical stealing."
The concept of any data transfer being uploading and downloading is a little basic compared to the actual discusstion topic. E-mail would be connected to a DoD server, I assure you that DoD computers are not allowed to be used to check gmail accounts.
I'm not sure about current restrictions on web browsing. My guess is that it is very limited, maybe only DoD controlled (hosted) web pages. Either way, you're not browsing e-bay on a DoD computer.
Paul mentioned that he had to maintain a separate computer for a lot of work. That would be typical in the defense industry. The second computer would not be owned by DoD or connected to a DoD network (that means 'inside the firewall' for those of you with your heads stuck in the darkness of your backside)
[ link to this | view in chronology ]
The Government is telling the truth, in very, very simple terms. You guys are all going geeky and technical on it, forgetting to think like someone who still spends time looking for the "any key" to push to continue.
The only real error? They should add the word "most", as in "most P2P", and then it would be perfect.
Would you really want FBI people, CIA people, maybe people from the IRS downloading stuff onto their work computers at lunch, putting possibly your personal information at risk?
Geez. this is a no brainer, only outrageous to those who wish to be morally outraged at everything.
[ link to this | view in chronology ]
Re:
There are people working at the DoD, FBI, CIA, and IRS that are looking for the "any key"?
That seems like a bigger issue than P2P software.
[ link to this | view in chronology ]
Re: Re:
In the workplace, there are plenty of people (example 50 somethings) who still think a touch tone phone is a big deal. For them, a computer is a mysterious box that does stuff. They don't know X from Y. When their granddaughter sends them a link to download "this cool thing" that is really a hoax mail directing him to a root kit / back door install, he doesn't have a clue.
Seriously, go get some real world experience, and then check back in.
[ link to this | view in chronology ]
Re: Re: Re:
Aww, but Mom makes the best spaghetti...
And I am out in the real world, thank you. I would just hope that these "mesmerized by touch tone phone" folks aren't working for the IRS, DoD, CIA, and FBI.
But yeah, that's totally unreasonable, so good point there, sparky...
[ link to this | view in chronology ]
Re: Re: Re:Not Computer Literate
http://xkcd.com/627/
[ link to this | view in chronology ]
Re: Re: Re:
Being an IT person for over 600 doctors offices, I work with a lot of those 50 somethings. They aren't that stupid. I only ever heard one person say "where's the any key" and it was to piss off their elitist IT person (the guy was a dick and no longer their IT).
[ link to this | view in chronology ]
Re: Re: Re: Re:
What IT elitists do is believe the own hype. Call center you can help 30 people, 15 at least will tell you "Wow you are so smart!" then you'll start to believe it after a while. People assume just cause you "get" computers you are smarter some how and it goes to people's heads.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I've found that most of life truly does follow similar rules, like if/then commands: if you do something, you will for the most part get this response.
I think most people would benefit from that type of learning, even if to a limited degree.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
So THAT'S why I have such a big head.. and this whole time I just thought I had sinus congestion.
On a related note, does sudafed work on inflated egos too?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
It's actually not inaccurate...
[ link to this | view in chronology ]
Okay so if that is true why isn't the first answer on the list allowed?
"1. I'd rather download the music from home -- email me the link"
As for "Would you really want FBI people, CIA people, maybe people from the IRS downloading stuff onto their work computers at lunch, putting possibly your personal information at risk?"
I'd like to think that the DoD had enough faith in the intellect of such staff to educate them properly on the proper use of their computer and enough trust in their judgement to tell them the truth on the issue at hand. But hey thats just me being optimistic.
[ link to this | view in chronology ]
In the workplace, there are plenty of people (example 50 somethings) who still think a touch tone phone is a big deal. For them, a computer is a mysterious box that does stuff. They don't know X from Y. When their granddaughter sends them a link to download "this cool thing" that is really a hoax mail directing him to a root kit / back door install, he doesn't have a clue.
Seriously, go get some real world experience, and then check back in."
I'm sure at some point that there were objections to the use of charcoal for drawing on the basis that many people were quite happy scraping at rocks, thank you very much.
Just because some people can't cope with the technology does not mean you should restrict everything to their capabilities. If you do then we'll never get anywhere.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Dont' call me an overlooker, overlooker
Responding to your point, what about option 1 "I'd rather download the music from home -- email me the link" or option 3 "put it on my thumb drive". That does not imply use of DoD computers or networks.
Remind us again how your comment relates to those two options out of the four. Then tell us again how WE "may have overlooked" something.
[ link to this | view in chronology ]
So?
[ link to this | view in chronology ]
Re: So?
"Purchase 1. To obtain in exchange for money or its equivalent; buy."
Purchase means getting goods or services in exchange for money (or something of value).
So, next time you get technical or detail-oriented, try, I dunno, looking up the details. We're both off on this pointless tangent, but so long as you're here, you may as well get it right.
[ link to this | view in chronology ]
I speak to the IRS on a regular basis and sadly I am sure it is full of technically inept people. Its so bad that when they actually succeed in doing something I get this ridiculous feeling of euphoria.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Could you be more specific and tell us what it says, or are you just casting aspersions?
[ link to this | view in chronology ]
Re: Re:
The third screen shot above generally illustrates this, but the text is too small to read clearly and, of course, cannot be scrolled.
Now, you may nitpick at a portion of the script, but by so doing all you will accomplish is being hyper-critical of a message that in large measure reflects the realities of how P2P is being used by the majority of users.
[ link to this | view in chronology ]
Not Govt Wide
As far as iTunes another other programs, I'm sure the system configureation prevents employees from installing anything just as it is here at State. Nothing that can be connected to the PC is allowed. Putting something to the the PC with a USB connection quickly sends a message to IT services telling them what you are doing. This is old news.
[ link to this | view in chronology ]
Re: Not Govt Wide
[ link to this | view in chronology ]
Movie, Music, Pornography and others... Apparently, Pornography is a new form of media, and not a content. Though to be fair, given the bandwidth that P2P apps can take, it might make sense the DoD does not want it taking up the network bandwidth.
[ link to this | view in chronology ]
There are plenty of topics that cannot be approached properly and thoroughly depending on the target audience, so you choose to deliver the fail-safe method.
You tell your children playing with fire is bad, but then you light fireworks. It seems to be the same conversation.
[ link to this | view in chronology ]
Re:
Fixed that for you. You see, yours was a bad analogy since, unlike the DoD training, it didn't include any false information that is overly negative and designed to demonize the activity and create fear.
But you're right in your first line. Dumbing down the instructions is probably a reasonable strategy. I guess we just wish we didn't see the obvious results of the music industry's misleading fear-mongering campaign being accepted as fact and repeated in the DoD's IT policy.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
And when i download something to my thumb drive it doesnt page to a temp location on the hard drive before passing to the external device?
[ link to this | view in chronology ]
I was not nearly as specifically misleading, but gave an invalid statement nonetheless (easily strayed today are we).
And please, do not confuse Computer Based Tutorials for Policy. DoD has no policy on P2p, simply P2P on its systems.
And to be technical, if you are downloading music onto a government box you are stealing......a minimal amount of resources :)
[ link to this | view in chronology ]
Excerpt of AR 25-2 - a little lengthy - but this is policy.
(1) Use of ISs for unlawful or unauthorized activities such as file sharing of media, data, or other content that
is protected by Federal or state law, including copyright or other intellectual property statutes.
(2) Installation of software, configuration of an IS, or connecting any ISs to a distributed computer environment
(DCE), for example the SETI project or the human genome research programs.
(3) Modification of the IS or software, use of it in any manner other than its intended purpose, or adding
user–configurable or unauthorized software such as, but not limited to, commercial instant messaging, commercial
Internet chat, collaborative environments, or peer-to-peer client applications. These applications create
exploitable vulnerabilities and circumvent normal means of securing and monitoring network activity and provide a
vector for the introduction of malicious code, remote access, network intrusions or the exfiltration of protected data.
Installation of non-Government-owned computing systems or devices without prior authorization of the
appointed DAA including but not limited to USB devices, external media, personal or contractor-owned laptops,
and MCDs.
[ link to this | view in chronology ]
Mike - I think your overstating things here
As for their responses,
Downloading without Purchase is (note they did not say P2P)
* illegal - (under current laws - this is correct)
* unethical - (highly debatable)
* Prohibited - (their computers = their rules)
* may result in criminal or civil liability (again very true)
Yes they were overstating things and painting all P2P with a very broad brush, but it's a friggin multiple choice questionnaire, shades of grey don't do too well.
[ link to this | view in chronology ]
Moral v Ethical
In this case, they are asserting that the activity is always wrong rather than wrong in the context of the DoD alone. I doubt that the DoD ethics committee discusses the rights and wrongs of employee file sharing.
[ link to this | view in chronology ]
Ok, so where's the complaint?
Talk about tempest in a teapot.
[ link to this | view in chronology ]
Spell Check
[ link to this | view in chronology ]
Gov IA training is laughable
For example, one brief talked about how commercial email sites can be avenues for viruses, ergo only DoD email accounts are allowed for using email on DoD computers. I also add that, even though Yahoo, Google, et al. offer email that _does_ have built-in virus checking, it's not DoD approved and therefore untrustworthy. That's why users can't use commercial email systems, not that commercial email is a virus vector.
Additionally, I did take the training mentioned in this story. And I did get the question wrong for the exact reasons stated; the question is misleading because it's not truthful. However, I don't think anyone takes the training seriously. The tech savvy people blaze through it, giving the expected answers while knowing they may be wrong. The more clueless people simply ignore the training after it's done.
So, in the end, the training is mostly pointless, except for the few who may actually learn something. I haven't found of them, though.
[ link to this | view in chronology ]
Tick the box exercise
[ link to this | view in chronology ]