Homeland Security Threatens Legal Action Against Employees Who Read News About Leaks
from the while-one-politician-looks-to-stop-it dept
We've talked about procedures within the Defense Department to block computers from accessing the website for The Guardian newspaper -- along with similarly short-sighted moves to apply a sledgehammer approach to pretending that public information isn't really public. I've heard from a few people within the Defense Department who defend this approach on basic procedural grounds of trying to "make sure" that classified info remains classified, but the real problem is considering any publicly revealed documents as still classified. As I've said each time this debate comes up, in the business world, the equivalent situation involving trade secrets or non-disclosure agreements almost always are recognized as null and void if the info becomes public through other means.However, that's not the way the government works. The latest is that Homeland Security sent around a memo warning employees that merely opening up a Washington Post article about some of the leaks might violate their non-disclosure agreement to "protect National Security Information," and it even says that merely clicking on the story might make the reader "subject to any administrative or legal action from the Government." Got that? Working for the government and merely reading the news about things the government is doing might subject you to legal action.
Stunning.
At least someone in Congress realizes the insanity of all of this. Rep. Grayson, who displayed the very same NSA slides that DHS is warning its employees about in Congress itself, has offered up an amendment to the Defense Appropriations Bill, stating that nothing in the defense appropriations should be used to block employees from reading the news on their own time.
None of the funds made available by this Act may be used to restrict the access of members of the Armed Forces to publically available online news media during morale, welfare, and recreation periods.While this is one way to deal with the problem, I still think you solve a lot more problems with a basic recognition of reality: if classified documents become public, they shouldn't be considered classified any more, because (a) that's stupid and (b) it actually hinders the ability of government employees to be as knowledgeable as everyone else in the world. Also, Grayson's amendment only applies to the members of the armed forces, but not to civilian employees of the Department of Defense, or any employees of Homeland Security, who are subject to the crazy threats above.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: alan grayson, appropriations, defense department, homeland security, leaks, news, reading, websites
Reader Comments
Subscribe: RSS
View by: Time | Thread
In any case, I propose a crowdsourced campaign where we print those articles and the leaked documents and paste it in front of DHZ, FBI, NSA, CIA etc facilities and watch as they struggle to pretend they didn't see anything. That campaign against Llamar Smith that put the warn in a billboard in front of his office comes to mind ;)))
[ link to this | view in chronology ]
Re:
Anyways Welccome to the Benevolent Dictatorship.Big Brother.......I mean Washington Politics will watch over you and make sure you are safe.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
It's a government rule that has no exceptions for "widely distributed classified information."
[ link to this | view in chronology ]
Re:
Should have known it came from that bunch of morons. Common sense is never their strong point.
[ link to this | view in chronology ]
Re:
I said this before and I'll say it again. We have two choices: freedom or slavery. One or the other. There is no such thing as a 'secure state with limited freedoms' -- that is a contradiction.
[ link to this | view in chronology ]
Re:
Preventing your employees from viewing public-available "classified" documents is just like that.
[ link to this | view in chronology ]
Re:
Mike: "Even if it's the rule, it's a stupid rule that should be changed."
AC: "But . . . but . . . it's a rule!"
Mike: "As I said, the amendment is a step in the right direction, but it doesn't really fix the stupid rule."
AC: "But . . . but . . . it's a rule!"
Yes, we get it. Thanks.
[ link to this | view in chronology ]
Sorry, but I just expected more
Block access to perfectly legitimate news sites - although any other non-government computer can freely access the information.
Threaten anyone who even *reads* about the leaks - so now they're concerned with what you read on your time...great.
Pretend that "classified" documents that the entire public has access to are still classified - this is the pinnacle of stupidity.
Seriously, someone, **SOMEONE** needs to apply *SOME* degree of logic at some point, because the current folks in charge are nothing short of incompetent.
What's next - don't even THINK about the leaks?
[ link to this | view in chronology ]
You're thinking about it wrong.
[ link to this | view in chronology ]
Quote
[ link to this | view in chronology ]
You're thinking about it wrong.
When you sign a non-disclosure agreement with a company, you agree to not disclose certain information to the public or any other entity. Now, let us suppose that you sign an NDA with a corporate development division. Let us also suppose that some of the work covered by NDA gets put out onto wikileaks. Now, those corporate spies are still out there, they still want even MORE information if they can get it. If they can catch one of the people who has signed an NDA online commenting on one of those articles, or even just reading it, you can actually learn more than just the leaked information alone.
The goal is information control, and everyone does it. When you sign away your rights to disclose certain information, the disclosure of that information cannot end your agreement, it just doesn't. Just because "fact A" was leaked, doesn't mean you want the people who knew "fact A" flooding websites from the same IP# subnets at the same time to all read about the press' opinion of classified "fact A". Doing so can very easily reveal to a publication who they should be questioning to find out more. Worse, that publication may literally have the corporate or state spies you are trying to avoid working for them, slipping that information to higher-ups.
SO YES, restricting the people who have voluntarily agreed to not disclose certain information from viewing said information online once it has been revealed to the public... IS ACTUALLY A VERY SMART THING TO DO.
[ link to this | view in chronology ]
Re: You're thinking about it wrong.
Viewing is not disclosing.
More info is better. Reviewing or learning information is not disclosing. NDA != NRA (Non reading agreement).
[ link to this | view in chronology ]
Re: Re: You're thinking about it wrong.
VIEWING IS DISCLOSING when you're using the internet.
[ link to this | view in chronology ]
Re: You're thinking about it wrong.
NEWS about the situation is not classified, despite what any of these morons think personally. If this kind of stipulation was put into any kind of NDA, then perhaps the legality of that document needs to come into question as well.
You call it smart - I call it delusional.
[ link to this | view in chronology ]
Re: Re: You're thinking about it wrong.
And keeps said employees ignorant as to why all the people are screaming at them and why their boss is panicking.
[ link to this | view in chronology ]
Re: Re: You're thinking about it wrong.
Viewing news from a traceable IP# gives away potential information to would be spies. And in and of itself could constitute a violation of the agreement signed.
Why is this so hard for people to grasp?
[ link to this | view in chronology ]
Re: You're thinking about it wrong.
[ link to this | view in chronology ]
Re: Re: You're thinking about it wrong.
[ link to this | view in chronology ]
Re: Re: You're thinking about it wrong.
The knowledge is classified.
The names of people who know said knowledge is also classified in many cases.
You oftentimes get surprised at finding your own secret info out there, but that doesn't mean you want to expose the entire story by having the entire crew who dealt with said issue to flood a website with their IP#s and tell whoever might want to get more information exactly who they need to investigate.
[ link to this | view in chronology ]
Re: You're thinking about it wrong.
The idiotic policy of the DHS ignores the fact that most of the people who might view the news article probably do not know any specific details about leaked information. One of the very basic principles of information security is to limit access to the information. What you do not know or never have access to you can never leak.
For example, I know that signals are encrypted or encoded but do I need to know the details of how it is done? Only if my position requires me to decrypt or encrypt the signals and for this scenario I do not directly handle the encryption and I only see the final/initial plain text. So my reading about signal encryption will not harm signal security. Also, anyone approaching me about signal security will learn very little if I have only a vague idea of what is happening that could learned by reading Wikipedia. Now what I should not comment is the content of the signals to verify the accuracy of any plain text I know about.
[ link to this | view in chronology ]
Re: Re: You're thinking about it wrong.
I imagine these policies only enforced on workplace network. Those people can still access the said information as long as they're not using something which can be traced back to the workplace network. Rather than including those caveats in the policy, thus further complicating things for the morons-in-a-hurry masses, the policy writer just be done with it and made it like it's all encompassing.
So, you're right, from the standpoint of most people, it's a dumb move. But Jeremy is also right, from the standpoint of an information manager, it's a smart move.
[ link to this | view in chronology ]
Re: Re: You're thinking about it wrong.
You're entirely wrong, entirely incorrect. It's like you didn't even read what I wrote.
FACT A is leaked and reported on CNN
FACT A was known by PERSONS A B C and D
PERSONS A B C AND D go to CNN from corporate browsers, the same IP#'s, with DISQUS accounts, etc..etc..
Suddenly CNN knows everyone else who knew FACT A.
Any conclusions that may reveal FACT B C AND D that may be drawn from knowledge FACT A can now be refined simply by knowing the backgrounds of the people dealing with FACT A.
So yes, the leak IS NOT OVER when it gets reported, more information can be leaked just by having the wrong people viewing said information online. Why is this so difficult a concept to understand?
[ link to this | view in chronology ]
Re: Re: Re: You're thinking about it wrong.
"Suddenly CNN knows everyone else who knew FACT A"
That is such an illogical leap, it doesn't even fit into the common fallacies, but I suppose it is close to "post hoc, ergo propter hoc"
[ link to this | view in chronology ]
Re: You're thinking about it wrong.
Literally every NDA I've ever signed (and I've signed a lot of them) has stipulated that if the information has been released to the public due to no fault of my own, then the NDA no longer covers that particular information and I am free to discuss it as I see fit.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
LOL
[ link to this | view in chronology ]
THAT'S BECAUSE IT'S TRUE. It seems counter-intuitive to people without clearances, but ask someone who has a clearance and they will confirm this. Speculation is not journalism.
Whatever, these people who work at DoD or in Gov't can go down to their local Dunkin' or Starbucks and read the news on their personal devices.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: trying to 'make sure' that classified info remains classified
I think you're correct that asking employees to NOT read classified info, even when it's public, is not stupid. (Or not entierly stupid, anyway.) Random DoD employees/contractors shouldn't be making decisions about what is/isn't public "enough".
But - NOT DE-CLASSIFYING info as soon as it becomes public IS STUPID. Internal policy should be to routinely declassify things as soon as they become generally known. Otherwise you put people in impossible and stupid situations.
Also, don't forget that, to those who work professionally with classified info, THE FACT that certain info is public can be highly relevant to their work. If you're spying on a terrorist (I'm being charitable here) using Method A, it seems to me rather important to know that the Bad Guys already know about Method A, so maybe that won't work so well...
[ link to this | view in chronology ]
Re: Re: trying to 'make sure' that classified info remains classified
I was involved is designing devices to assist defeating IEDs (home made bombs). The whole topic was very hush hush, but people were so paranoid that we got to the situation that we(the designers of the kit to defeat these devices) were not allowed to be told what the devices were, as it was secret. The fact that the terrorists were using these devices and the intelligence services knew what the devices were, apparently made it MORE secret, as they didn't want the terrorists to know that they knew what devices they were using. Added to that the fact that we (the designers ) knew what these devices were through all sorts of publically available sources, made our conversations with the intelligence service totally bizarre.
[ link to this | view in chronology ]
Re: Re: trying to 'make sure' that classified info remains classified
"But - NOT DE-CLASSIFYING info as soon as it becomes public IS STUPID." I completely agree. I have no idea what procedure must be followed to declassify information, but I'm sure it's a pain in the ass, and gov't lawyers are probably involved. If I were an admin, and I had the choice to add one rule to an iptables chain or fill out a bunch of paperwork and talk to a gov't lawyer...
But don't miss my point. I agree with you.
[ link to this | view in chronology ]
Re:
Can you please explain why it's true, then? Because it's completely illogical.
Why would someone with a security clearance be able to understand this better than someone without one? It doesn't comport with my experience, and I just took a few minutes to ask three coworkers with security clearances -- none of them could explain it, either. Their responses were more along the lines of "it's just considered best practice", not some kind of proof for why there's some kind of logic to it outside of the bureaucratic.
[ link to this | view in chronology ]
Re: Re:
So if that's your job, when you find something on your network that shouldn't be there, it has to be taken as a serious event. And it's a big hassle. Computers have to be seized, hard disks get wiped, users lose data. It's the only option.
OK, so now suppose that one of your users is web surfing the Guardian and downloads a document labeled secret, which, indeed, it actually is. Nevermind that it's been improperly released to the public, by all appearances it's a secret document. What are you supposed to do? Tell him that, well, that's OK, you can keep that one, because after all everybody knows that that one is OK? Not an option. How are you supposed to tell without examining every file that the document marked secret is OK? How do you know that the guy isn't the leaker? When another document shows up, what do you do with that one? Do you really want that responsibility? Nobody with any sense does.
So the sysadmins can either expose themselves to endless hassle on a daily basis or block the web site. Which would you do?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
DHS is a religion
They want to maintain ignorance, because through ignorance they maintain control.
[ link to this | view in chronology ]
As such the policy should be, You are not allowed to confirm or deny any information found in the public, if you confirm or deny that information is correct you can get fired what not.
This allows contractors to view, and not risk anything.
Accept the information itself is so bad that they want you to put your head in the sand instead.
[ link to this | view in chronology ]
How does Reading Become Disclosure?
[ link to this | view in chronology ]
Re: How does Reading Become Disclosure?
[ link to this | view in chronology ]
Re: Re: How does Reading Become Disclosure?
Then again this is why tor's are so great!
[ link to this | view in chronology ]
Grayson
> Act may be used to restrict the access of
> members of the Armed Forces to publically
> available online news media during morale,
> welfare, and recreation periods."
> While this is one way to deal with the problem
Actually that wouldn't deal with the problem at all, since Grayson's amendment only addresses members of the Armed Forces. The military falls under the Department of Defense. DHS is separate and wouldn't be affected by Grayson's amendment.
[ link to this | view in chronology ]
Re: Grayson
As stated in the very paragraph you quote the beginning of...
Come on, be fair. :)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
We've always been at war with terrorism
[ link to this | view in chronology ]
That's the point a very fucked up one, but still the point nonetheless.
[ link to this | view in chronology ]
Snow Crash
[ link to this | view in chronology ]
I won't mention names, but I've been personally implicated in violating a NDA by simply posting a link before. My point business can be as back-assword as government. It only happened once, and since it was obviously me stating what's already been said, I was only warned by corporate that my license was in jeopardy of being terminated. Trust me, corporations love hackers even if they are white hat.
[ link to this | view in chronology ]
Doesn't this sort of organised stupidy
Henri
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Safety
In any case, don't forget to be simultaneously shocked while shrugging with indifference--it is what the other sheeple are doing and you safe in the herd.
Here's a little safety song: won't you help and sing along. . .
[ link to this | view in chronology ]
Grayson - Read an article into the Congressional Record
Please read one of the banned articles into the Congressional Record. Than see what the executive branch of the government does.
If it does nothing, the employees have a place to go to read the news.
If they order employees to not read the legislative branch's official documents, then, act on that with more support from your fellow legislators than you have now.
Good luck and thank you.
[ link to this | view in chronology ]