Hacker News new | comments | show | ask | jobs | submit login
Army restricts access to The Guardian in the wake of NSA leaks (arstechnica.com)
170 points by shawndumas on June 28, 2013 | hide | past | web | favorite | 91 comments

Please allow me to clarify a few common misperceptions.

#1 When you volunteer to be a soldier you voluntarily waive your rights to free speech in a few specific ways. You may not speak out against the Commander in Chief, you may not be a part of "extremist" political groups (extremist is defined as what your command says it is), you may not participate in many types of demonstrations. You can of course vote however you please.

#2 You are explicitly ordered not to obey unlawful orders and there is a process in place for refusing to follow an unlawful order. If you refuse to follow what you believe to be an unlawful order then you had better hope you are right because if you just feel you are right by the UCMJ and you are in fact not then your life will become miserable.

#3 Being in the military is a day job that bleeds over into many other areas of your life, the computer systems at work contain lots of sensitive information, things that you might find mundane. If you are deployed you may find it convenient to use a computer on NIPR in the TOC for personal use. Use that gov't hardware wrong and you can get in deep doo-doo. As a soldier I'd be happy to know they're helping me not do things on their hardware that would get me in trouble.

#4 Each soldier signs agreements to follow the rules around classified information, including not reading documents they do not have clearance to read.

#5 Being a good soldier requires shouldering an immense amount of responsibility without the frivolity of youthful indignation. In combat arms especially attitude and indignation get people killed. Indignation is reserved for private citizens, so use it on their behalf but don't expect them to rise up in defense of themselves.

#6 If a soldier is truly being wronged he or she knows they can go to IG, and if IG isn't working out they can write a letter to a congressperson and things will actually happen.

#7 If you think the way the military works is ridiculous, I understand, but don't assume that you know better. The military exists to kill people and break things not further social agendas (right or wrong). Most rules and regulations are written in blood, meaning someone had to die or get hurt, or some major loss of expensive or sensitive hardware happened to create that rule which you are ordered to follow.

#8 Most of your comments sound ridiculous to me (as a soldier), it's a different world with a different set of "BIG PROBLEMS" to deal with and you really don't understand it.

Thanks for this. When I'm around military people and conversations like this come up, often there is an attitude of "you couldn't understand, civilian" (not unlike your #8), and the truth is I don't.

Soldiers have had their mindset irreparably altered and they tend to ally with the institution, even if they don't agree with it - even when their free of it. They have given up most any control they have over themselves or their situation and it pervades their worldview. There are good reasons for this and it makes sense that anything that could possibly chip away at that foundation should be tightly controlled.

"Soldiers have had their mindset irreparably altered and they tend to ally with the institution"

When you've had your life in jeopardy for long periods of time, when you've seen humanity reduced to it's most primal state, when you've lived in a third world country amongst people who couldn't fathom a lifestyle that those in "poverty" in America enjoy, when you've been responsible for millions of dollars of vital hardware, when you've been indoctrinated to live with honor and integrity and been punished harshly for not doing so, when you've been responsible for the lives of other people, when you've saved lives, and had lives given for you... it sort of changes your perspective. Honestly, it makes the day-to-day things that people get upset about in this wealthy western bubble seem so completely f*ing vapid. Because of this I have a very hard time getting along with many people in the work environment. I see so much pettiness, or "fighting over crumbs" as I like to call it. Other combat veterans understand.

Quite frankly I can't even be frank about a problem, address a problem at work, or be focused on getting the work done because most people just want to sit around and talk about how they feel about it until it feels like the problem is gone. People get offended when I'm frank about things that are mediocre or ineffective. It's nuts to me.

Forgive me for the little PTSD rant.

#7 If you think the way the military works is ridiculous, I understand, but don't assume that you know better. The military exists to kill people and break things not further social agendas (right or wrong).

If killing people and breaking things is your bag, then maybe you should go join a motorcycle gang or something. Or move to Somalia, and become a pirate. Just don't expect us to bankroll your activities, and to allow you to keep doing them in our name.

How did you jump from the reason nations have armies to me somehow wanting to kill people and break things as a lifestyle?

Are you disputing the reason why nations arm themselves or are you saying that anyone who would involve themselves with such a thing is no better than a Somali pirate or a group of middle aged men who miss their youth and want to feel tough while wearing black leather and riding around on a particular brand of motorcycle?

    #5 [...] Indignation is reserved for private citizens, so use it on their behalf but don't expect them to rise up in defense of themselves.
Can you elaborate on that? In particular, the "use it on their behalf" and "to rise up in defense of themselves" parts.


    #7 [...] don't assume that you know better [...] Most rules and regulations are written in blood [...] someone had to die or [...] some major loss of expensive or sensitive hardware [...]
The excerpts I've pointed out in #7 represent a very serious philosophical grey area. Considering that some militaries around the world harness the power to use nuclear weapons to which can destroy entire cities full of people, there is a very broad scope of the definitions which can encompass the word "hardware" in this context.

Weighing the difference between the value of inanimate objects and the value of human lives isn't easily quantifiable, but in the military sense the leap is literally made from an ambiguous grey to starkly contrasted blacks and whites. But we're entering into times and places now, where we rely on these inanimate objects to animate themselves according to (sometimes imperfect) artifacts created by people well-removed from the circumstances of a conflict.

In my humble opinion, given the bizarre abstractions that many highly advanced technologies introduce into all spheres of human behavior and activity, and the rapid pace of continued advancement that has transformed how human beings inter-operate in coordinated behavior throughout the world, it feels incredibly dangerous to me, that not just military personnel, but the world at large is disinformed of precisely how decisions to kill and destroy are even made anymore.

Consider that civilian web traffic is being used to indict and adjudicate killing decisions around the world, which would be considered extra-judicial death sentences in the civilian sphere. Consider that the analysis of such web traffic relies on machine learning and algorithms. Consider that even the people that design the machines that govern civilian web traffic can't even instruct each-other on how to exert explicit willful control over these devices, such that no one person can honestly claim that they have total control over a given device resting in the hands of a casual civilian. Consider that we have invasive software designed to sabotage industrial systems, that have accidentally leaked into civilian infrastructure. Consider that no less than a former general and director of the CIA (which advises the pentagon), had his career ended by a political scandal involving gmail.

There's a very complex and disturbing equation emerging here, and as events continue to take shape, I think the more any one person refrains from questioning decisions made at any level in any hierarchy, the more we place all of our lives in jeopardy. This becomes especially true when we have to now question the very nature of some of our so-called "inanimate" objects.

Sorry to be long winded, but certain ideas can't be summed up briefly and easily. Not trying to be an arm chair general, but everyone, including the all military personnel, needs to carefully understand what it means to trust modern electronic devices of any scale or scope, and especially who might be placing trust in electronics, and at what level.

You asked me to elaborate on two statements and then wrote six paragraphs. How exactly would you like me to elaborate on #5 and #7?

I was asking/am asking for an elaboration on #5 only.

I think I have an idea of what you mean by it, but it might be better if you spelled out exactly what you're saying with #5, so that I don't misinterpret it. I don't want to put words in your mouth on that one, or paraphrase it unfairly.

The rest was actually about the #7 only.

Effective militaries require people who follow orders. Ours in particular functions with a bit of honor, but still it is full of people who have been indoctrinated to (and should) follow orders. Acting as an individual can be very detrimental to the group. This loss of individuality should not be a problem, because in effect we have not lost our individuality through the proxy of our civilian leadership. If the civilian leadership of this country (the elected POTUS and elected members of congress) decide that a thing is in the interest of the people then we should be able to trust this. If the civilian leadership is telling the military to do something it shouldn't, then the citizens should vote those elected persons out of office. No matter who the Commander in Chief is the volunteer members of the military have taken an oath to obey them, and they will. What I'm trying to say is if you want the military to be different, tell the civilian leadership, don't tell the soldiers at the bottom.

Okay, I don't disagree with the ideals behind that sentiment. Thanks for taking the time to respond.

>What I'm trying to say is if you want the military to be different, tell the civilian leadership, don't tell the soldiers at the bottom.

What if the circumstances arise that the civilian leadership and the process to get them elected is not effective for the (majority) people, will the military step up for the people (like it has in Turkey throughout history on occasions, or what like what is going on in Brazil)? Maybe what I am asking is: are there cases where "effective militaries" would be enabled/allowed to circumvent traditional civilian leadership?

(I do not believe this is the case [yet] in the United States since the majority seems complicit [perhaps passively] with the actions of its civilian leadership.)

>There's a very complex and disturbing equation emerging here, and as events continue to take shape, I think the more any one person refrains from questioning decisions made at any level in any hierarchy, the more we place all of our lives in jeopardy. This becomes especially true when we have to now question the very nature of some of our so-called "inanimate" objects.

I don't think people with the powers like Henry Kissinger had want this for military personnel:

In Haig's presence, Kissinger referred pointedly to military men as "dumb, stupid animals to be used" as pawns for foreign policy.

A) That's why the military has civilian oversight.

B) Napoleon famously said "A soldier will fight long and hard for a bit of colored ribbon."

To #1, there's quite a bit of latitude so long as you aren't in uniform. You can, for example, participate in a rally on 'your time' so long as you do not endorse an ideology/candidate wearing your uniform. If speaking out against the Commander in Chief is taken seriously I suspect there would be a lot of violations (particularly surrounding DADT introduction and dissolution). There was in my unit mostly by senior NCOs and Warrants.

#3 Day job? I don't think there was any such sentiment around me. There are times when grooming standards are relaxed and affordances are made (drinking, for example). But if a soldier held the position that soldiering was a day job they'd be shown the light. Further, I'd like to hear from you regarding the AKO disclaimer that any device connected to the IS is subject to COMSEC monitoring, counterintelligence investigations, personnel misconduct (in particular), and so on. Your personal laptop is authorized for use with AKO. Should your personal laptop be found with Guardian content, as a soldier, you have committed a security violation. You mention in #2 about life becoming miserable. I'm sure you know how hard command can come down on you over a security violation. Linking to the Guardian (tweet, retweet, like, share) constitutes proliferation. In this case, you aren't being protected or helped here. The policy memo and official statement explicitly state that these blocks occur under preexisting filters designed to prevent accidental transfer of classified information to unclassified systems. In other words, the memo states command's classification of Guardian material as classified. I'm pretty certain they class it to the level of the leak. They can't classify by article or it would confirm/deny aspects of the leak. So they broadly classify the Guardian. As you state in #4, reading those documents, reading an article in public domain found on an unclassified system, will fall under UCMJ. Back to the idea of day job, you can't do this on your personal computer at a Starbucks on the weekend, either.

#4 The rules and regulations soldier agree to pertain to classified systems being inappropriate accessed. Soldiers know well the red banner versus the green banner. They don't know they are reading classified information on the Guardian until they are told they are. This is so far removed from what you depict that I do not believe it pertains.

#6 You can go straight to IG but your command won't appreciate not having the heads up. You can go to your congressperson but you had better work through your official channels first. You start with your chain of command. You complain about an overstep of information classification? Senior command explicitly detailed the overstep is lawful. This is no longer open to debate. The congressperson takes counsel on these matters. How many do you suppose would side with a soldier on a classified information matter?

#7 I'm certain your commander would take issue with your characterization that the military exists to kill people and break things. If you voiced something like this during a CA event you'd be reprimanded. My last tour OEF-A began under "find, fix, and finish" ROE. Our patches and kit had skull and daggers markings. Change of command brought change of climate. No more skulls. No more daggers. Consider black roses for symbolism. The new ROE was "find, feel, and understand". You can't make this up. I was combat arms and this was coming from the top. Your sentiment here is out of step despite being sound. I'll tell you a 'rule' written in blood. If you are threatened, engage. If you suspect see a MAM, investigate. If you suspect ordinance, shoot from a distance to prevent trigger. But all of these are violations of ROE. Those rules and regulations weren't written to protect expensive or sensitive hardware. Those were written to protect relations. In many ways they are at the risk to the soldier.

#8 I understand. My points aren't intended to be contentious so much as an illustration of the different set of "BIG PROBLEMS"

I can appreciate ROE/posture changes with command changes. I was in OIF '04 to '05. When I got there it was "kick in doors and take names", when I left it was "please come out and have tea kind sir". When I say that the military exists to kill people and break things I was speaking from a historical perspective. Why do peoples create armies? There was a point in history where people groups became large enough in size that the job of protecting the group became the role of less than everyone. Those in the protecting role did what primarily? Kill people and break things in between long stretches of boredom.

Put another way, what is the primary capability that modern militaries build?

The reason for that is that classified information doesn't magically become unclassified when it is leaked. It keeps it's classification until it is formally declassified.

This has nothing to do with censorship, it has to do with the zeal of some to follow the rule to the letter, even when it makes no sense.

the US Army was restricting access to the UK version of The Guardian's website

So you're saying that because it's classified information, trusted Americans (the soldiers) are going to be prevented access but the rest of the world will be able to read it freely. Yes, that makes perfect sense.

I'm not saying it make sense.

I was serving in Afgh when the Afghan Warlog were leaked, and we were told not to read the released leaks because that would constitute a breach of our 'NDA' or whatever that document we all signed that hold us responsible for proper handling of classified documents.

"Reading" enters their definition of "handling". You can't consume classified info for which you don't have the required security clearance.

You certainly can 'consume' classified information without the required clearance. Every reader of the Guardian supports this. Soldiers that have not been read on, soldiers that do not possess a clearance, can be guilty of a security violation yet they've never had access to a classified system.

What this proposes is that every system with classified information on it is to be classified to the level of the information it contains. Because the system was not approved for housing classified information, the system is subject to destruction. Because the DoD does not own the Guardian's systems, they have to assert their authority over the systems they do own: theirs and those of their soldiers.

Do you not see a difference between the soldier that breaches the NDA by disclosing information and the soldier that has been exposed to the information in the public domain?

I think it might start to make sense after your explanation especially if all Army employees are also forbidden to access the Internet through civilian channels.

I'll point out that any device connected to a military Information System is subject to monitor and interception for the expressed purpose of penetration testing, personnel misconduct, network operations and defense, COMSEC, etc.

Do you believe your laptop is a device connected to Google Information Systems when you access GMail?

Soldiers must use their AKO/DKO portal for college coursework, medical appointments, webmail, annual certification and training, and so on. Any system can access AKO/DKO, which includes a personal laptop. Soldiers staying in barracks often have high speed internet access they pay for themselves but they could go to an internet cafe and browse the web.

Is it a civilian channel if a soldier buys a Macbook and reads a Guardian article at Starbucks? If there is a random barracks inspection, which the soldier is subject to, and the Guardian material is found in browsing history and/or cache, the soldier has committed a security violation. S/he will be subject to the same UCMJ action as a soldier that knowingly copied classified information from a classified system and transferred it to their personal computer.

And how then are the soldiers supposed to find out whether their orders are legal or not when the information needed to acquire such knowledge is kept from them by law?

This is my concern, as well. Their command tells them what is and isn't lawful. In this case, command is making explicit what will be considered unlawful. And the unlawful act isn't accessing DoD classified systems inappropriately; the unlawful act is accessing public, unclassified systems, which have been classified at large, in reaction to the leak.

I cannot overstate my concern that this is a classification of the Guardian as a whole to criminalize soldiers's accessing it. It classifies all of the Guardian at a TS level equivalent to the data leaked by Snowden.

You were for sure reminded that you where out there giving your with sweat and blood for democracy and free speech.

While others, more important people, told you what to read and explained to you the difference between handling and reading and the meaning of security clearance.

Big brother knows what is best for you.

I think you're forgetting that when you enter the military you're submitting yourself to being told what to do. That's part of the contract.

You also swear to defend the constitution against all enemies foreign and domestic. You further face UCMJ action for following unlawful orders. When the soldier is not qualified to know the difference between a lawful and unlawful order, they default to obeying the orders of senior commissioned officers. Thus the directive from the senior most command. The soldier has no choice but to obey a lawful order and this is meant to clarify the lawfulness. This is making the access of certain unclassified, public systems unlawful according to UCMJ. We are in a position to reject this notion and speak out against it. The soldiers are not. We have an obligation here. I do not believe our obligation is to remind soldiers of the contract.

The soldiers have zero right to use the Internet at all on work hours.

The government could as easily have said "just focus on .mil and .gov sites when you're using government computers for government work".

The military already frequently bans stuff like YouTube when dipshits keep clogging up the network watching Bieber while other people are trying to do work, or things like Reddit.

> The government could as easily have said "just focus on .mil and .gov sites when you're using government computers for government work".

This is a great point. They could have given guidance on avoiding exposure to the leaked documents. Instead, they criminalized the consumption of publicly available information. Keep in mind that a soldier does not keep 'work hours'. They are not off-duty at any point. They are subject to UCMJ, as well as uniform and appearance regulations, even on the weekends. This includes using a personal computer to access the Guardian on the weekend from a Starbucks.

I think the point, made earlier in this thread, is that the access of that information was already criminalized, from before it was released (due to it's classified nature), and that releasing it does not automatically unclassify it.

In that light, the blocking of the Guardian may be viewed as preventing soldiers from accidentally performing a criminal act.

    This is making the access of certain 
    unclassified, public systems unlawful 
    according to UCMJ.
I think that's indisputable. If the public system has classified material on it, then it is unlawful for someone without the proper clearances to read it.

    We are in a position to reject this notion 
    and speak out against it. The soldiers are 
Last I checked becoming a soldier was currently a voluntary act.

It is not my intention to quibble with you. I respect that you see this differently than I do. I wanted to be explicit about this because I do disagree with the conclusions you draw but not because you are drawing them.

The problem with making the access of public, unclassified systems punishable by UCMJ seems obvious to me. I do not think you agree with this being a problem. I'm open to your exposition and I hope you are to mine.

If tomorrow is the day that Greenwald will publish Snowden's leaked information then today the Guardian is a website that a solider can access without UCMJ consequence. The common soldier does not possess a security clearance. Among those who do, they do not have access to the material Snowden leaked. That is highly compartmentalized. Therefore, even soldiers with a Top Secret (TS) clearance would not recognize classified information leaked by Snowden as being authentic. The information is on an unclassified system on non-mil, non-gov domain. Greenwald and Snowden claiming it is leaked classified material isn't sufficient for a common soldier to regard the data as such. This requires verification by senior commissioned personnel. Command must inform unwitting soldiers that the information they are reading is classified. Until they do, the soldier cannot be certain. This is effectively classifying any information published by the Guardian as TS. It is unlawful, then, for the soldier to use an unclassified system to access a classified system. If this was only about justifying a block or filter then there'd be little to discuss. But this is about making the soldier's exposure to classified information unlawful, witting or otherwise. Most problematic to me is the fact that command issued this statement to formally classify the information as the soldier is concerned. That is one shade of grey apart from command divulging classified information to personnel that do not possess the clearance.

Command recognizes that they are partly corroborating Snowden's leak if they specifically refer to the content of the documents. They've been careful to cover their ass, though. Instead of explicitly citing the classified information, they classified the source- the entire system. This is the precedent that concerns me. This is command classifying information to empower them to leverage the maximum authorized penalty under UCMJ. This is worse than censorship. This makes reading certain public domain a criminal act.

To your final point I cannot understand your reasoning. Yes, it is a voluntary act. It is a service that people volunteer for that benefits the entire nation. It benefits many other nations. And for this you want to strip them of something? These individuals volunteered to be engaged in the needs of the military. That's to say they aren't guaranteed they will be or do any particular thing. They will be and do what they are told. In some situations that's compromised the individual in ways that would be criminal outside of service. And to that we say, "you volunteered and signed your life away"?

The soldier volunteered to do a job others wouldn't. In cases like these, the soldier hopes civilians will volunteer to do what they cannot. I elect to speak out against this and demand clarification. I charge this is unlawful and dangerous beyond any soldier reading a website might be because the soldier cannot.

What course of action do you propose to a soldier that might be reading this? If what was happening was unlawful in your eyes, what would you suggest is done by the soldier?

> I do disagree with the conclusions you draw

Can you tell me which conclusions I've drawn? I'm just stating fact here. Accessing secret information via public channels is still breaking the law. Is it right? That's a very difficult question to answer since the people whom this affects (people without need-to-know) have entered into that world willingly and presumably know what they've signed up for.

> The common soldier does not possess a > security clearance.

I'm not sure I follow this. Laws against reading privileged information apply to everyone no? Again, I'm not saying that's right or wrong, only that's the condition that we live in.

> This makes reading certain public domain > a criminal act.

No one has been charged with anything. The have Internet filters set up to block that site from certain government machines. I'm not sure that this extends to being prosecuted for reading the Guardian recipes section at home.

> want to strip them of something

They are not stripped of anything. They were never allowed to read classified information that they were not given explicit access to. That the entire Guardian site is blocked is more likely a matter of laziness than evil.

> you volunteered and signed your life away

That's a bit dramatic and I never said that. My only point is that they signed up knowing that they are barred from accessing information not meant for them.

> I charge this is unlawful

My point is that I don't think that it is. It sucks for sure.

> what would you suggest is done by the soldier?

I've never been a soldier, so I don't know what their channels of recourse happen to be.

No, your being advised to not to so you don't in the future confuse the source of information you are free to give out.

Having worked in a secure communications group before there is an art in knowing what can be discussed and what cannot. An important part of that is not confusing two similar sounding documents that are protected differently. They can both touch the same subject but not the same details. The danger is, you forget which is which.

So, don't muddy the waters for them unnecessarily.

Except that they are - by definition - not trusted; they lack security clearance. Just because other people who lack security clearance have some classified documents doesn't mean that we should give it to everybody.

"it has to do with the zeal of some to follow the rule to the letter, even when it makes no sense."

Without context it sounds like that phrase describes religious fundamentalists.

Your accurate assertion in the first paragraph does not support your claim in the second.

It's still censorship. It's just censorship with a "reasonable" explanation.

that would require confirming said information was a leak.

If none of this information was really a leak of actual classified information, then there would be no reason to block the Guardian. Blocking The Guardian implicitly confirms that some of the information that they are released really is classified information.

Why exactly do you think the NSA would confirm or deny to the US Army whether or not any of the released documents are actual classified information?

Not really. The Guardian claims to be sitting on a pile of additional information that it hasen't yet released. So blocking the site could be a preemptive measure to deal with potentially classified information potentially being published at any given time in the future.

Oooh, it has everything to do with censorship.

Mark my words, if this keeps going we'll soon see ISPs ordered to block some foreign media sites, and see news sites becoming regulated. You know, just to make sure no one credible publishes leaks anymore, for national security and so on.

The saddest thing about it is that they do not even need to explain it anymore. People just assume that it's a thing the government can/will do.

Maybe we need to repeat our errors every 3-4 generations to keep them in our society's consciousness.

> Maybe we need to repeat our errors every 3-4 generations to keep them in our society's consciousness.

I think that history shows that this is probably closer to the truth than you meant it to be.

This has nothing to do with censorship and everything to do with people keeping their clearances. Viewing classified information in any form even after publication is not allowed. The policy may be misguided because duplication of the content occurs regardless on the web, but the original intent of the policy was to prevent further damage.

But wait, if clearances restrict your access to information, then they are not clearances, but restrictors.

I have a secret for all of you not using DoD networks... like any large organization, the military blocks websites all the time. Most for being completely unrelated to doing work or for being completely wasteful of scarce bandwidth in places like Afghanistan (e.g., HD video sites).

It also costs a lot of taxpayer dollars to scrub a machine of classified data when there ends up being spillage, better to avert that problem entirely.

While reading this, I could not stop thinking about an ostrich burying its head.

Then read the original article linked in the first paragraph. It's not that they're trying to pretend the documents weren't leaked. It's that systems are all classified to handle information at a given level, and if you find e.g. TS/SCI information on an FOUO system, then you have to investigate it and take corrective action (which often means wiping or even reclassifying the system). So, rather than deal with a huge mess of pointless investigations of classification violations, they're just trying to keep the data entirely off their systems.

tweet from Spencer Ackerman

'DOD wants me to know it's not deciding to block the Guardian's website, its automatic classification content filters are. So there's that.'


The "automatic classification content filters" that can't prevent classified material from getting out, but can prevent it from getting in. What a useless idea.

And by "automatic classification content filter" they mean "someone manually added the Guardian to a blacklist".

"It's not us, it's the machine that we operate".

The USA regime is becoming more and more like China regarding civil liberties, instead of the other way around.

Soldiers have different rights than regular civilians. Don't conflate issues reductively.

Can somebody explain me: How's that not censorship?

According to someone from NETCOM, it's because the leaks are still classified. Therefore, unclassified networks within the army must block the leaks in order to maintain their operational goals of no classified information on those wires. They have separate classified networks, which surely allow it.

There's an old saying... There's the right way to do something, and then there's the Army way.

    The Department of Defense routinely takes preventative “network hygiene” measures to mitigate unauthorized disclosures of classified information onto DoD unclassified networks.

    We make every effort to balance the need to preserve information access with operational security, however there are strict policies and directives in place regarding protecting and handling classified information. Until declassified by appropriate officials, classified information—including information released through an unauthorized disclosure—must be treated accordingly by DoD personnel.

If secret information winds up on a computer you have to file a bunch of paperwork and have the computer either scrubbed or converted to only accessing secrets. So despite the leaked information being in the public record they still treat it as secret information. Yes it's stupid but those are the rules. By not allowing access to the newspaper site containing the "secrets" they can avoid these issues.

Why a secret leaked to the public and available to all is still treated as a secret is confusing.

> Why a secret leaked to the public and available to all is still treated as a secret is confusing.

This is standard OpSec. You neither confirm nor deny the leak because it's entirely possible that the information itself is a plant designed to draw out responses that leak more information.

Right. So you instead confirm that leak by blocking the website so that it doesn't cause a lot of paperwork/hassle. If the leak were fake, then there would be no reason to care about it ending up on their machines.

This OpSec doesn't really make sense (to me):

- The documents are already in the public. Just saying, "they are now de-classified," doesn't give more information, other than an explicit confirmation that they were real. But this doesn't matter because:

- Politicians coming out and having a public debate about the classified programs talked about in the leak is further confirmation that the leak is real.

- Chasing after Snowden and charging him with espionage for releasing the documents is a confirmation that the documents are actually real.

There are so many things implicitly confirming that the documents are real that it doesn't make sense to deny them officially anymore. It's like trying to hide the subject of the Mona Lisa by creating an empty space in the shape of her silhouette, and then expecting people to not notice that something is missing.

> So you instead confirm that leak by blocking the website

No, you confirm that you have a standing policy of blocking any content that purports to be classified, regardless of actual content.

> - The documents are already in the public. Just saying, "they are now de-classified," doesn't give more information, other than an explicit confirmation that they were real. But this doesn't matter because:

Stating they are declassified still leaves them with the burden of cross checking any document found on their unclassified networks to figure out whether or not it is allowed to be there. It substantially eases the job of containing the genuinely classified information to keep the amount of "possibly classified, needs investigation" content down.

> There are so many things implicitly confirming that the documents are real that it doesn't make sense to deny them officially anymore.

The point is not to deny that they are real (how would the Army know?), but to prevent "contaminating" an unclassified network in a way that makes discerning real security problems harder.

Well except that you're trying to make it look like a leak, so you're following standard procedure for if it was.

Are you suggesting that the Snowden leak was intentional, and that they are following the 'leak handbook' to make it look like it was unintentional?

No, but if it was, they would, right?

Post "secrets" in so many places they have to turn their internet off :-D

Because all secrets are assigned codes and, I believe, names and registered through a central secrets database coordinated through all services. Someone has to close the ticket, first, and there may be outstanding issues.

I think you mean code-word clearance. This is for strictly limited-access programs, where the number of people knowing a secret is controlled. Normally, you would have a security clearance plus need-to-know. These programs put the weight much more heavily on the need-to-know side.

i.e. You may have a top-secret clearance and know that the Derkderkistani military is buying new tanks, but you don't need to know that the source of that info was from an agent in their Ministry of Finance.

The Guardian can still publish, is why.

The government telling people in its employ that they can't read the publication is a different matter from the government telling people they're not allowed to publish.

The statement isn't so much that employees can't read the news source, but that government computers/network/etc must only interact with classified information via proper mechanisms. I work at a DOE lab and they requested that we not view any such material while at the lab or on lab machines because the operator could receive large fines for mismanagement of classified information, but we're free to read whatever we want when off-site on our own hardware.

> but we're free to read whatever we want when off-site on our own hardware.

I would be willing to bet that the agreement you signed to get your security clearance didn't have a 9-to-5 provision. You may not be charged for it, but that doesn't mean you aren't violating that agreement by accessing classified information for which you don't have "need to know".

Almost nobody in my division has clearance. As it turns out, assembling non-classified information from various openly published sources can create something that is classified, so we are expected to get review before starting research on something that is nearby to a classified topic. Occasional review of this sort is the closest we typically come to classified work.

Anyway, all employees received an official statement earlier in June warning against viewing those documents using lab computers (including lab computers used off-site), but with no warning against viewing them off-site on personal computers.

The government employs millions of people (I haven't checked the figure). What if they told all those people they couldn't read the NYTimes or a whole range of publications?

Those employees are voters too and have a right (and possibly a democratic duty) to be informed. No employment contract should ever restrict your ability to remain properly informed.

Excuse me but...

Isn't With the same argument chinese internet firewalls are "not censorship". OR With the same argument access to social media or telephone "not censorship".

Nope. It's no different than your employer having an Internet filter at work to prevent you from engaging in activities that are unproductive or expose them to liability. You can still do whatever you want on your own computer and your own time.

That's not true. If you only have a secret clearance then you're not supposed to read top secret material anywhere (unless you're "need to know") - home nor at work nor on the moon.

You missed the context. The point is that people are still free to go to the Guardian on their home computers and exercise their own judgment in what they read. However, the Army is taking proactive steps to avoid a mess of work cleaning up their own systems.

> exercise their own judgment

Right. As long as they use that judgement to avoid reading classified information. ;-)

> Army is taking proactive steps

As far as I understand (and please note that I'm not an expert) they have always blocked certain kinds of sites. That Guardian is added is not really surprising, but the indirect refusal to own up to it is whacky.

It's not even like the soldiers aren't allowed to read it, say, in an internet cafe, right?

It might be a bit petty and bureaucratic, but hey, considering the Streisand effect I say go for it... it's bound to make a few people check it out that weren't interested before, and I doubt it will keep anyone from reading what they were interested in already.

It's not petty. Given the laws surrounding classification they're just trying to save themselves a giant mess of pointless work and a tremendous amount of money on reprovisioning systems.

So according to these rules if any secret information passes onto a computer system it is somehow tainted? So all the evil terrorists now have to do to shut down the DoD is spam every military email address with secret documents or links thereto? How convenient.

If the rules truly preclude contact with any secret info (even if it has already leaked) without wiping the machines and the machines have internet access, they need to revise the rules as they are absurd. What they should be concerned about is stopping leaks of more information (quite possible), not controlling information that has already leaked (impossible).

The most absurd part of this whole catch 22 'can't look at or talk about past secrets' situation however is that the administration leaks classified information all the time in service of their own aims - for example the Osama Bin Laden raid and Defense Secretary Leon Panetta. Those leaks are considered good leaks, and the information leaked is just fine (in spite of not being officially declassified) sitting on government computers, in Hollywood propaganda films, and being disseminated widely and quoted unattributed by news anchors and in American media - those websites are not blocked, because those are somehow rightous leaks, but it makes a mockery of any pretension of secrecy hygiene on military computers, plenty of which access plenty of this classified information that the government chose to disseminate without declassifying.

Given the free use of sanctioned leaks, these rules are more about instilling a fear of the taint of suspicion in government employees, and consequently of whistleblowers, than about data security IMHO.

The rules may seem absurd.

But consider this: You find documents marked "secret" on a laptop. What do you do? The documents happens to be possible to find online. Do you just shrug and move on? How do you know that this laptop was not used in the leak? What if you find thousands of different documents across your network. How do you verify whether or not they have leaked previously?

At the very least you end up spending more resources verifying that this was not caused by a security problem.

And the idea of spamming the military with classified documents would be hilarious to see in practice... I wonder what they'd do...

Saving themselves work, okay. Saving the taxpayer money. nah.. it's not like it's actually their money.

That material isn't just available at that URL, so the only way to be sure is to inspect traffic for the data. So what is this other than a pointless token gesture, or incompetence?

And there are other things other than that material at the Guardian. It's, like, a full blown newspaper. That's what makes it seem petty.

> Saving themselves work, okay. Saving the taxpayer money. nah.. it's not like it's actually their money.

Thanks for being upfront with your bigotry. So, I know that there's no point in wasting time on trying to have an honest discussion.

At least you're not latching onto some random thing to avoid addressing points raised or anything.

So despite being broadcast around the world for the last few weeks, this information is still considered "secret"??

I would assume any information that is published by a news organization on the world wide web is no longer considered classified. How could it be, without resorting to absurdist policy gymnastics?

Oh, I see, the smart people in military "intelligence" chose absurdity instead.

You have to understand that it being released does not change its status. People with security clearances are supposed to do the "right thing" by the terms of their clearance and not read material that they're not cleared to read, regardless if it's leaked or not.

DoD has been blocking The Guardian for some time now. This is not in response to the NSA leaks.

Relevant: http://wikileaks.org/Transcript-Meeting-Assange-Schmidt.html...

[...] So everyone in the UK MoD could no longer read what was on WikiLeaks. Problem solved! [...]

Military intelligence?

I think Mike Masnick explained it pretty well why this is a pointless and stupid exercise:


He misses the point entirely.

As much as I believe governments over-classify massively, and look on most leeks with glee:

Consider that if an audit reveals any documents believed to be classified on an unclassified Army network, they need to deal with it.

That the documents have leaked is relatively immaterial - presumably a lot of auditing is done automatically, and adding exceptions is a lot riskier than simply blanket blocking anything that contains indications that it's marked classified, secret or similar. Even with manual audits, you don't want to give the people doing the audits too much freedom in accepting documents they think have been publicly disseminated, or the extra workload of trying to assess what info is ok.

Even IF all the documents found have already been published, they'd for security reasons still want to track down how the documents ended up on the unclassified network in case the route was via another leak that potentially might have more documents. Or it might even indicate the source of the leaks.

In other words, it's easier and safer for them to just assume that if a document is marked classified in any way, it shouldn't ever be found on unclassified networks - then they don't have to deal with the mess of trying to ensure it's an indication of a security problem.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact