Tag Archives: FOIA

FOIA update: USDB releases Manual for the Guidance of Inmates (USDB Regulation 600-1, Nov. 2013)

WASHINGTON — On Monday, the United States Disciplinary Barracks’ Directorate of Inmate Administration released “USDB Regulation 600-1, Nov. 2013” entitled “Manual for the Guidance of Inmates” to the Medill National Security Journalism Initiative in response to an April 17 Freedom of Information Act request.

The 141-page document serves as the official rulebook for the treatment and behavior of inmates held at the military prison (including WikiLeaks firestarter Chelsea Manning) and addresses everything from media contact with inmates to rules regarding their appearance and hygiene.

The FOIA request was intended to increase transparency regarding the U.S. Army’s regulation of USDB inmates held at Fort Leavenworth, to better inform the press about rules regarding their contact with prisoners and to shed light on the status of civil liberties within the prison’s walls.

You can view the entire document below:

Privacy concerns arise over DHS’ monitoring of social media

WASHINGTON— Social media sites like Facebook and Twitter have a new audience: the Department of Homeland Security.

After a Freedom of Information Act request by the Electronic Privacy Information Center revealed that the government has hired a contractor to monitor social media for potential threats and public opinion, privacy advocates and government officials are butting heads on the implications on whether the program oversteps privacy boundaries.

The documents obtained by EPIC, which total nearly 300 pages, center around a Department of Homeland Security contract with General Dynamics to provide information on “potential threats” as well as “media reports that reflect adversely on DHS and response activities.”  The company will monitor content from social media websites such as Facebook, Twitter, Youtube and MySpace as well as comments posted on news websites such as Drudge Report, Newsweek and The New York Times blogs.

In an interview with The Washington Post, officials of EPIC highlighted their concerns about the program’s legality, saying it does not meet the DHS’s mission to “secure the nation.”

“This is entirely outside the bounds of the agency’s statutory duties, and it could have a substantial chilling effect on legitimate dissent and freedom of speech,” Ginger McCall, director of EPIC’s open government program, told The Washington Post.

The Republican chairman and top Democrat onf the House Subcommittee on Counterterrorism and Intelligence —  Reps. Patrick Meehan of Pennnsylvania and Jackie Speier of California, respectively —  submitted a letter to the DHS stating that they “believe it would be advantageous for DHS and the broader Intelligence Community to carefully parse the massive streams of data from various social media outlets to identify current or emerging  threats to our homeland.”  The letter did, however, include the representatives’ privacy concerns, explaining that any actions must have oversight “stringent enough to protect the rights of our citizens.”

The documents requested by EPIC include a section titled “Privacy Compliance Review,” which outlines steps General Dynamics must take to protect individuals’ privacy.  The section’s newest revisions from January 2011 state that personally identifiable information can be collected only in explicit circumstances.  These include extreme situations involving “potential life or death circumstances,” government and private sector officials who make public statements, members of the media who “use traditional and/or social media in real time to keep their audiences informed, anchors and on-scene reporters, and terrorists or “other persons known to have been involved in major crimes of Homeland Security interest who are killed or found dead.”

According to the memo, DHS will not collect personally identifiable information on those suspected or charged in crimes, private citizens in any capacity and high-profile people “such as celebrities, sports figures or media members who are victims” unless they served as public officials.

Social networking websites: the next cyber war zone?

WASHINGTON — The Government Accountability Office reported April 12 that federal agencies remain vulnerable to cyber attacks and security breaches because they’ve failed to take the required steps to secure Internet connections and computer systems. Experts say cyber attack could come from anywhere—an individual American or someone overseas, a terrorist group, or a country. But the number of ways a cyber attack could infiltrate American systems is growing—and the ever-expanding web of social networking sites could prove problematic for national cyber security.

Social networking technologies are creating potential new challenges for government transparency and security As more agency employees use Twitter, Facebook and similar external sites, officials at all levels of government are reviewing their policies.

Elayne Starkey, chief security officer of Delaware and FOIA coordinator for the state’s Department of Technology and Information, said her organization is cracking down on the problem from the inside.

“Websites like Facebook are blocked from our computers,” Starkey said. “It’s too great a risk and who or what actually gets that information is still quite unknown.”

Starkey said there is a long list of precautions that need to be taken at all levels of government and the private sector to prevent a cyber attack. She said she is working with other groups and agencies in Delaware to raise awareness and educate others on the “very real” dangers that a cyber attack could cause.

“We do a lot of trainings to drill and simulate with other state and federal employees on their IT resources,” said Starkey. “Using the right technical tools is important to have the top level of security we need.”

Among the many things that can help in thwart future cyber terror, Starkey said, would be new legislation. She said that the right legislation would take time though. “There is a gap that needs to be filled—but the proper legislation with the proper partners would need a multi-year window.”

“As more people move into the Web 2.0 phase, they become more comfortable with the websites like Facebook and Twitter,” Starkey said. “There is a false sense of security people have once they enter their password. They feel comfortable that they do things they might not have done elsewhere.”

Targeted ads are drawing more clicks by naïve social media users, increasing the potential for scammers and hackers.  “People are much more likely to click some ad that is tailored to them, and then who knows what is behind that ad.”

Starkey said viruses from social networking sites could work in a similar way that an e-mail virus works, sometimes immediately attacking user’s system­ at other times lurking for months before any damage is noticeable.

“That’s why at our offices, those sites are pretty much blocked,” she said.

Patrick Wells, a participant in the U.S. Cyber Challenge, a competition to find individuals who could be future cyber security practitioners and researchers, said he thinks it is unlikely that social networks will become a target of cyber terror is unlikely.

Wells said the information technology teams at the major social networking sites are more prepared than the government simply because they are individual sites, and as such only to worry about hardening their own target.

“Government websites are more interconnected, yet with different security systems and levels which allow for overlooked loopholes,” said Wells. “Sites like Facebook, although they have a huge amount of traffic, are more secure.”

Wells said Facebook, for one example, was a victim of cyber attacks through its applications, add-ons that could contain games, quizzes or other attractions. Applications are made by outside groups, and in the past anyone could create one. Wells said that was the most common way a hacker could hack through the website. “Now, Facebook has a stronger identification process for those creating applications to prevent that.”

For legal and tracking purposes, there is no sound way to currently archive communication done in social networking site, Starkey said. “The problem is that agencies don’t know how to archive the many forms of communications made on those popular websites.”

As citizens become increasingly accustomed to accessing more types of communication archives, Starkey says that social network archives will be a logical expectation.

Wells said that he doesn’t foresee social networking sites being a target of cyber terrorists, but more of a jumping off point. “Social networking sites are mainly used for information… as a tool to find an employee of a company, to get as much information about the person, and then hack into their system.”

Wells said the more security measures the better, but that social network users should be careful of every bit of information they list, not just inappropriate pictures.