The USAF decided to deny the access some websites, the ones containing the word “blog” (and a few others according to the information provided on some forums and websites on the Internet), to its personnel in order to prevent some important information to be disclosed without control. Even if the majority of its users, especially those deployed abroad, used the blogs to provide information to their relatives, some witnessed things that could not be unveiled and shared their thoughs in a way that was considered dangerous. Information Leakage is one of the major threats to the military secrets even if restricting users’ web access is only a minor solution. First of all, some of the most important information are stored on sites that are not correctly protected or hardened and are consequently ofter hacked by both internal and external visitors. Then, it must be considered that if a military wants to disclose secrets, in both an intentional or unintentional way, he could do that with alternative means or from his home laptop or smartphone.
The blocks on the navigation were implemented using Blue Coat proxying technology. This kind of system use an internal policy that is matched on the destination URL requested by an internal user. If the destination IP address is matched against the list of blocked sites, the user is redirected elsewhere, to a blank page or to a default page. Otherwise he can surf. The black list (the list containing those sites that can not be accessed) can be category-based (hence automatic) and/or custom. Since categories and subcategories on these systems are wide, adding a category to the black list could lead to false positives, that is to say that a user could be denied from accessing a permitted website. In this case a manual exclusion is required (with effort needed to track exclusion requests and to analyse them).
According to what some important magazines reported, all the URLs containing “blog” are currently banned but it is still unclear if other domains, like wordpress.com or pages.google.com, where blogs can be hosted but don’t contain the explicit word “blog”, are among the denied destinations (for instance I still don’t know if this site can be accessed by Air Force bases). Actually, not only Blogspot was cut off the “white list” containing the “good sites” but also some social networking websites have been restricted on military network for various reasons. Youtube, Photobucket and MySpace have been banned because of bandwidth they eat while reputable media should be still available to everyone. Even if, officially, the problem is tied to the Information Leakage, someone speculated the risk is that the military could use the social networks (without disclosing classified information) to share opinions against their commanders or to convince troops that the war it’s not worth fighting. There are also productivity explainations: watching videos, uploading pictures and blogging is wasteful Internet usage. However there’s not much consistence in blocking blogs and permitting ESPN, News and commercial email. Using Gmail, people can still send and receive email, and chat. Using a commercial email address, a military can still upload its pictures to Photobucket by sending them to the configured email address and can still post its thoughs on a blog by forwarding the text to his wife or friends that are not blocked by any Firewall or Proxy. So there are only two options: leaving free access (but evangelise personnel on the risks of Information Leakage for their own safety) or blocking everything but those sites needed for their specific activities or work. Since the second options would have a deep impact on the morale, the first one its smarter to me.
