Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Posted: 8/17/2007 5:46:36 AM EDT
Turns out it's the Army.


For years, the military has been warning that soldiers' blogs could pose a security threat by leaking sensitive wartime information. But a series of online audits, conducted by the Army, suggests that official Defense Department websites post material that's far more potentially harmful than blogs do.

The audits, performed by the Army Web Risk Assessment Cell between January 2006 and January 2007, found at least 1,813 violations of operational security policy on 878 official military websites. In contrast, the 10-man, Manassas, Virginia, unit discovered 28 breaches, at most, on 594 individual blogs during the same period.

The results were obtained by the Electronic Frontier Foundation, after the digital rights group filed a lawsuit under the Freedom of Information Act.

"It's clear that official Army websites are the real security problem, not blogs," said EFF staff attorney Marcia Hofmann. "Bloggers, on the whole, have been very careful and conscientious. It's a pretty major disparity."

The findings stand in stark contrast to Army statements about the risks that blogs pose.

"Some soldiers continue to post sensitive information to internet websites and blogs," then-Army Chief of Staff Peter Schoomaker wrote in a 2005 memo. "Such OPSEC (operational security) violations needlessly place lives at risk." That same year, commanders in Iraq ordered (.pdf) troops to register their blogs "with the unit chain of command."

Originally formed in 2002 to police official Defense Department websites (.mil), the Army Web Risk Assessment Cell, or AWRAC, expanded its mission in 2005. A handful of military bloggers, including then-Spec. Colby Buzzell, were seen as providing too many details of firefights in Iraq. Buzzell, for one, was banned from patrols and confined to base after one such incident, and AWRAC began looking for others like him on blogs and .com sites.

But AWRAC hunted for more than overly vivid battle descriptions. It scoured pages for all kinds of information: personal data, like home addresses and Social Security numbers; restricted and classified documents; even pictures of weapons. When these violations were found, AWRAC contacted the webmaster or blog editor, and asked that they change their sites.

"Big Brother is not watching you, but 10 members of a Virginia National Guard unit might be," an official Army news story warned bloggers.

Within the Army, some worried that the blog-monitoring had compromised AWRAC's original goal.

"My suspicion ... is that the AWRAC's attention is being diverted by the new mission of reviewing all the Army blogs," reads an e-mail (.pdf) from the office of the Army Chief Information Officer obtained in EFF's FOIA lawsuit. "In the past they did a good job of detecting and correcting (website policy compliance) violations, but that is currently not the case."

Top Top