Information Systems Security and Privacy Issues in the Armed Forces

摘要

The most effective method of ensuring that U.S. military systems are safeguarded while the rights of individual users are respected is to delineate clearly the functions and limitations of national security protection, system and network administration, and law enforcement. Although all military services separate these functions to a certain degree, the U.S. Army most clearly defines the boundaries among the three functions. This is especially evident upon examining the restrictions placed by regulation on Army system and network administrators, who are not authorized to conduct content monitoring of e-mail and Internet communications. The separation of administrative and content monitoring functions is not just a military issue. In the July 2000 issue of Business2.0, Jeffrey Seglin points out that private companies should beware of falling into the trap of assuming that system and network administrators—Information Technology ("IT") department personnel—are the most likely candidates for conducting content monitoring simply because they are already charged with administering the systems. Seglin argues that putting the IT department in charge of controlling e-mail and Internet monitoring is like "putting the fox in charge of the henhouse" because access without context forces IT personnel to determine what behavior is appropriate and what is unacceptable. These systems and network administrators are trained to administer equipment, not personnel. In short, content monitoring is simply not their job. The separation of content monitoring and systemetwork administration is even more important in the military environment where national security interests affect not only military members, but also all citizens. It is the opinion of these authors that a model resembling that used by the U.S. Army would be the most efficient and would protect the privacy of the users, national security, and the integrity of systems to the greatest degree.