May 18, 2006

US military is blocking Slashdot and SourceForge.net

Author: Joe Barr

I was told recently that Air Force bases in the San Antonio, Texas, area are blocking one or more of our sister OSTG sites, like SourceForge.net, Slashdot.org, or Freshmeat.net. After finding reports via Google of commercial mail services and liberal news sites being blocked by various components of the Department of Defense, I decided to go straight to the horse's mouth for the story. Here's what I learned.

The bottom line, courtesy of Air Force spokesperson Captain David W. Small, is that the Air Force does "block Web sites to restrict use of the Web to official business and in accordance with specific guidance in AFIs." An AFI is an Air Force Instruction, basically policy or guideline from the Air Force that must be followed.

Small went on to write that the Air Force is using a filtering Web proxy to block sites:

The AF uses a standard Web proxy tool called Blue Coat. It's installed at every base in the network control center and at the major command level in the Network Operations and Security Center. We block many different categories of unofficial Web sites (see the attached spreadsheet for categories blocked by Air Combat Command).

Some are specifically prohibited by AFI 33-129 or AFI 33-119. [Blue Coat's partner] Secure Computing maintains the list of Web sites that fit into each category and they update the lists as part of a subscription service.

Base network control centers can add/delete specific Web sites to a local access/block list to enable them to quickly block known problem sites (like phishing sites) or to open Web sites for access if someone justifies it for official use.

We have plans to deploy the capability to move this local access/block list to the enterprise level across the AF within the next two years as part of our infrastructure upgrade program. Air Combat Command has already moved this local access/block list capability up to the enterprise level. They do the ad hoc access/block actions from their level for all of their bases. It enables them to block problem sites very quickly.

I asked Blue Coat if any of our OSTG sites were being blocked by default by their filters. Spokesperson Nikolett Basco replied:

Secure Computing Corp. provides SmartFilter Web filtering software to organizations worldwide. SmartFilter allows organizations to customize their Internet experience based on their specific needs.

We classify Internet content into over 73 different categories so that customers can chose, by category, what types of Web content they want available to their organization.

However, just because a site is categorized, does not mean it is automatically blocked. Any SmartFilter customer can reclassify any site they wish. Each organization defines its own policy. Secure Computing has no control over, or visibility into, how an organization implements their filtering policy.

I used the Blue Coat Site Review Tool to check several OSTG sites. SourceForge.net and freshmeat.net are both categorized as Computers/Internet, Slashdot.org is miscategorized as Newsgroups, but is also included as Computers/Internet. NewsForge.com is in the News/Media category. While none of those categories is especially heinous (except News/Media, of course), it appears that some of those sites are being blocked by at least some military commands around the world.

I spoke to an Army National Guard officer, for example, who recently returned from Afghanistan. He told me that Slashdot.org was banned by his command when he first arrived for duty there, but that he was able to get it un-blacklisted during his tour of duty.

As to OSTG sites being blocked here in Central Texas, the Lackland AFB Public Affairs office declined to answer my email or return my phone calls asking for information on whether specific OSTG sites are being blocked, and if so, why they are. But the AFIs cited by Captain Small in his reply indicate that they should be blocked in any case.

AFI 33-129, dated February 3, 2005, covers "Web Management and Internet Use." Among other things, it specifically prohibits the downloading of "freeware/shareware or any other software product without Designated Approving Authority (DAA) approval." Since providing access to free/open source software is the primary function of sites like SourceForge.net and freshmeat.net, blocking access to them is understandable.

Chat rooms, IRC channels, and other public forums are also directly forbidden. The AFI stipulates that "Participating in non-DOD or nongovernment 'chat lines,' 'chat groups,' or open forum discussion to or through a public site, unless it is for official purposes and approved through the Global Information Grid (GIG) Waiver Board" is prohibited.

AFI 33-119, dated January 24, 2005, which covers "Air Force Messaging," explains the reports of commercial Web mail sites being blocked. It specifically prohibits "Accessing commercial Web mail accounts and instant messaging services (i.e., Yahoo, AOL, or MSN mail accounts)."

Note that the regulations govern "official use," so Air Force personnel may be able to browse blocked sites if they're able to connect to another network using personal computers.

Catching more than intended?

The categories of sites blocked by the Air Combat Command, which Captain Small indicated will probably become the Air Force standard by next year, contains some ironic entries. Cited as an example of sites blocked for "Game/Cartoon Violence" is none other than America's Army -- a game commissioned by the Army itself.

Remote Access is another no-no according to the block list. Why? Because "sites in this category provide information about gaining remote access to a program, online service or an entire computer system. While often used legitimately by people who want to use their computer from a remote location, it also creates a potential security risk. Backdoor access is often written by the original programmer."

Cited as an example of these nefarious villains is none other than the TightVNC site.

Of course, TightVNC is double-bad, since it is also free, and sites that provide shareware and freeware are banned. The example given for this category in the spreadsheet of blocked categories is Tucows.com.

And, finally, Internet newsgroup sites are banned as well. That ban, coupled with Slashdot's miscategorization by Blue Coat as a NewsGroup site, helps explain why that site cannot be accessed by our armed forces in many places at home and abroad.

Censorship is tricky business, no matter how well-intentioned it may be.

Category:

  • Government
Click Here!