[Infowarrior] - US military is blocking Slashdot and SourceForge.net

Richard Forno rforno at infowarrior.org
Fri May 19 07:26:33 EDT 2006 

NewsForge
The Online Newspaper for Linux and Open Source
http://trends.newsforge.com/
Title            US military is blocking Slashdot and SourceForge.net
Date            2006.05.18 13:00
Author            Joe Barr
Topic            
http://trends.newsforge.com/article.pl?sid=06/05/17/2040239

I was told recently that Air Force bases in the San Antonio, Texas, area are
blocking one or more of our sister OSTG sites, like SourceForge.net,
Slashdot.org, or Freshmeat.net. After finding reports via Google of
commercial mail services and liberal news sites being blocked by various
components of the Department of Defense, I decided to go straight to the
horse's mouth for the story. Here's what I learned.

The bottom line, courtesy of Air Force spokesperson Captain David W. Small,
is that the Air Force does "block Web sites to restrict use of the Web to
official business and in accordance with specific guidance in AFIs." An AFI
is an Air Force Instruction, basically policy or guideline from the Air
Force that must be followed.

Small went on to write that the Air Force is using a filtering Web proxy to
block sites:

    The AF uses a standard Web proxy tool called Blue Coat. It's installed
at every base in the network control center and at the major command level
in the Network Operations and Security Center. We block many different
categories of unofficial Web sites (see the attached spreadsheet for
categories blocked by Air Combat Command).

    Some are specifically prohibited by AFI 33-129 or AFI 33-119. [Blue
Coat's partner] Secure Computing maintains the list of Web sites that fit
into each category and they update the lists as part of a subscription
service.

    Base network control centers can add/delete specific Web sites to a
local access/block list to enable them to quickly block known problem sites
(like phishing sites) or to open Web sites for access if someone justifies
it for official use.

    We have plans to deploy the capability to move this local access/block
list to the enterprise level across the AF within the next two years as part
of our infrastructure upgrade program. Air Combat Command has already moved
this local access/block list capability up to the enterprise level. They do
the ad hoc access/block actions from their level for all of their bases. It
enables them to block problem sites very quickly.

I asked Blue Coat if any of our OSTG sites were being blocked by default by
their filters. Spokesperson Nikolett Basco replied:

    Secure Computing Corp. provides SmartFilter Web filtering software to
organizations worldwide. SmartFilter allows organizations to customize their
Internet experience based on their specific needs.

    We classify Internet content into over 73 different categories so that
customers can chose, by category, what types of Web content they want
available to their organization.

    However, just because a site is categorized, does not mean it is
automatically blocked. Any SmartFilter customer can reclassify any site they
wish. Each organization defines its own policy. Secure Computing has no
control over, or visibility into, how an organization implements their
filtering policy.

I used the Blue Coat Site Review Tool to check several OSTG sites.
SourceForge.net and freshmeat.net are both categorized as
Computers/Internet, Slashdot.org is miscategorized as Newsgroups, but is
also included as Computers/Internet. NewsForge.com is in the News/Media
category. While none of those categories is especially heinous (except
News/Media, of course), it appears that some of those sites are being
blocked by at least some military commands around the world.

I spoke to an Army National Guard officer, for example, who recently
returned from Afghanistan. He told me that Slashdot.org was banned by his
command when he first arrived for duty there, but that he was able to get it
un-blacklisted during his tour of duty.

As to OSTG sites being blocked here in Central Texas, the Lackland AFB
Public Affairs office declined to answer my email or return my phone calls
asking for information on whether specific OSTG sites are being blocked, and
if so, why they are. But the AFIs cited by Captain Small in his reply
indicate that they should be blocked in any case.

AFI 33-129, dated February 3, 2005, covers "Web Management and Internet
Use." Among other things, it specifically prohibits the downloading of
"freeware/shareware or any other software product without Designated
Approving Authority (DAA) approval." Since providing access to free/open
source software is the primary function of sites like SourceForge.net and
freshmeat.net, blocking access to them is understandable.

Chat rooms, IRC channels, and other public forums are also directly
forbidden. The AFI stipulates that "Participating in non-DOD or
nongovernment 'chat lines,' 'chat groups,' or open forum discussion to or
through a public site, unless it is for official purposes and approved
through the Global Information Grid (GIG) Waiver Board" is prohibited.

AFI 33-119, dated January 24, 2005, which covers "Air Force Messaging,"
explains the reports of commercial Web mail sites being blocked. It
specifically prohibits "Accessing commercial Web mail accounts and instant
messaging services (i.e., Yahoo, AOL, or MSN mail accounts)."

Note that the regulations govern "official use," so Air Force personnel may
be able to browse blocked sites if they're able to connect to another
network using personal computers.

Catching more than intended?

The categories of sites blocked by the Air Combat Command, which Captain
Small indicated will probably become the Air Force standard by next year,
contains some ironic entries. Cited as an example of sites blocked for
"Game/Cartoon Violence" is none other than America's Army -- a game
commissioned by the Army itself.

Remote Access is another no-no according to the block list. Why? Because
"sites in this category provide information about gaining remote access to a
program, online service or an entire computer system. While often used
legitimately by people who want to use their computer from a remote
location, it also creates a potential security risk. Backdoor access is
often written by the original programmer."

Cited as an example of these nefarious villains is none other than the
TightVNC site.

Of course, TightVNC is double-bad, since it is also free, and sites that
provide shareware and freeware are banned. The example given for this
category in the spreadsheet of blocked categories is Tucows.com.

And, finally, Internet newsgroup sites are banned as well. That ban, coupled
with Slashdot's miscategorization by Blue Coat as a NewsGroup site, helps
explain why that site cannot be accessed by our armed forces in many places
at home and abroad.

Censorship is tricky business, no matter how well-intentioned it may be.

Links

   1. "attached spreadsheet" -
http://www.newsforge.com/blob.pl?id=2d976ca00f329e5596b746c0ecc5d6a7
   2. "AFI 33-129" -
http://www.e-publishing.af.mil/pubfiles/af/33/afi33-129/afi33-129.pdf
   3. "AFI 33-119" -
http://www.e-publishing.af.mil/pubfiles/af/33/afi33-119/afi33-119.pdf
   4. "Site Review Tool" - http://sitereview.bluecoat.com/sitereview.jsp
   5. "America's Army" - http://www.americasarmy.com/
   6. "commissioned" -
http://businessweek.com/technology/content/may2002/tc20020523_2266.htm
   7. "TightVNC site" - http://www.tightvnc.com/
   8. "Tucows.com" - http://tucows.com/

More information about the Infowarrior mailing list