# DND Regulations on Publishing Internal Information to the Internet (Split)



## Occam (27 Jun 2010)

wayjosh said:
			
		

> I was quite surprised to see internal email posted to this forum. Although the emails were not sent out PB,  I don’t think the author would have expected them to be copied and pasted on an external forum.
> 
> What are DND’s regulations wrt posting this type of information.



It's Unclassified.  The originator should've classified/designated it to a higher level if it weren't meant for public consumption.  Any ATI request would result in the release of the information.


----------



## McG (27 Jun 2010)

Occam said:
			
		

> It's Unclassified.  The originator should've classified/designated it to a higher level if it weren't meant for public consumption.  Any ATI request would result in the release of the information.


Wrong.  There is a lot of information within DND that does not have a classification stamped on it but which you do not have authority to publish to the public.  With our lowest level of classification being CONFIDENTIAL, as soon as a classification is slapped on something it can no longer be disseminated via internal mail.  There are still a lot of other things intended for official use only (ie: not for you to post to the public) that do not rate that CONFIDENTIAL threshold.  

... and PROTECTED is not a security classification (it is a privacy classification), so there is not the option of slapping a PROTECTED A to indicate it does not belong on MilNet.ca while letting everyone and their dog see it from DWAN.

Don't blame the origionator because you've decided to be a leak.


----------



## Occam (27 Jun 2010)

MCG said:
			
		

> Wrong.  There is a lot of information within DND that does not have a classification stamped on it but which you do not have authority to publish to the public.  With our lowest level of classification being CONFIDENTIAL, as soon as a classification is slapped on something it can no longer be disseminated via internal mail.  There are still a lot of other things intended for official use only (ie: not for you to post to the public) that do not rate that CONFIDENTIAL threshold.



It is not wrong.  I was drafting classified messages when you were in kindergarten, and I've been dealing with security orders my entire career.  Unless something is specifically identified as being for official DND use only (and I believe you may be thinking of the American warning term FOUO), then it is not controlled.



> ... and PROTECTED is not a security classification (it is a privacy classification), so there is not the option of slapping a PROTECTED A to indicate it does not belong on MilNet.ca while letting everyone and their dog see it from DWAN.



I'm well aware of what "Protected" means, and it has nothing to do with privacy, nor is it a classification.  It is a designation.  It is matter which is not of a national interest, yet still requires protection - and Protected A would have been an ideal designation for this subject, if the originator wanted it to remain "official use only".



> Don't blame the origionator because you've decided to be a leak.



Only the originator of information is permitted to classify it, designate it, or change the classification or designation.  This is basic information security stuff.  If the originator doesn't want it disclosed, it's their responsibility to ensure proper warning terms are used.  Even then, the information is still subject to disclosure under ATI legislation, unless it's classified or designated.

/end threadjack


----------



## George Wallace (27 Jun 2010)

Occam said:
			
		

> It is not wrong.  I was drafting classified messages when you were in kindergarten, and I've been dealing with security orders my entire career.  Unless something is specifically identified as being for official DND use only (and I believe you may be thinking of the American warning term FOUO), then it is not controlled.
> /end threadjack



Continuing thread hijack

I agree with MCG on the matter that "just because a document does not have a Classification, does not make it free to be made OPEN Source and made public".  As for your claims, perhaps you should take a moment to refresh your knowledge on this.   Whether the originator of this wanted it given the "widest distribution, by any means" is not the point, nor does it mean that all unclassified correspondance/documentation is open to be freely distributed outside of CF circles. 

Shipping Docs are not classified, and they should not be freely made public.   Your route to and from your work place is not classified, but still has no need to be made public for your own personal security.  There are many things in everyday work in the CF that are not classified, and should not be a matter made for public consumption.


----------



## Occam (28 Jun 2010)

I am open to being shown something in any security policy which prohibits release of information unless the originator has taken steps to ensure that it is "for official use only", classified it, or designated it.  I'm quite sure of the policies on the matter, but I'll entertain proof to the contrary if someone can find it.


----------



## McG (28 Jun 2010)

Occam said:
			
		

> If the originator doesn't want it disclosed, it's their responsibility to ensure proper warning terms are used.


Unfortunately, there is no longer a RESTRICTED and we do not have FOUO.  Instead, all official correspondence/documentation is for official use only and generally it is implied that (without the OPI or originator's permission) you do not disseminate externally.



			
				Occam said:
			
		

> Even then, the information is still subject to disclosure under ATI legislation, unless it's classified or designated.


Yet, as a member of the CF it is not your prerogative to publish to the public anything which may be accessable through ATI.



			
				Occam said:
			
		

> I am open to being shown something in any security policy which prohibits release of information unless the originator has taken steps to ensure that it is "for official use only", classified it, or designated it.  I'm quite sure of the policies on the matter, but I'll entertain proof to the contrary if someone can find it.


As a start point, go have a look at para 4 of CANFORGEN 136/06.


----------



## Occam (28 Jun 2010)

MCG said:
			
		

> Unfortunately, there is no longer a RESTRICTED and we do not have FOUO.  Instead, all official correspondence/documentation is for official use only and generally it is implied that (without the OPI or originator's permission) you do not disseminate externally.



I'm sorry, I just don't know of anything which states that explicitly or implicitly.



> Yet, as a member of the CF it is not your prerogative to publish to the public anything which may be accessable through ATI.



Why not?



> As a start point, go have a look at para 4 of CANFORGEN 136/06.



That CANFORGEN was addressing clear violations in OPSEC.  The paragraph you refer to states:  "CF MEMBERS ARE TO CONSULT WITH THEIR CHAIN OF COMMAND BEFORE PUBLISHING CF-RELATED INFORMATION AND IMAGERY TO THE INTERNET, REGARDLESS OF HOW INNOCUOUS THE INFORMATION MAY SEEM".  If you follow that slavishly as the letter of the law, none of us could speak to the press or divulge anything of our jobs to the public.  Fortunately, that's not the case.  The intent was to force people to seek authorization if there was a shadow of a doubt as to the risk of disclosure of the information.  I don't think the intent was to prevent people from releasing information about the ongoing process of evaluating sea time for the Sea Service Insignia, or divulging how to go about getting a pair of Magnums instead of the standard combat boot.

In fact, the CANFORGEN refers to QR&O 19.36.  One of the paras of that QR&O states: _{Subject to article 19.375 (Communications to News Agencies), no officer or non-commissioned member shall without permission obtained under article 19.37 (Permission to Communicate Information):} (g) take part in public in a discussion relating to orders, regulations or instructions issued by the member’s superiors_.  

Do we not do that on a daily basis here on Milnet.ca?


----------



## McG (28 Jun 2010)

Occam said:
			
		

> That CANFORGEN was addressing clear violations in OPSEC.


If it was intended for "clear violations in OPSEC" it would not have needed to state "regardless of how innocuous the information may seem"



			
				Occam said:
			
		

> The paragraph you refer to states:  "CF MEMBERS ARE TO CONSULT WITH THEIR CHAIN OF COMMAND BEFORE PUBLISHING CF-RELATED INFORMATION AND IMAGERY TO THE INTERNET, REGARDLESS OF HOW INNOCUOUS THE INFORMATION MAY SEEM".  If you follow that slavishly as the letter of the law, none of us could speak to the press...


If one were to follow it slavishly, then one would note that the passage is about posting information to the internet and not about talking to the press.  

As you point out, there are other policies & directives that specifically tell how we may or may not communicate with the news media ... but those are not what we are discussing here.



			
				Occam said:
			
		

> Why not?


Again, see para 4 of CANFORGEN 136/06.



			
				Occam said:
			
		

> I don't think the intent was to prevent people from releasing information about the ongoing process of evaluating sea time for the Sea Service Insignia...


Maybe.  However, I find that commander's generally are not happy with public publishing of incomplete processes, planning, and what-not ... it sometimes forces thier hand.  The owner of the information gets to decide how innocuous it really is.


----------

