As many of you know, last Friday the DoD released a Directive Type Memo on the “Responsible and Effective Use of Internet-Based Capabilities“. Many may be wondering, “Why not call it the “Social Media” policy or “Web 2.0” or even “SNS” policy? As someone who has spent the better part of the last seven months working on this policy, I thought I might be able provide some perspective on this.
Disclaimer: I don’t speak for the DoD, nor am I an employee of the DoD. These thoughts are my own and so forth.
As Wired broke the story back at the end of July, the initial struggle for this policy surrounded the issue of what was then referred to as “social networking sites.” The question then was whether specific sites on the internet should be banned for a variety of security related reasons. Along the way, many of us advocated for changing this term to “social networking services”. This, we felt, was far more indicative of the situation that exists on the web – services are pervasive, and are lots harder to block. Helping sway the conversation was an influential blog post by David Recordon, on of the founders of OpenID, who wrote a letter to DoD on O’Reilly Radar titled, “Dear DoD, the Web is Social“. This change in terminology to “social networking services certainly” set the context for the rest of the discussion about access, but it also shifted the context from a point-in-time concern to a longer-term view of the problem.
The pace and change of emerging technologies on the web have continued to increase – so much so that they are catching many large scale organizations off-guard. Not only are these technologies disruptive to operations, they also play havoc with the myriad of overlapping policy issues. Its a fair reading to say that from a policy standpoint, many Federal agencies including DoD have been behind the 8-ball in getting appropriate policy out that address the complexities of social media use. Records management, privacy concerns, information collections, public affairs
policies, OPSEC approaches, transparency initiatives, classification issues and various situational
awareness concerns are all being discussed and debated at a frantic
Unfortunately, the world of innovation is not going to end at social networking services, or even the larger groupings of “social media” or “web 2.0 technologies”. The policy issues we are addressing today have a very real possibility of being turned on their head again in a few years by tomorrow’s disruptive technology. So the question is, “How do we as large scale government agencies and organizations get ahead of the curve?” This is really what the use of “Internet-based Capabilities” as a term is all about. Yes, we address the immediate social media concerns with this policy, but we also set the context for the longer term adaptability issues. The term itself maintains a forward-looking posture – it keeps DoD’s focus on the idea that the pace of change will continue to increase, and that from a policy and use standpoint, we need an embedded process that acknowledges and accommodates this.
Just a couple of instances of how this long-term view is codified, on page 5 of the DTM (Attachment 3: Responsibilities section), item “(d)” under the DoD CIO responsibilities states it will “establish mechanisms to monitor emerging internet-based capabilities in order to identify opportunities for use and assess risk” – this responsibility helps DoD maintain awareness of the change, and places hooks to allow for future adapting toward new capabilities. As the DoD takes advantage of these new capabilities, they will find new, creative ways of use, that will have follow-on policy implications – we must recognize this and hopefully will be better prepared to make the appropriate policy changes. The Official Use section (page 6) maintains all the OPSEC and security concerns in place, but in essence recognizes that today’s soldier now needs to be able to perform effectively in a public setting – this is the nature of peer to peer communication that social media presents today.
So as a suggestion to other Federal and State agencies who are looking to construct their social media and web 2.0 policies, you might consider having hooks into your policy for future emerging technologies that may disrupt your operations and policies as much as this web 2.0 technologies have. Get a process in place, with clear responsibilities and tasking that recognizes your Agency’s need to rapidly adapt as rapidly as the emerging technologies do.