As many of you know, last Friday the DoD released a Directive Type Memo on the “Responsible and Effective Use of Internet-Based Capabilities“. Many may be wondering, “Why not call it the “Social Media” policy or “Web 2.0” or even “SNS” policy? As someone who has spent the better part of the last seven months working on this policy, I thought I might be able provide some perspective on this.
Disclaimer: I don’t speak for the DoD, nor am I an employee of the DoD. These thoughts are my own and so forth.
As Wired broke the story back at the end of July, the initial struggle for this policy surrounded the issue of what was then referred to as “social networking sites.” The question then was whether specific sites on the internet should be banned for a variety of security related reasons. Along the way, many of us advocated for changing this term to “social networking services”. This, we felt, was far more indicative of the situation that exists on the web – services are pervasive, and are lots harder to block. Helping sway the conversation was an influential blog post by David Recordon, on of the founders of OpenID, who wrote a letter to DoD on O’Reilly Radar titled, “Dear DoD, the Web is Social“. This change in terminology to “social networking services certainly” set the context for the rest of the discussion about access, but it also shifted the context from a point-in-time concern to a longer-term view of the problem.
The pace and change of emerging technologies on the web have continued to increase – so much so that they are catching many large scale organizations off-guard. Not only are these technologies disruptive to operations, they also play havoc with the myriad of overlapping policy issues. Its a fair reading to say that from a policy standpoint, many Federal agencies including DoD have been behind the 8-ball in getting appropriate policy out that address the complexities of social media use. Records management, privacy concerns, information collections, public affairs
policies, OPSEC approaches, transparency initiatives, classification issues and various situational
awareness concerns are all being discussed and debated at a frantic
pace.
Unfortunately, the world of innovation is not going to end at social networking services, or even the larger groupings of “social media” or “web 2.0 technologies”. The policy issues we are addressing today have a very real possibility of being turned on their head again in a few years by tomorrow’s disruptive technology. So the question is, “How do we as large scale government agencies and organizations get ahead of the curve?” This is really what the use of “Internet-based Capabilities” as a term is all about. Yes, we address the immediate social media concerns with this policy, but we also set the context for the longer term adaptability issues. The term itself maintains a forward-looking posture – it keeps DoD’s focus on the idea that the pace of change will continue to increase, and that from a policy and use standpoint, we need an embedded process that acknowledges and accommodates this.
Just a couple of instances of how this long-term view is codified, on page 5 of the DTM (Attachment 3: Responsibilities section), item “(d)” under the DoD CIO responsibilities states it will “establish mechanisms to monitor emerging internet-based capabilities in order to identify opportunities for use and assess risk” – this responsibility helps DoD maintain awareness of the change, and places hooks to allow for future adapting toward new capabilities. As the DoD takes advantage of these new capabilities, they will find new, creative ways of use, that will have follow-on policy implications – we must recognize this and hopefully will be better prepared to make the appropriate policy changes. The Official Use section (page 6) maintains all the OPSEC and security concerns in place, but in essence recognizes that today’s soldier now needs to be able to perform effectively in a public setting – this is the nature of peer to peer communication that social media presents today.
So as a suggestion to other Federal and State agencies who are looking to construct their social media and web 2.0 policies, you might consider having hooks into your policy for future emerging technologies that may disrupt your operations and policies as much as this web 2.0 technologies have. Get a process in place, with clear responsibilities and tasking that recognizes your Agency’s need to rapidly adapt as rapidly as the emerging technologies do.
Posts like this are why GovLoop needs to open some content for all to see…
Good stuff, Noel. Highly specific tool-based policies are just going to be behind the times as fast as they roll out. “Internet-based Capabilities” is now in my Gov2 lexicon.
Thanks Noel, great post. I asked this on Twitter but I’ll ask again here: If we’re considering Twitter to be a “capability,” what are the national security implications of frequent Twitter outages?
@Noel Excellent post – thank you for sharing. Do you feel as if the term “Internet-based capabilities” encompasses mobile technology as well?
@Steve – Soon and very soon, my friend! Of course, getting access to this great content also serves as an incentive to become a member, too 😉 You know I’m leaning toward being more open though…
@Dan – My response to your question: emphasizes the critical need for “multi-modal engagement capabilities.”
Hi Dan, regarding the Twitter question, that’s a great one. I can tell you that there have been discussions asking this exact thing. The question is in essence, does twitter turn into a defacto public utility? Right now, twitter will be the first to say that they aren’t ready for that level of responsibility right now.
The other thing I’d say is that anyone who really engages on any topic (the one most near and dear to me right now is crisis response in Haiti via crisiscommons.org) will tell you that no community ever restricts themselves to one tool. In fact, TONS of tools are used – everyone is comfortable with something different. Some might say this is a bad thing, but I would argue that it helps prevent the concern you list – that if a key technology goes, what happens? I subscribe to the notion that if you are connected, the information will find you, even if initiated on other network.
Hi Andy, Internet-based capabilities definitely encompasses mobile technologies. Most of us who post here now access the internet from our phones – this will only get greater in the future. Add in machine to human communications, and we’re now talking about autonomous agents accessing internet-based capabilities.
During today’s DoD Live discussion of the new policy directive,
http://www.dodlive.mil/index.php/2010/03/dodlive-bloggers-roundtable-new-dod-social-media-policy/
I thought the most interesting statement by Price Floyd, Principal Deputy Assistant Secretary of Defense for Public Affairs, was, in referring to the DoD’s official policy about social media, “The default switch is ‘on’.”
There’s a lot of detail to be worked out about this but if that’s the case that’s a highly significant policy statement.
Dennis McDonald
Alexandria Virginia
web: http://www.ddmcd.com
twitter: http://twitter.com/ddmcd
Hi Dennis, this policy is absolutely significant for the reason you cite. And yes, there are definitely a lot of detail to be worked, and there certainly will be a transition period. But as someone who was intimately involved in the gory details, while it doesn’t have everything I would have liked, I really believe it should be viewed as a successful effort. The change it codifies in policy is significant.
Noel, since you had a hand in crafting this policy, I wanted to hit you up about one specific aspect. Under the definition of ‘Internet-based Capabilities’ one of the examples listed is “Google Apps.” In a lot of respects this seems to be in a separate class from the other, more ‘traditional’ social media sites listed
http://www.google.com/apps/intl/en/business/index.html
Can you shed any light on the inclusion of Google Apps? I would love to have some of the capabilities that are available in Google Apps as long as it is within the boundaries of policy.
Noel, I hope the process of working out the details will be open and collaborative. Other agencies will be paying close attention with their own needs in mind. I’ll be especially interested in how use of social media tools impacts internal collaboration and communication among specialized populations that haven’t traditionally communicated across organizational boundaries.
Dennis McDonald
Alexandria Virginia
web: http://www.ddmcd.com
twitter: http://twitter.com/ddmcd
Hi Skylar, the Google Apps comment was actually my inclusion, so yeah, I do have some thoughts on it. This was intended to be used as a large bucket idea that included things like Google Wave, Google documents, and all the various mashup products that google apps and things like it provide.
Hi Dennis, the current plan for the details is still in flux, but the initial intent was to have an implementation guide. And like the development of the policy itself, this will be done in collaborative fashion within the DoD. We had well over 100 DoD folk (or their reps) across all the components working on a Sharepoint site on Intelink to do the initial policy development. The implementation guide early draft is currently sitting there for comments. If you have access to Intelink, you can search on the front of the site for “Internet-based Capabilities” to find the site. Again, we really are probably looking for DoD components to be commenting on the Implementation Guide itself, but other Agencies can go and ask questions, see the progress, etc.
Great post, Noel. Keep up the great work!
Hi Teri, thanks for your involvement in the development of this policy. For those that don’t know, Teri Centner was our EUCOM rep early in the policy development process.
Great post. You really answered the question of the day. And you offer great insight into the thinking behind the policy, too.
BTW…I’ve already seen the acronym IbC being bandied about. I find that somehow humorous. Give it a few days and we’ll all start getting emails offering IbC Classes 😉
Hi Sonia, all I can say is I did my absolute level best to keep the acronym “IbC” out of the DTM. For that I’m thankful, but the avalanche of habit in our world has led to this already being used in countless places. I even now find myself occasionally using it.
Although, usually when I’m using IbC, I’m referring to a root beer! 🙂
Nice post, Noel. I’m curious, is there a published list of ‘best practices’ for allowing greater Internet access from Gov’t agencies, while providing for basic (or even enhanced security concerns)? I’m not an expert in this area, but I consult in Learning and Talent Governance and change mgmt rocesses, and sometimes these types of questions come up. Any pointers to a ‘short list’ of key considerations, and/or ‘dissuaders’ for the over-zealot IT mgr? I did pull down the DoD doc you pointed to.