[Federal Register Volume 62, Number 145 (Tuesday, July 29, 1997)]
[Notices]
[Pages 40507-40508]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-19828]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary


Privacy and Security on Publicly Accessible DoD Internet Services

AGENCY: Department of Defense, Office of the Secretary of Defense 
(Public Affairs).

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: This is a voluntary notice by the Department of Defense to 
inform those who use publicly accessible defense information on the 
Internet what measures are being taken to gather information about 
visits and to protect the integrity of Department of Defense Internet 
systems. Effective immediately, the DoD changing its notice to users to 
notify them of what we are doing and why.

FOR FURTHER INFORMATION CONTACT: Mr. Richard Silva, OASD(PA), Room 
2E791, 1400 Defense Pentagon, Washington, DC 20301-1400 or on-line via 
the DefenseLINK message form at http://www.dtic.mil/defenselink/faq/
comment.html.

SUPPLEMENTARY INFORMATION:  In its ongoing efforts to provide open, 
honest and accurate information to the public, the Department is hereby 
notifying those who use publicly accessible defense information on the 
Internet what measures are being taken to gather information about 
visits and to protect the integrity of Department of Defense Internet 
systems and why it is necessary to do so.
    First, most World Wide Web services record information about web 
site visits for site management purposes. DoD uses industry-standard 
software to gather basic data about web site visits. This data is used 
for site management purposes, such as assessing what information is of 
most and least interest to users, determining technical design 
specifications, and identifying system performance or problem areas.
    Second, computer vandalism has become an ever increasing problem 
over the past few years. These attacks can lead to the alteration of 
information that is used and trusted by millions of people. It is 
becoming more and more important for the Department to take a more 
proactive role in protecting its computer systems from these attacks. 
Therefore, to insure that the DoD public web services remain available 
to all users and to protect them from fraudulent, unlawful or abusive 
use, the Department is employing industry-standard methods to monitor 
network traffic to identify unauthorized attempts to upload or change 
information, or otherwise cause damage.
    No other attempts are made to identify individual users or their 
usage habits. Raw data logs are used for no other purposes and are 
scheduled for regular destruction in accordance with National Archives 
and Records Administration General Schedule 20.
    Third, the Department is publishing the attached ``privacy and 
security notice'' on its publicly accessible Internet systems to inform 
users what we are doing and why.
    DefenseLINK (http://www.dtic.mil/defenselink/) is the official 
World-Wide Web Information Service from the Department of Defense and 
is the starting point for locating U.S. defense information around the 
world. The purpose of DefenseLINK is to provide the public with a 
single, unified starting point for information about the Department of 
Defense, its organization and its functions. DefenseLINK provides 
direct access to the Information Services established by each military 
service. These Defense World Wide Web services contain many Defense 
publications, answers to frequently asked questions about the 
department, news releases and photographs. Information within these 
public access services may be distributed or copied. Use of appropriate 
byline/photo/image credits is requested.
    Below is the new privacy and security notice being implemented on 
all DoD publicly accessible Internet systems.
    Link from Index.html pages--``Please read this privacy and security 
notice.''
    ( )--indicates sections to be tailored at the installation level.
    [ ]--indicates hyperlinks.
    *--indicates information located at the hyperlink destination 
indicated.

Privacy and Security Notice

    1. (DefenseLINK) is provided as a public service by the ([Office of 
the Assistant Secretary of Defense-Public

[[Page 40508]]

Affairs] and the [Defense Technical Information Center]).
    2. Information presented on (DefenseLINK) is considered public 
information and may be distributed or copied. Use of appropriate 
byline/photo/image credits is requested.
    3. For site management, [information is collected] * for 
statistical purposes. This government computer system uses industry-
standard software to create summary statistics, which are used for such 
things as assessing what information is of most and least interest, 
determining technical design specifications, and identifying system 
performance or problem areas.
---------------------------------------------------------------------------

    * Link from above--``information is collected''
---------------------------------------------------------------------------

    4. For site security purposes and to ensure that this service 
remains available to all users, this government computer system employs 
industry-standard methods to monitor network traffic to identify 
unauthorized attempts to upload or change information, or otherwise 
cause damage.
    5. No other attempts are made to identify individual users or their 
usage habits. Raw data logs are used for no other purposes and are 
scheduled for regular destruction in accordance with [National Archives 
and Records Administration General schedule 20].
    6. Unauthorized attempts to upload information or change 
information on this service are strictly prohibited and may be 
punishable under the Computer Fraud and Abuse Act of 1986 and the 
National Information Infrastructure Protection Act.
    7. If you have any questions or comments about the information 
presented here, please forward them to (us using the DefenseLINK 
[Comment Form]).

Example: Information Collected From DefenseLINK for Statistical 
Purposes

    Below is an example of the information collected based on a 
standard request for a World Wide Web document:

pm2e-1-678.afbdsop.com--[28/Jan/1997:00:00:01-0500]
``GET/defenselink/news/nr012797.html HTTP/1.0'' 200 16704
Mozilla 3.0
pm2e-1-678.afbdsop.com--this is the domain and IP address of the 
requester (you as the visitor). In this case, (....com) the requester 
is coming from a commercial address instead of a military or 
educational institution address.
[28/Jan/1997:00:00:01-0500]--this is the date and time of the request
``GET/defenselink/news/nr012797.html HTTP/1.0''--this is the location 
of the requested file on DefenseLINK
200--this is the status code--200 is OK--the request was filled
16704--this is the size of the requested file in bytes
Mozilla 3.0--this identifies the type of browser software used to 
access the page, which indicates what design parameters to use in 
constructing the pages.

    Requests for other types of documents use similar information. No 
other user-identifying information is collected.

    Dated: July 22, 1997.
Patricia L. Toppings,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 97-19828 Filed 7-28-97; 8:45 am]
BILLING CODE 5000-04-M