[ISN] DOE: No privacy on agency computers

From: InfoSec News (alerts@private)
Date: Fri Jul 21 2006 - 02:43:32 PDT


By Michael Hardy
July 20, 2006

The Energy Department finalized a rule that essentially requires all 
employees and contractors to give up any expectations of privacy when 
using agency computers.

DOE's rule, which will become effective Aug. 18, also specifies that 
members of the public who interact with DOE computers via e-mail likewise 
have no promise of privacy.

The rule is an effort to create a standard agencywide policy for access to 
agency computers. It follows a proposed rule that the department published 
March 17, 2005, and incorporates comments the agency received.

A main feature of the rule is that DOE employees and contractors must 
acknowledge in writing that authorized investigative agencies can have 
access to computers they used during the time of their employment and for 
as many as three years after they leave. That provision previously was 
explained only for employees of the National Nuclear Security 
Administration, an organization within DOE. Because of NNSA's 
recommendation, department officials determined it should apply 
agencywide, according to the rule published July 18 in the Federal 

The rule, which follows a proposed rule the department published March 17, 
2005, also specifies that:

* Individuals seeking access to information on DOE computers must 
  acknowledge in writing that there is no expectation of privacy.
* Contractors are responsible for making sure that each employee or 
  subcontractor employee has provided the proper written acknowledgements.  
  A DOE contracting officer can inspect and copy contractors' files of 
  such acknowledgements at any time.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Fri Jul 21 2006 - 03:07:46 PDT