Welles: When does privacy rule?

Energy Department officials may be testing an edge of the privacy issue in a proposed regulation governing access to information on any department computer.

Energy Department rule

How far should we go to protect ourselves and our information if protection risks losing some privacy rights? Energy Department officials may be testing an edge of the privacy issue in a proposed regulation governing access to information on any department computer.

The law establishing DOE's National Nuclear Security Administration required employees to allow officials at investigative agencies to access computers they used for work and for three years after they leave their jobs. Given the agency's mission in protecting U.S. nuclear resources, such cybersecurity requirements might seem understandable.

In a newly proposed regulation, DOE officials have broadened the organization's requirement to all department computers as a good business practice, said William Hunteman, the organization's cybersecurity program manager. It was also broadened in other ways.

The proposed rule makes it clear that no user of a DOE computer, including anyone who sends an e-mail to a DOE computer, would have any expectation of privacy. Every federal and contractor employee with DOE computer access would be required to sign a consent form for use by investigative agencies.

"We have a responsibility that information we process on computer systems is appropriately protected and that the privacy of individuals is protected. "Where the two come together is what we wrestle with on a daily basis," said Bruce Brody, DOE's associate chief information officer for cybersecurity.

DOE officials have also required that a banner inform users that activities on the computer system are subject to interception, monitoring, recording, auditing, inspection and disclosure. The banner notifies users that their continued use of the system indicates their awareness of and consent to this monitoring.

Recent reports suggest the importance and difficulty of regulating cybersecurity and securing e-mail messages. Symantec's latest Internet Security Threat Report finds that attacks on government networks are becoming more sophisticated as hackers look for backdoors into vulnerable computers.

The Internal Revenue Service Inspector General's Office found that IRS officials have controls in place to protect sensitive data, but problems occur in enforcing employees use of secure messaging.

"The rest of the [IRS] has similar security issues," Brody said. "This [requirement] serves as a deterrent on the front end of any suspicious computer use, and on the back end, it allows appropriate authorities to take a look if anything bad has happened."

So you should watch what you write and who you write to when you send e-mail messages. You never know who may be reading them.

Comments on the proposed regulations may be e-mailed by May 16 to connie@hg.doe.gov. Include docket No. NNSA-RM-00-3235 in the subject line of the message.

Welles is a retired federal employee who has worked in the public and private sectors. She lives in Bethesda, Md., and writes about work life topics for Federal Computer WeekShe can be reached at judywelles@fcw.com.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group