Posting classified info -- and it's not the bloggers

When the Defense Department in May tried to block bloggers, there was -- ostensibly -- a reason: to ensure that blogging warfighters didn't post information that might hurt the warfighting efforts. But Wired's Noah Shachtman reports that the brass don't need to worry about the blogs. They need to worry about official DOD Web sites.

The Electronic Frontier Foundation got hold of the data, and Shachtman's story, Army Reports Brass, Not Bloggers, Breach Security, says:

For years, the military has been warning that soldiers' blogs could pose a security threat by leaking sensitive wartime information. But a series of online audits, conducted by the Army, suggests that official Defense Department websites post material that's far more potentially harmful than blogs do.

The audits, performed by the Army Web Risk Assessment Cell between January 2006 and January 2007, found at least 1,813 violations of operational security policy on 878 official military websites. In contrast, the 10-man, Manassas, Virginia, unit discovered 28 breaches, at most, on 594 individual blogs during the same period.

The results were obtained by the Electronic Frontier Foundation, after the digital rights group filed a lawsuit under the Freedom of Information Act.

"It's clear that official Army websites are the real security problem, not blogs," said EFF staff attorney Marcia Hofmann. "Bloggers, on the whole, have been very careful and conscientious. It's a pretty major disparity."

The findings stand in stark contrast to Army statements about the risks that blogs pose.

"Some soldiers continue to post sensitive information to internet websites and blogs," then-Army Chief of Staff Peter Schoomaker wrote in a 2005 memo. "Such [operational security] violations needlessly place lives at risk." That same year, commanders in Iraq ordered troops to register their blogs "with the unit chain of command."