Dear DoD, the Web Itself is Social

A few weeks ago, Noah Shachtman of Wired’s Danger Room blog wrote about how the, “U.S. military is strongly considering a near-total ban on Twitter, Facebook, and all other social networking sites throughout the Department of Defense.” According to Wired, the DoD believes that social networks, “make it way too easy for people with bad intentions to push malicious code to unsuspecting users.”

In April of this year, Mark Drapeau and Linton Wells II (previously the acting CIO of the DoD) published a thirty-five page report titled Social Software and National Security: An Initial Net Assessment which looked at the interplay between social software and national security. Combining a few of their conclusions, social software, “is an important information sharing enabler between individuals within government, between government employees and communities of interest, between researchers and government data, between the government and its citizens, and between governments of different countries” and that while, “information security concerns are non-trivial” that, “there is a point at which a mission can be hurt by strictly enforcing such draconian approaches that it keeps government from taking advantage of social tools that adversaries and other counterparties are using.”

While it would be possible for the DoD to block specific social networks by denying troops access to domains such as facebook.com, myspace.com, twitter.com, among hundreds of others around the World, as Stowe Boyd said on the Department of Defense’s Web 2.0 Guidance Forum, “Web 2.0 is fundamentally social, treating the individual at the center of the universe as opposed to groups or organizations, and then basing communication and information paths on social relationships between individuals.”

It’s my belief that even if the DoD tried to block all access to social networking sites it would be a never ending and ultimately unsuccessful battle as social is becoming a core component of the web itself. Not only are traditional social networking sites like Facebook, Twitter, and MySpace expanding through their own web-wide API programs, but social features are increasingly pervasive in what used to be “normal” web sites. A few examples:

The New York Times “Times People” – The New York Times launched the ability for you to sign in to nytimes.com, create a profile and follow other readers all without having to leave nytimes.com. This includes the ability to directly recommend articles that you’re reading to your followers on NYT as well as see those recommendations on every page of their site.

Palm Pre and Android – Both phones have address books that are integrated and updated automatically with your contacts elsewhere. The Android is constantly in sync with your Gmail contacts and the Pre has a feature known as Synergy which combines contact information, calendars and instant messaging from data stored locally on the phone, Gmail, Facebook, AOL, and Exchange.

ShareThis and AddThis – For the past few years, bloggers and other content providers have integrated those Nascar-style widgets into their sites to provide an easy way for readers to re-share articles. While they initially focused on re-sharing via blogging services, today they support and default to services such as Twitter, Facebook, MySpace, and AOL instant messenger.

Google Reader – Not long ago reading blogs and other content online was a solo experience from within your desktop “feed reader.” Google Reader changed this with the ability to follow other users and see what your friends are reading. In July they added the ability to group your friends and filter what you read based on what they liked. A few weeks ago they also added ability to share stories via Facebook and Twitter. Lifehacker writes in more detail about Google Reader Updates with Still More Social Features and More Google Reader “Send To” Tricks.

Google Friend Connect – Friend Connect is one of Google’s projects to bring social features to the long tail of the web. It provides the ability for non-technical site owners to bring sign in, profiles, following, “comment walls”, and other OpenSocial applications just by adding a few lines of HTML/JavaScript to their sites. Friend Connect is already placed on over five-million sites, is available in forty-seven different languages, and integrates with networks including Google, AOL, Twitter, and Plaxo. You can see Friend Connect on Robert Scoble’s blog showing the 1,600 people who have chosen to become members of his site directly. (Not to mention that in order to block usage of Google Friend Connect, the DoD would have to block troop access to Google.com itself!)

Identity – Whether via OpenID, OAuth (Twitter), or Facebook Connect it’s now simple to use an existing profile to sign into millions of different sites around the web. Well over one-billion people have accounts that are enabled with either OpenID or Facebook Connect. In many cases, it isn’t just about sign in but being able to find people you know on these sites and share content you create back into a variety of social networks. I’ve previously written about the Anatomy of “Connect” and how it’s becoming increasingly possible for any web site to integrate profiles, relationships, third-party content and activity sharing with these technologies.

Niché social networks – Whether it is a Ning community like GovLoop, a standalone network like GoodReads focused on book lovers, or Intel Communities for IT professionals, it’s clear that social networks will not only be large destination sites. More traditional blogging tools such as Movable Type, TypePad, and WordPress have all added various social features themselves over the past two years. See Movable Type Motion, Top Reasons to Love The New TypePad which includes an activity stream, profiles and sharing, and BuddyPress. (Disclosure: I work for Six Apart who creates Movable Type and TypePad.)

From infrastructure technologies like OpenID and OpenSocial, to widgets like ShareThis and Friend Connect, to The New York Times itself and your phone, features and interactions that you once only found on social networks are becoming ubiquitous. While it may be convenient for the DoD’s IT department to think about social networking as a list of URLs that they can block from any network, the reality is that social networking is becoming a core piece of the web itself.

tags: , , ,
  • erica

    Maybe things have changed since the news that the military was considering a ban on social media. Did you see today the new DOD Web site and focus on social media: http://www.defenselink.mil/home/features/2009/0709_socialmedia/. Doesn’t seem like a ban would make any sense given this development.

  • http://www.spadainc.com Mary Trigiani

    David, thanks for the great post. There’s no question that social networks perform at the core of the Web, or that they are gaining in importance daily. I believe, however, that comparing the Department of Defense with any news organization or corporate operation is a stretch at this point in time — especially when we look at the overall backwardness of the government’s technology infrastructure. Had the government, back in the 1990s, begun to install updated technology systems and make internal connections among the various security agencies, we might have had the data we needed to neutralize Al Quaeda before September 11 2001. Until the government leverages the power of technology comprehensively — and we should have a great deal of confidence in CTO Chopra’s leadership on that score — I think we must manage our expectations for open discourse with military personnel — and intelligence operatives, as well — whose first obligation is to serve and protect life. It’s great that the tech industry is pushing on this, but we must really push for building the required infrastructure and cultivating a bold mindset first.

  • G.Irish

    First of all, the DoD is banning the use of social networks like Twitter and Facebook on government networks. That means that if you are at a DoD site and are on the NIPRNET you are not allowed to use that stuff. If you are offsite you’re golden.

    Secondly, the military has a lot more need for security than the private sector. A lot of bloggers have been criticizing this ban as if the military is some authoritarian organization of evil but the fact of the matter is that the military has different needs.

    Thirdly, just because DoD is enacting a ban today, doesn’t mean it will exist forever. Out of necessity the military has to examine things very carefully and cannot adopt new technologies on a whim the way the private sector or even other parts of government can. There have been high profile breaches of security in DoD pretty much every year and perhaps it is simply a case of the DoD restricting something for now while they deal with other threats.

    There is a great deal of value in Web 2.0 that the military can make use. But there is also a great deal of risk and I’d much rather my Armed Forces proceed cautiously and fully understand and mitigate the risks. The military is actively pursuing a myriad of programs that incorporate Web 2.0 concepts (the Army Field Manual wiki experiment for one) but just because they don’t allow the social network du jour doesn’t necessarily make them draconian.

  • http://markdrapeau.com/about Mark Drapeau

    G. Irish –

    It’s my understanding that it’s not clear that a ban will be going into effect, since the matter is curently under review. I think in a couple months we will see the real decision.

    Also, it is unclear from what you wrote but just to crystalize things for any readers, there is much more to the DoD than strictly people in military uniform. We are talking about schools, research laboratories, analysts, public affairs, human resources, contracting, recruiting, and so forth.

  • http://www.davidrecordon.com/ David Recordon

    Hey Erica,
    Thanks for commenting and bringing up one of the aspects which I didn’t write about; the DoD’s quite good existing use of social networking technologies. Overall the Military is engaged on social networks and I imagine it stems both out of President Obama’s Transparency and Open Government memorandum as well as for recruiting purposes.

    Between the Joint Cheifs of Staff Chairman on Twitter (http://twitter.com/TheJointStaff), channels on YouTube and groups on Flickr, the Air Force having dozens of Twitter accounts, an incredibly large presence on Facebook, and many blogs, the DoD is certainly engaging in social media. That said, I imagine that there is still a difference between the Pentagon being able to make use of these technologies and your soldier on the ground especially in a current war zone. You can really see how soldiers and families are using these technologies to remain in contact from the comments of http://web20guidanceforum.dodlive.mil/2009/08/06/use-of-web-20-capabilities-by-military-families/.

    –David

  • http://www.davidrecordon.com/ David Recordon

    Mary and G. Irish,
    I certainly agree that the acceptable risks differ between the private sector and the Military. I wasn’t trying to provide examples such as the New York Times or Google Friend Connect to say that the environments are equal, but rather that social networking is undergoing a transformation. It’s no longer the case that social networking features only exist on “social networks”, but rather you’ll find them when reading news online, on your phone and on millions of sites around the web. Whether the DoD should block access or not is much less of my point, rather that it’s already becoming nearly impossible to do so. Yes, the DoD could block the large social networks, but even Yahoo!’s homepage and their Mail service have social networking features now!

    –David

  • http://blogs.open.collab.net/oncollabnet/ Jack Repenning

    It’s true that social features are becoming ubiquitous. It’s true that “the DoD” represents a mind-boggling diversity of security needs. I don’t see quite where you’re heading, merely by pointing this tension out. Are you suggesting that the DoD just give up on security? I kinda doubt that’ll happen…

    Maybe some not-so-ancient history can help us see where this is going. For a long time, you couldn’t sell a product or web-site to the DoD if it had JavaScript. Then, browsers sprouted “Enable/Disable JavaScript” preferences, and the rule became that a product could have JS, so long as it didn’t require JS: it had to function reasonably well with JS disabled. The prohibitions against JavaScript were substantive: you can do some darned evil things in JS. Today, however, the focus has shifted to ensuring that JS malware can’t be injected, through such measures as thorough and frequent cross-site scripting audits.

    This is not about “DoD IT are silly,” if that was the core thought of the article, it’s about “DoD IT needs the help of the community to solve this problem.” Nobody wants the designs for the next nuclear weapon snarfed by some malware-packed Facebook app. “We,” in the most inclusive sense, need to figure out how to prevent that. If no better means are available, that part of “we” known as “DoD IT” will, can, and should block URLs, HTML markup, and whatever else it takes to prevent this. But “we,” in the more restricted app-creation community sense, need to find ways to enable DoD to benefit from social features while managing the risks.

  • http://ebiquity.umbc.edu/ tim

    From what I remember of the article, it only applies to computers hooked up to NIPRNET (http://en.wikipedia.org/wiki/NIPRNet) and not to Internet access in general.

  • Kelcy

    Sadly, I think this post misses the point. It’s easy to bash DoD in light of earlier blogs that you mention on bans and blocks. But at no time do you mention any of the security risks other than a very short quote out of the NDU study by Mark Drapeau and Lin Wells. That study does a good job of balancing the operational value of social software and the security risks. It doesn’t go into great detail on solutions as it leaves that for others to take on. However, no where in your blog do you seriously address the security risks of social software which are very real for government and individuals (e.g. Koobface virus on Facebook and Twitter, DDOS attacks, GhostNet malware on over 1100 computers in over 100 countries through downloading documents generally passed along the trusted networks, Jeffrey Carr’s excellent blog post here on Radar O’Reilly http://radar.oreilly.com/2009/06/lokis-net-the-national-securit.html ). You also don’t mention that DoD is working on policy and in fact is using web2.0 technologies to capture public opinion with a series of questions – despite the fact that this has been reported multiple times on Twitter. http://web20guidanceforum.dodlive.mil/

    Security is a serious issue for everyone. It does not mean that we need to stop using social software, but managing risk should be a key part of all our lives no matter how we interact with the internet. How about giving it some air time via the social web? Maybe using the social web to come up with solutions?

  • http://www.davidrecordon.com/ David Recordon

    Kelcy, you’re right, I intentionally didn’t talk about the security risks in this post! I’m not trying to argue whether or not the security risks are valid or even if the DoD should or should not block access. Rather I’m trying to show that even if the DoD decided to block access to social networking features that they’re not going to be able to do so in a comprehensive manner given how pervasive these sorts of features and functionality have already become. And yes, the DoD is making use of all sorts of social media technologies!

  • http://www.baileyhillmedia.com Chris Bailey

    Maybe I’m expecting too much too fast, but here’s the problem I have with the DoD, the armed forces and the US government in general trying to engage in social media: they still just don’t get it.

    David, your post is, in part, titled The Web Itself is Social. Just because the DoD presents social media channels on its Defense Link site or The Joint Chiefs of Staff have a Twitter account does not mean they are *social*. Look at their sites and streams. There’s still far too much broadcasting and far too little interaction. When the principals behind these social media profiles actually use them to engage in conversation with others, then I’ll be impressed.

    Yes, it’s great that the old bureaucrats are getting social media religion. Unfortunately, it looks a lot like the same old one-way broadcast religion they’re comfortable with.

  • Marco

    This isn’t about the military not “getting” the Internet. It’s about military leadership reminding and enforcing on lower-ranking members that they need to keep their mouths shut about what they spend their time doing. Not just because loose lips sink ships, but because in most of what a military does is secure natural resources for exploitation and suppress dissent. Usually 10x or more enemy combatants die for every invading soldier and maybe 100x civilian body count. It only takes a few dead babies in the newspaper to cause a more organized revolt to become a threat to the operation.

    Secrecy is paramount to success when abusing power. However, an organization needs to communicate internally and spy on outside sources etc. to be effective. The goal is to have the potential for communication in all directions, hence using the Internet, but to make sure information is only flowing inwards to the group, hence draconian policy. Human beings naturally want to cooperate to some degree and it takes both loads of training and harsh rule enforcement to make them stop cooperating entirely with the “enemy.”

  • http://www.gtricks.com aery

    DOD forgot that Apranet- the first version of internet was made to connect different offices and now the whole idea behind Internet is to connect people.

    Moreover, web will be more social with the advent of new web2.0 technologies.

  • Don Thibeau

    David’s point is well made -that it is not so much about DoD as it is about the web as a social institution. For example, DoD takes care to separate warfighters from those supporting them.

    DoD is a heterogenerous thing; e.g. operating one of the largest school systems and as David suggests adoption of social media is not if but how.

  • http://www.thetwittersecret.com/ Sweton T Fleming

    hi..This is really great…nice way to say your thoughts… …

  • Chris C

    We’re seeing the US Army get fairly engaged with social media, http://www.army.mil/media/socialmedia/.

    They have a Social Media director in a key leadership position who is trying as much as possible to stay interconnected to social technologies in the non-DoD world.

  • Noel Dickover

    Just wanted to make a follow-up to this post. The policy that this post discussed just came out on Friday:

    http://www.defense.gov/releases/release.aspx?releaseid=13338

    As someone who worked on this, I can honestly tell you that this blog post actually made a difference in changing leadership perceptions of this issue. For instance, a consequence was that the language in the DTM was changed from “Social Networking Sites” to “Social Networking Services.” It turns out that Services are lots harder block.