HomeNewsArticle Display

Notice and consent: Policy dictates monitoring of government-provided systems

  • Published
  • By Mike W. Ray
  • Tinker Public Affairs
TINKER AIR FORCE BASE, Okla. --  Just in case you didn't know: Uncle Sam is monitoring you while you're at Tinker Air Force Base.

Specifically, federal law governing notice-and-consent decrees that (1) you must be informed that the government may listen in on your communications, and (2) whenever you use an unsecured government-provided telecommunications system on this base, you are giving implicit consent to be monitored.

The policy is spelled out at length in Air Force Instruction 10-712, said Laurence Langlois of the 72nd Air Base Wing Communications Directorate. Mr. Langlois is the alternate wing information assurance officer, notice and consent manager and Tinker TMAP manager. AFI 10-712 "prescribes responsibilities, procedures, and guidance for the Telecommunications Monitoring and Assessment Program."

The U.S. Air Force employs telecommunications systems such as telephones, cellular phones, radios, facsimile, pagers, computer networks, Internet-based capabilities such as blogs, Web sites, social networking sites, etc., and other wired or wireless electronic devices, AFI 10-712 relates.

"We use these on a daily basis to do our jobs," Mr. Langlois noted.

"Adversaries can easily monitor these systems to gather information regarding military capabilities, limitations, intentions and activities," AFI 10-712 points out. As a direct result, TMAP provides commanders with "an assessment as to the type and amount of information traversing telecommunications systems at risk to adversary collection and exploitation."

TMAP is "intended to limit unauthorized and unwanted access to vital information," Mr. Langlois said.

The Air Force "monitors official unsecured and unprotected telecommunications systems to determine whether they are being used to transmit critical, sensitive or classified information," said Kevin Smith, Branch Chief of the Information Assurance Office in the Communications Directorate.

TMAP is an "effective tool to identify real-world problems that can adversely affect the warfighter's effectiveness," AFI 10-712 asserts.

Accordingly, the instruction provides that all authorized users of telecommunications systems and devices "must receive legally sufficient notice that monitoring is conducted and that use of the system or device constitutes consent to monitoring."

This is where notice and consent comes in. As just one example, whenever you log onto a computer at Tinker, right after pressing "Ctrl+Alt+Delete" you are presented with the AF Notice and Consent banner, which you must acknowledge by clicking "Continue." Next time you log on, take a moment to stop and read it.

AFI 10-712 declares that all Defense Department telecommunications systems and information system "are subject to monitoring for authorized purposes..."

Each organization is required to provide a biennial report to the Wing Information Assurance Office regarding the status of their TMAP programs. The Wing IA Office in turn has to combine the data collected and report the status of the entire base for the biennial certification, through the SAF/GC, that users of Air Force telecommunications systems and information systems are provided legally sufficient notice that use of those systems constitutes consent to monitoring for all authorized purposes. The last report was completed in 2010 with zero discrepancies.

Notification is provided by red stickers (DD Form 2056) on the front and side of base telephones. These labels warn users, "Do Not Discuss Classified Information," and inform users that, "This telephone is subject to monitoring at all times. Use of this telephone constitutes consent to monitoring."

Similarly, a declaration must be included on military FAX cover sheets which warns, "Do not transmit classified information over unsecured telecommunications systems. Official DOD telecommunications systems are subject to monitoring, and use of DOD telecommunications systems constitutes consent to monitoring."

TMAP includes a pledge that only official communications will be monitored. Authorized eavesdroppers are instructed, "For example, do not target Class B (on-base quarters) telecommunications."

The monitors also are forbidden from retaining any proprietary, personally identifiable information (PII) or personal privacy information (PPI) that is "extraneous to the TMAP assessment." As a general rule, such information is to be promptly destroyed.

"There are two basic types of TMAP products," Mr. Langlois said: reports and transcripts. TMAP products "will not contain PPI, PII, or information that could reasonably identify individuals in assessed offices, flights, or sections, such as titles, names, ranks, complete phone numbers, complete e-mail addresses, etc.," AFI 10-712 mandates.

In summary, "We want people at Tinker Air Force Base to know that they may be monitored, and that use of telecommunications equipment here constitutes consent to be monitored," Mr. Smith said.