[LINK] Private emails exposing agencies

[Tom Worthington]

Webb, KerryA wrote:

> Yes, and when they establish stand-alone Internet kiosks so that
> people can check their Webmail in the workplace ...

Good idea, but the kiosks need not be physical, the can be virtual. I 
suggest allowing private email via an agency provided (or endorsed)
interface. In other words private email could be used via the agency 
computer system, if the agency can read the messages and so impose the 
same controls which apply to official email.

By the way, the issue was raised in the Australian National Audit Office
(ANAO) report on "The Protection and Security of Electronic Information
Held by Australian Government Agencies" on 23 March 2011:
<http://www.anao.gov.au/director/publications/auditreports/2010-2011.cfm?item_id=DB76B4B31560A6E8AA567B44FD2E85A9>

Agencies audited were: the Australian Office of Financial Management
(AOFM), ComSuper, Medicare Australia and The Department of the Prime
Minister and Cabinet (DPMC). The audit found measures were generally
good, but suggested better administrator passwords and that public
web-based email services, such as Gmail and Hotmail (and presumably
Facebook) be blocked, to stop sensitive material being easily sent from
agencies. The agencies agreed with the audit findings and undertook to
implement the recommendations.

ps: I wrote the first draft of the guidelines for "Use Of The Internet 
By Defence Personnel" at the Australian Department of Defence in 1996 
based on the then current procedures for using a telephone:
<http://web.archive.org/web/19980221073757/www.adfa.oz.au/DOD/intuse.html>.


-- 
Tom Worthington FACS CP HLM, TomW Communications Pty Ltd. t: 0419496150
PO Box 13, Belconnen ACT 2617, Australia  http://www.tomw.net.au
Adjunct Senior Lecturer, School of Computer Science, The
Australian National University http://cs.anu.edu.au/courses/COMP7310/
Visiting Scientist, CSIRO ICT Centre: http://bit.ly/csiro_ict_canberra