This post was originally published by O’Reilly Radar on July 27, 2009.
In a recent CSPAN interview, White House spokesman Robert Gibbs noted that, “for some reason, Twitter is blocked on White House computers,” which created a minor frenzy among tech-savvy journalists ranging from UPI to The Hill. Later, news upstart Mediaite uncovered that the New Media team in the Old Executive Office Building could indeed access Twitter, but other people working on White House staff do not necessarily share the same privileges. This is all very interesting, but this story is far bigger than the White House, because it serves as a metaphor for rules governing social media tool use for the thousands of employees working throughout the Federal government.
Decisions about which social media sites are allowed in the Executive Branch are somewhat inconsistent, as I pointed out in a Department of Defense research paper earlier this year. Often without explanation or transparency, different agencies and even offices within agencies have different policies about use of social media platforms on the Web. Additionally, even when public affairs employees are allowed to use tools like Twitter and YouTube to communicate, they are sometimes blocked by different authorities at work from using them. So, in a gray area, they employ workarounds using personal laptops, iPhones, and the like.
Such internal contradiction cannot last long. Eventually there will have to be consistent, widely-known policy guidance about what sites can be used, and by whom, and why. And as the workforce age structure changes, and lines between professional and personal increasingly blur, employees will demand access to these sites more. Some sites may legitimately be blocked, but currently, there are a hodgepodge of rules that are often confusing, and possibly make the overall situation worse. Here, I propose two arguments for not blocking most social media sites on most government computers.
One, blocking social media sites does little for safety and security. The statement “Twitter is blocked” typically means that the domain Twitter.com is rendered inaccessible from a government Web browser. The downside to blocking sites this way is that there are simple mechanisms for alternatively accessing the underlying software (Twitter.com can be accessed from TweetGrid.com, YouTube.com from videos.Google.com, and so forth). Hence, official computers can access the same sites through different portals. Employees may also turn to nearly ubiquitous personal devices like BlackBerries to use social media during work hours. Finally, there are many “clones” of sites like Twitter and YouTube; are Identi.ca, Plurk, and similar microsharing sites also blocked? Thus, some employees effectively use the same social networks to send and receive the same information, with all of it being harder to monitor. This is not a recipe for good cyber-security of government systems or employee information.
Two, blocking social media platforms does little for government efficiency, transparency, and citizen engagement. True, when used poorly, sites like Twitter and YouTube are a distraction from official duties and a time-sink. But the same can be argued about phones, email, and even the cafeteria. When used responsibly, however, social media provides real-time information about critical news, helps employees working on similar topics within the government find and communicate with each other, allows the discovery of work-related conferences and other events, helps people better understand how technology is influencing overseas incidents like the Iranian election protests, conversing with citizens about microniche issues related to the office one works in, and countless other worthwhile applications. Blanket social media bans empower information to fall through the cracks rather than get to people who could use it.
Three reasonable steps should be taken. First, top-level government information assurance analysts need to determine what security risks various common social media websites pose to the government; they should be “binned” into categories like “Use only on non-military computers” or “Not for government system use.” Second, policies need to be transparent, consistent, and well-publicized across the government; employees will frown on radically different policies being applied in different buildings on Independence Avenue, or on different Army bases in Virginia. Third, employees and contractors working in government facilities need to be educated about the positive and negative aspects of using social media websites, just as they are about other aspects of cyber-security and other government procedures.
These three steps should counteract possibly less secure employee workarounds, and go a long way towards the more open, transparent, and participatory government that the President proposed in the first memo he disseminated after taking office. Interestingly, while the U.S. debates whether or not certain computers can and cannot access Twitter, across the pond the U.K. has released an official government template for how to use Twitter – it’s a 20-page document offering practical advice, and uploaded online using Scribd for the entire world to see. Just as we look to other countries for ideas about how we can improve transportation, health care and the like, we might include social media on that list.