It has been several months now since USDA began implementing a filtering system to block individuals from accessing unauthorized and inappropriate web sites from USDA computers. How has the new system been working?

“We think it’s working just right,” said Bill Hadesty, associate chief information officer for cyber security in the Office of the Chief Information Officer. “On the one hand, we haven’t had an appreciable amount of calls from employees who say they can’t get at legitimate web sites, for their work-related duties, because of the filters. And on the other hand, we haven’t picked up a lot of illegal web access activity that we’d have to refer for further investigation.”

“So we feel we’ve set the computer filters at an appropriate screening level.”

USDA employees in the Washington, DC metropolitan area were notified of the implementation of the corporate filter system in a memorandum dated March 12, 2003 from Chief Information Officer Scott Charbo and titled “Notice of URL Filtering Implementation.” Employees at USDA field offices, as appropriate, generally have been receiving similar notification, because the filters are being put in place, in phases, across the country.

Jan Lilja, OCIO’s associate CIO for telecommunications, said that OCIO’s National Telecommunications Services and Operations Division (NTSO), which is headed by Michael Thomas and based in Fort Collins, Colo., is responsible for implementing the URL (“Universal Reference Language”) filtering on USDA’s network. She said that the filters currently in place cover an estimated 40 to 50 percent of USDA’s Internet traffic. By the end of CY 2003 that figure is expected to increase to an estimated 70 to 80 percent of that traffic. “We expect to filter all USDA Internet traffic by the end of 2004,” said Truman Harsha, NTSO deputy chief.

Lilja said that the March 12 memo was designed to explain specifically what is happening, and the rationale behind the filters. The memo related that on March 13 “the CIO’s office will turn on a system that disables access to web pages that contain material that is inappropriate for our work environment and is not authorized in Departmental regulations (i.e. DR 3300-1 Appendix I…” That particular Appendix can be found at http://www.usda.gov/directives/files/dr/DR3300-1-I.html.

“This action is being taken in compliance with this regulation and to eliminate the possibility of employees’ exposure to inappropriate material,” the memo noted.

“The CIO’s office has worked with each agency in USDA as this system has been developed,” the memo continued. “You should know that we do not routinely track the activity of any employee with this system. We can do this when law enforcement authorities make a formal request to do so, but this is NOT [emphasis original] done on a routine basis.”

So, just how much abuse had there been in the past, using USDA computers to access unauthorized or illegal web sites?

“Well, let me put it this way,” Hadesty replied. “We didn’t pay to have these filters put in because there was only ‘casual abuse’.”

He continued that the ‘non-USDA-business sites’ that have no business value to the mission of the Department typically include pornographic sites, gambling sites, ‘hate speech’ sites, and known sites that include stolen copyrighted information.

Hadesty clarified that the filtering stops everyone who is accessing unauthorized or illegal web sites from a USDA computer--so-called ‘light users’ and ‘heavy users’ as well.

Lilja noted that if an employee using a USDA computer either inadvertently or intentionally attempts to pull up material that has been defined as inappropriate, an ‘Advisory Page’ will be displayed on his/her computer screen. The Advisory Page states that, “Access to this site is restricted in accordance with the USDA policy on Web content filtering. If you require access to this site as part of your official responsibilities, contact your Agency ISSPM (Information Systems Security Program Manager) for assistance. Your Agency ISSPM will in turn complete the exception form, gain approval from your agency CIO, and forward the request to NTSO for processing.”

Lilja added that, “We want to draw a balance between personal use and business use of USDA’s computers.” As described in DR 3300-1 Appendix I, USDA does allow some personal use of its computers--but she emphasized that such use always must be within the law.

“However,” Hadesty advised, “if an individual attempts to go around the USDA filters, then we’ll pick that up through other sensors in the system. And once we do, then that inappropriate activity may be subject to an investigation and subsequent disciplinary action, as warranted.”

He added that, especially at smaller USDA field offices where there may be limited band width in the telecommunications system, if one employee is using his/her USDA computer to access inappropriate web sites, “that might really affect the response times of other employees at that location who are trying to use the Internet for legitimate USDA business reasons.”

Hadesty then pointed out that “Our process is always one that allows someone to talk with a live human being in our system, so that if an employee thinks he/she ought to be able to access a site that is being blocked, then the employee can question it, and request access to the site in question.”

As an example, he related that USDA’s filters currently block access from USDA computers to gambling web sites. But recently an official business-related conference, which included USDA employees in attendance, was held at a casino in Arizona. The computer filters blocked access to those employees, planning to attend the conference, who attempted to reach the casino via the Internet in order to make room reservations.

“So some employees contacted us about that, and we agreed that access for this purpose should be allowed,” Lilja affirmed. “Our OCIO Telecommunications Staff then ‘tweaked’ the filter and allowed the employees into that web site to make their reservations.”

Hadesty emphasized that, “There is nothing ‘Big Brother’ on your USDA computer; our filters, sensors, and blocking activities are based on the web sites you may be accessing, not on who you are or where you’re sitting.”

“We don’t want any of our best and brightest USDA employees being marched out of here because of computer abuse,” he observed. “So these computer filters might help to protect employees from themselves--and maybe save their careers.” •