> if ... you are caught with that material on your personal laptop, which you use to access DKO, you will be charged with a security violation
Yes, as is the same with all other classified information. How else should the government deal with it? De-classify the information? If you have a security clearance you should know that you should never have classified information on a un-classified computer system. There's nothing new about this.
Prior to Wikileaks and an Executive Order addressing the matter of classified information in public domain, the presence of classified information on an unclassified system almost certainly required a deliberate effort to remove the classified information. A soldier would have had to gain access to the classified system and deliberately violate regulation to extract the information. Finding the classified information on an unclassified system would otherwise have exposed gross negligence or criminal intent. This is shifting the focus from the violation that took place to transfer classified information to an unclassified system; it shifts the focus to exposure to classified information on an unclassified system.
Not every soldier is familiar with handling classified information. Their ignorance is bliss. They do not have access to classified systems. Now, though they have no access, they are to be treated as though they mishandled classified information because they visited a public domain website on their personal computer. They had to be told the information was classified because they otherwise could not be certain.
This is new enough. I do understand your position about data at rest. But I believe there is a difference based upon where the classified information was encountered and how it got there. If it is on an unclassified system, and it got there via communication with an unclassified system, I fail to see the soldier's violation. When the soldier's mother expressed outrage over the leak or details of the leak is the soldier supposed to report her and cease contact?
The block is one thing. The bit about leadership and climate is another.
And that´s why the system fails to protect the informations routinely. It makes sense from the rules point of view, but lacks perspective and is not practical.
It´s just trying to grab a pint of water with your hand, no matter how hard you try and how many rules you set, it´s not going to work.
What would happen if, say, a common Linux distribution integrated classified material into its base documentation (not unreasonable; encryption algorithms can be classified, for example) and then pushed that change out as a bugfix-level auto-update? Would tens of thousands of people suddenly be breaking the law?
Yes, as is the same with all other classified information. How else should the government deal with it? De-classify the information? If you have a security clearance you should know that you should never have classified information on a un-classified computer system. There's nothing new about this.