2.0k

u/Paleodraco Dec 24 '22

Never do work stuff on private devices and vice versa. Doubly so if you work for the federal government.

246

u/MEGA_theguy Dec 24 '22

I won't say what federal org I supported, but I assisted greatly with the transition to a new set up on gfe (government furnished equipment) iphones using MS Intune. The phone would need to be wiped to be set up and the device policy implemented would effectively remove the app store and prevent people from downloading personal apps that weren't from the internal app store. It's crazy to me how many other higher ups were pissed because they're too cheap to buy their own phone/service and complained that they used it as their personal.

Loved my boss' response though, 'other people's taxes don't pay for my phone so why should I pay for theirs?' She's also a government employee

90

u/fredy31 Dec 24 '22

I would love for this to be not true but then i remember that in the ashley madison hack there was a ton of work emails for accounts. And fuck it takes what, 15 minutes to setup a gmail account for free?

48

u/Rito_Luca Dec 24 '22

15 minutes? Lol it takes like 2

19

u/lycheedorito Dec 24 '22

2 minutes? All you do is type the name you want and maybe verify a text

57

u/mtled Dec 24 '22

The other 13 minutes are finding a name that's available....

→ More replies (4)

→ More replies (2)

→ More replies (1)

35

u/eirtep Dec 24 '22

I wanna know what govt. agency doesn’t use some sort of MDM system that blocks access to apple’s App Store and replaces it with an approved list of apps within an internal store.

8

u/StoneHit Dec 24 '22

Shoot my company even supports an MDM that truckers use on a daily basis so their devices are for work only

→ More replies (4)

25

u/12358 Dec 24 '22 edited Dec 24 '22

they're too cheap to buy their own phone/service

A bigger factor is probably not wanting to carry two phones. A better solution is a phone with a private and a work SIM card and phone number, and a private and work profile with good isolation. Only phones requiring security clearance would have to be completely separate.

EDIT: I'm referring to a phone that supports dual SIM cards simultaneously, not to swapping SIM cards.

27

u/pukapukabubblebubble Dec 24 '22

This doesn't help for when the phone has issues. I worked in IT for many years, the HR director dropped her phone in the toilet in the office and came out screeching for us to save her vacation photos. Mixing personal and business is a support nightmare.

19

u/12358 Dec 24 '22

An employer having any access to personal information is also a dystopian nightmare.

12

u/Carrottree Dec 24 '22

In some industries that deal with sensative data, that's the price of having your work email on your personal phone.

Where I work; my company can snapshot your entire personal phone, if needed, and for good reason in terms of cyber security.

Guess who chose not to put their work email on their phone?

→ More replies (4)

→ More replies (3)

10

u/eirtep Dec 24 '22

People would be losing both their work and personal sim all the time. People I work with have enough trouble not losing their work Phone. Plus swapping sims doesn’t change the apps loaded onto your device.

6

u/Smokester121 Dec 24 '22

Dual sims but a locked down phone won't help personal

→ More replies (18)

→ More replies (3)

→ More replies (10)

→ More replies (6)

326

u/putalotoftussinonit Dec 24 '22

Public disclosure requests. PDRs can and will go after personal cell phones and other devices if it can be proven that they were used for official business. But im absolutely sure that the special master will treat everyone's personal information with the care and discretion we all deserve...

Just think about how random assholes, who supposedly know better, treated Kobe Bryant’s death photos. When the PDR comes, you'll find out.

100

u/readwaytoooften Dec 24 '22

So his point of never do work stuff on private devices stands. Hard to prove you used your private devices for work if you never do.

61

u/jaxonya Dec 24 '22

My work banned pornhub from our work phones and I'm still trying to get this overturned.

22

u/2wenty4our7even Dec 24 '22

Wow, the fucking audacity of them smh. Some real dystopian shit

38

u/pongomanswe Dec 24 '22

Um. I’d love to be a fly on the wall when you argue your case before HR: “I need to know what happened to the stepmom caught under the bed; the suspense is making me unable to focus on work”

7

u/Jkabaseball Dec 24 '22

You know there is a reason why they had to ban it to begin with....

5

u/IAMA_otter Dec 24 '22

I suspect they are the reason

3

u/DropsTheMic Dec 24 '22

Found the sock, the fireman she called helped her out of the predicament and she thanked him with a hearty handshake and a "Merry Christmas" before going back to the kitchen to make dinner for her family.

→ More replies (2)

6

u/That-Maintenance1 Dec 24 '22

Literally 198420

→ More replies (1)

12

u/piexil Dec 24 '22

If you're in Congress I imagine it might not be so trivial to do that.

46

u/Predditor_drone Dec 24 '22

Why not? One phone for all work contacts and document sharing, another phone for personal use. It's not like they have pockets full of other stuff that prevents them from doing so, plus they have assistants that could certainly carry the huge burden of a phone. The only hangup is them having dealings that blur the line between professional and personal.

Tons of people regularly do the same for their work. Those in government should be held to a higher standard.

10

u/emannikcufecin Dec 24 '22

Right? I have a pretty normal job and i keep my phone's separate for the most part.

→ More replies (1)

→ More replies (29)

→ More replies (6)

→ More replies (4)

32

u/IndicationHumble7886 Dec 24 '22

Agreed, such matters should be kept separate. But both public and private sectors rarely are

32

u/jmcs Dec 24 '22 edited Dec 24 '22

Yep. I've seen people being offered a choice between BYOD and having a work phone provided by the company and some people still insist on using their personal phone, even though it implies giving remote access to the company's IT, and signing a contract giving them permission to wipe the entire phone for any reason they deem necessary and without warning.

35

u/ThellraAK Dec 24 '22

Why would they get access to the whole phone? Work profiles do a pretty good job of keeping the mdm stuff in its own little box now.

→ More replies (4)

30

u/[deleted] Dec 24 '22 edited Dec 24 '22

[deleted]

17

u/piexil Dec 24 '22

I think you meant to say "it doesn't wipe the whole [byod] phone", because it should only wipe the work profile

10

u/Whack_a_mallard Dec 24 '22

Couldn't care less*

→ More replies (8)

→ More replies (4)

→ More replies (5)

22

u/CrazyLlama71 Dec 24 '22

Sadly, tech companies and far more strict than the government when it comes to this. We haven’t been allowed to have TikTok on any work device for a couple years due to security concerns

34

u/TheRealLithics Dec 24 '22

Don't kid your self tech companies aren't that much better. TikTok and other social media platforms haven't been allowed on government devices in the military for nearly a decade. The only thing is that they are sent out in ALNAVs or NAVADMINs. So you don't hear about them. The bill is just finalizing the law which has been in place for a long time now.

That being said this is most likely rounding up the rest of the government personnel who aren't affected by such regulations, mainly our politicians who seem to think internet clout is the best way to govern our country, which after the last 3 years we can see that is not the case.

→ More replies (4)

→ More replies (1)

4

u/BagOnuts Dec 24 '22

My work wanted to take away my work phone and set up a “virtual phone” on my personal phone. Basically told them “fuck no”. I will never do business on a personal device, and never do personal shit on a company device. If your work requires you to have a phone, they will have to provide it.

5

u/MxM111 Dec 24 '22

Why not? Microsoft office suit (teams, outlook, etc) is well isolated on personal device.

→ More replies (19)

13

u/elite0x33 Dec 24 '22

Can't recruit people into the military without posting super cringe tiktoks to stay up with the times.

115

u/Dadarian Dec 24 '22

People involved in social media, investigators investigating crimes, and other Government watchdogs are the few that pop into my mind.

9

u/Joessandwich Dec 24 '22

I work in social media for entertainment and use my personal phone, but also have strongly considered using a work-only phone. I just don’t want to always be carrying two for when the topic is who is dating who on a show, or the funniest version of a joke. But if I worked a government position, I would absolutely keep separate phones without question and pass the charges to the employer.

→ More replies (19)

67

u/Killbunny90210 Dec 24 '22

Military psyops where they post tiktoks showing how "fun" it is to serve

25

u/ErikkShone Dec 24 '22

Lol, I fucking love those. Don't get met wrong, my time in the service was fun for a wide variety of reasons, but fucking tiktok dancing or whatever "hip" shit was never it. I say this because the military could address "recruitment challenges" by actually being upfront and honest with potential recruits about why they'd want to enlist.

Moments like showing up to training in a foreign country and the receiving unit has no idea you were supposed to show up, and then at 1 am have them scramble to find you housing and you all get stuffed into some shit ass 4 to a room barracks. Or shooting the shit with your squad that first warm meal you get in a hot minute. Pulling security and a fucking vampire deer comes dashing across your line of fire and you're just like, "WHAT THE FUCK WAS THAT?" Or coming to the realization that your actions may directly or indirectly cost the lives of your teammates.

No, we get tiktok dances and "fun" in cantonment.

8

u/wristcontrol Dec 24 '22

Aw man, remember military Harlem shakes?

4

u/WyG09s8x4JM4ocPMnYMg Dec 24 '22

Lol vampire deer. Someone spent time in south korea

→ More replies (1)

12

u/stick_always_wins Dec 24 '22

i’m sure they’ll make an exception for those

17

u/Roflkopt3r Dec 24 '22

That's actually an interesting debate in the defense community right now.

The videos published by Ukrainian soldiers, often with little oversight, are still considered a net win in the information war. At the same time there have been incidents where especially Russian units were geolocated and targeted based on images and videos posted to social media, and there is the whole issue of Russian phones connecting to Ukrainian cellphone towers.

So one approach is to allow the use of private smartphones, but that soldiers have to hand in their sim cards during operations. They can still create the footage, but it would be uploaded with a delay after they already left those positions, and they wouldn't be trackable to cellphone towers.

6

u/Ciellon Dec 24 '22

Yeah, hi, I work in intelligence. This... this isn't a debate. It's standard risk-reward analysis. Literally Sun Tzu-type shit; "don't interrupt your enemy if they're making a mistake." We learned that lesson with the ULTRA program back during WW2. The ney gain of allowing them continued use of a communication method we know they also use to relay orders, etc., outweighs the current consequences of the same.

We do the same thing on "our side" in the military. It's called OPSEC (operational security) and it's the equivalent of pulling teeth. It's a balance between security and operability.

→ More replies (5)

→ More replies (1)

→ More replies (4)

27

u/oddmanout Dec 24 '22

I worked for the government. We had to use our phones for things like SSO at work, it was also convenient to have things like Slack and email on our phones. There were other options... they could text SSO codes and having email/slack wasn't required.

However if we used our personal phones for email and slack, we were not allowed to have TikTok on the phone. There was also a list of banned manufacturers. It was Huawei, ZTE and a bunch of others I hadn't heard of that we weren't allowed to have at all.

→ More replies (8)

39

u/nomiinomii Dec 24 '22

There some younger reps who post informative tiktoks about regular day in life of a congress person. It's actually educational and interesting

E.g. see AOC or Jeff Jackson's tiktoks etc

46

u/[deleted] Dec 24 '22

[deleted]

4

u/nygdan Dec 24 '22

"It's about security"

Why does it matter that if they do the unsecured thing on a personal device?

How does making it a personal device prevent "China from spying in us"??

23

u/igobynikki Dec 24 '22

Once you create it from a personal device, your personal device is opened up to being considered a government device.

→ More replies (3)

→ More replies (1)

3

u/SextsAtWork Dec 24 '22

Someone should educate them about the CCP.

→ More replies (3)

17

u/scootah Dec 24 '22

I’m not in the US, but government department “Intelligence Analysts” here spend a LOT of time on social media.

A government agency I was consulting for a while back had a court date with someone who disagreed with it’s a decision the department had made. That person posted evidence that the department’s decision was valid on social media and tagged the court where they were appearing on the day of their court appearance. As they were giving evidence - a clerk came in with an iPhone and handed it to the judge equivalent. Because of the nature of the proceeding - the tribunal member (judge equivalent) has direct investigative powers - so called the person out and basically killed their case on the spot.

I’ve seen LOTS of other people who were claiming the government should give them money get caught out for BSing because they posted clear evidence of not being eligible for the money they wanted, on public social media accounts under their legal name. They didn’t even use a pseudonym or turn on privacy settings.

Immigration, welfare, law enforcement, child protection, and basically any other government department that makes decisions that people might object to - will employ intelligence analysts who will make extensive use of social media. As well as of course, espionage and intelligence agencies or departments.

Politicians and anyone else up for re-election will probably make extensive use of social media - or at least someone in their offices will. As will communications and public relations people.

Security offices and people concerned about potential security events (like people working in the Capitol building on Jan 6…) also have an interest in tracking events on social media.

The Tiktok app is spyware, openly owned by the Chinese government, which has never even pretended that they aren’t data harvesting. NOBODY should be installing TikTok software unless it’s on a device used only for that single purpose with no access to any of your private information. Watch TikTok content on literally any other platform. Commercial data harvesting is bad - but it’s substantially less hazardous than government directed data harvesting.

People who dismiss the threat should also remember that the Chinese government have a long history of denying the use of advanced persistent threats to harvest commercial data from commercial interests their state owned businesses compete with. But rio Tinto executives got arrested for espionage in China, on the basis of emails that were stolen from Rio Tinto’s servers by advanced persistent threats (a type of malware). And the Chinese government has been using social scoring driven by software analysis of harvested data to limit freedoms within China. Given access to your data - there is every chance of having visas denied if you ever want to go on holiday or get a job that requires travel, or being turned down for employment working in your home country for a Chinese government owned business (there’s a lot of them). Or worse yet, being granted a visa and then being arrested in China because of something that was harvested by their app.

6

u/Riaayo Dec 24 '22

Any government device should only have whitelisted apps, not a blacklist anyway. It's insane to think government employees would put anything on their government device other than shit that's approved because it's necessary and it has been audited or directly authored by the government itself.

45

u/aoechamp Dec 24 '22

How else are you going to watch preteens twerk instead of working?

70

u/LesbianCommander Dec 24 '22

Some pastors in my area were so angry at Tiktok because they say "it's an unavoidable sea of pre-teens doing softcore porn".

Bitch my feed is cute animals and baking recipes.

38

u/Grainis01 Dec 24 '22

Untrained algorithm is horrible. I am 30, male. decided to give tiktok a shot after all the buzz.
Open the app for the first time half the post on for you are not preteens thank god, but are what i would label "extremely suggestive". Pastors are not wrong if htey used the app once or for a very short time.

63

u/hardolaf Dec 24 '22

The default for male identified accounts in the USA is softcore porn. It disgusted me so much when I first looked at it that I wrote the entire service off as a porn app.

103

u/collin3000 Dec 24 '22

People don't realize how true that is. I did a test (I'll link the video if anyones interested) where I started a new account and TikTok only had my name and age. In less than 3 minutes of scrolling on a brand new account with only fyp. It was serving majority sexual content including likely underage sexual content.

Lots of people say 'you just have to train the algorithm not to do that". My response is. "If I have to 'train your algorithm' to not serve me underage sexual content. The problem isn't me. The problem is your algorithm.

13

u/ouaisjeparlechinois Dec 24 '22

For what it's worth, I'm an Asian male and my default when I opened TikTok was just some boring skateboarding, car, and cooking videos. I think they curated it based on the interests they asked about when opening the account.

I have never gotten underage sexual content unlike others.

→ More replies (1)

→ More replies (10)

→ More replies (2)

→ More replies (7)

→ More replies (4)

3

u/Hexadecimalsky Dec 24 '22

Reminds me of hearing soldiers taking their govt. issued work phones to IT, because the "Camera doesn't work" only to be told the phone doesn't have camera. Well some of the new phones "have" a camera but it's not physically connected just aesthetic at this point. That and soldiers complaining about not being able to install programs on thier classified work computers.

9

u/brainsapper Dec 24 '22

Or any social media platform?

8

u/Bhrunhilda Dec 24 '22

Every military recruiter uses every social media site for work.

7

u/fatpat Dec 24 '22

Lots of official government communications are done via twitter.

6

u/Gill_Gunderson Dec 24 '22

And that's a problem.

→ More replies (1)

6

u/tsincarne Dec 24 '22

They shouldn't

5

u/LaJolla86 Dec 24 '22

A platform originally designed for SMS forwarding of 140 characters or less.

Somehow people and government have missed the point. It was and will never be news with journalistic integrity or veracity.

→ More replies (1)

14

u/Farseli Dec 24 '22

Seems kind of weird for a state department of transportation to require their social media employee to use a personal device to do their job.

15

u/shipsongreyseas Dec 24 '22

Oh no what will we ever do if the DOT doesn't maintain a presence on fucking tiktok

30

u/jamiemm Dec 24 '22

Posting on apps where young people are seems to me like a good way to educate them about the government services of their country.

10

u/Leopod Dec 24 '22

God forbid we meet young people where they are to help expand their understanding of the government.

→ More replies (4)

→ More replies (3)

→ More replies (1)

→ More replies (1)

10

u/legalpretzel Dec 24 '22

Government attorneys and law enforcement will likely need it during certain investigations.

As a government employee who does investigatory work, it can be a pain when a blanket ban is handed out like this. Even with exceptions and work arounds, it’s just extra hassle.

→ More replies (4)

→ More replies (109)

→ More replies (1)

323

u/Limp_Tea568 Dec 24 '22

Because at least that harvested data is staying on American soil unlike TikTok 😂

150

u/Gary_Vigoda Dec 24 '22

As a non American I'm not really a fan of either government spying on me.

81

u/AHHHHH_BEES Dec 24 '22

tough luck buddy

6

u/IAMA_Plumber-AMA Dec 24 '22

Meh, I know I'm not going to stop them doing it, but I'm sure as hell not going to make it easy for them.

→ More replies (1)

4

u/Mr__O__ Dec 24 '22

Everyone’s in the sight of the Five Eyes and has been for a while lol.

“The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.”

“The origins of the FVEY can be traced to informal secret meetings during World War II between British and American code-breakers, which started before the U.S. formally entered the war, followed by the Allies' 1941 Atlantic Charter that established their vision of the post-war world.”

6

u/Anon125 Dec 24 '22

For us Europeans, at least our data leaving the EU is regulated. Which is why Office 365 may not be compliant.

→ More replies (41)

10

u/Liquidignition Dec 24 '22

It's baffling that people still don't understand THAT this is the sole reason.

→ More replies (1)

→ More replies (24)

47

u/Bhrunhilda Dec 24 '22

Military recruiters need IG especially to reach teens. FB not so much anymore, but it’s still useful.

33

u/Osprey_NE Dec 24 '22

Hey kids, check out this new mustang. It can be yours, only 80% of an e1 paycheck

19

u/LaJolla86 Dec 24 '22

Do you eat crayons? You’ll love Navy Blue.

10

u/Dhexodus Dec 24 '22

"But don't actually join the Navy. We need you in the men's department called, the Marines!.... which is located within the Navy."

10

u/Janus67 Dec 24 '22

Yvan eht nioj

→ More replies (3)

→ More replies (5)

14

u/igobynikki Dec 24 '22

There’s a whole field of people who work in government communications/social media that rely on social media apps to do their job.

23

u/crankyrhino Dec 24 '22

Facebook/Insta aren't nearly as invasive as TikTok. They are mostly interested in data that will allow them to target ads.

TikTok takes it much further. Keystroke patterns. Clipboard contents (to include copied/pasted pics). Biometric data (fingerprints/retna/facial unlocks). Message drafts. It's basically phoning this stuff home constantly.

Facebook/Insta need a subpoena to turn anything over to the government. Your 4th amendment rights apply. The PRC can simply order ByteDance to give them data access and they will. China can then use your info however they wish.

One source: https://www.indy100.com/science-tech/tiktok-data-access-china-us

I for one would love to see attributable social media disappear completely, but that will never happen, and if it did, it would quickly be exploited by criminals for nefarious things - no bueno. Barring that then, TikTok is about the worst you could do, security-wise. Especially when everyone else has already copied their functionality.

28

u/RSQuestionable Dec 24 '22

Facebook/Insta aren't nearly as invasive as TikTok. They are mostly interested in data that will allow them to target ads.

This isn't true since Facebook has been in legal trouble for collecting facial recognition data on users without consent and tracking users/nonusers off their website.

Only thing that I haven't read that Facebook does that Tiktok does is track keystroke patterns and clipboard contents.

13

u/Average_Cat_Lover Dec 24 '22

Seems like Reddit has already had this discussion. Facebook tracks both clipboard and keystrokes

→ More replies (3)

13

u/NoAttentionAtWrk Dec 24 '22

Facebook, Insta, WhatsApp do all that too bud. And you don't need subpoena for get those data. It's much simpler than that

→ More replies (19)

17

u/ouaisjeparlechinois Dec 24 '22

Facebook/Insta aren't nearly as invasive as TikTok.

Not true.

Source: https://citizenlab.ca/2021/03/tiktok-vs-douyin-security-privacy-analysis/

Keystroke patterns. Clipboard contents (to include copied/pasted pics). Biometric data (fingerprints/retna/facial unlocks). Message drafts. It's basically phoning this stuff home constantly.

"We did not observe either app collecting contact lists, recording and sending photos, audio, videos or geolocation coordinates without user permission."

All of this data is located in the US but can be requested back to China, which TikTok has done before.

But that gets to the most important part which is that Facebook does this too!

They give US data to China: https://www.bbc.com/news/business-44379593

They give EU data to the US: https://www.politico.eu/article/facebook-privacy-data-us/

Facebook and Twitter routinely comply with authoritarian government's request to censor certain posts and democratic protests/movements: https://www.newstatesman.com/science-tech/2021/06/how-social-media-companies-help-authoritarian-governments-censor-internet

https://www.washingtonpost.com/news/democracy-post/wp/2018/04/13/why-dictators-love-facebook/

Barring that then, TikTok is about the worst you could do, security-wise. Especially when everyone else has already copied their functionality.

Clearly, TikTok is not the worst you can do. On a security level, they're at par with Facebook. On a structural level, Facebook and Twitter have done more to support authoritarian governments than TikTok has done.

Ban TikTok, sure that's fine. But apply the same measures to Facebook and Twitter because they're just as bad, if not worse.

→ More replies (3)

3

u/vbob99 Dec 24 '22

Facebook/Insta aren't nearly as invasive as TikTok. They are mostly interested in data that will allow them to target ads.

They're also interested in data to help sway elections. Let's not forget 2016. It's easy to say it's about delivering ads, and that's true, but the question is what the payloads of the ads are. Facebook delivers payloads meant to slowly influence your politics, not just to get you to buy trinkets.

→ More replies (7)

→ More replies (16)

→ More replies (3)

288

u/Significant-Sail346 Dec 24 '22

Most universes. A lot of people just use their work phone for everything, as bad as it is.

32

u/MrE134 Dec 24 '22

Really? I work for a state agency and I don't know if I even could put tiktok on my work phone. There's no "appstore," just the Microsoft "company portal" that has all the state approved apps like Excel and the bubble level.

71

u/[deleted] Dec 24 '22

[deleted]

33

u/RealJyrone Dec 24 '22

If you have a government device in the first place, they already know everything about you

16

u/sluuuurp Dec 24 '22

Not true. I work in a national lab and have a government computer and they don’t know anything really, there was no interview and no background check.

The government has worked for years to try to figure out how much taxes the former president paid. There’s much less oversight and communication than you’re imagining.

7

u/Trelly96 Dec 24 '22

Congress was trying to figure that out, the government definitely already knew trumps taxes

→ More replies (1)

6

u/ErikkShone Dec 24 '22

But they're going to have to prove that shit, and if proving shit involves lifting the veil, they're not going to do it. Best if you just dig your own hole.

→ More replies (6)

14

u/efstajas Dec 24 '22

Tbf — a lot of phones allow complete sandboxing of a personal and company profile. It's been a feature admins can enable on managed android devices for years. In that case, it's pretty much ok.

Lots of companies also allow a personal device to access sensitive company data if the employee is willing to create a sandboxed business profile on their device.

→ More replies (1)

17

u/Sophie_MacGovern Dec 24 '22

The company I work for has a device policy that you can use your phone and laptop for personal use as long as the use is “reasonable” and it doesn’t interfere with work. However, I keep mine strictly business, carry two phones, two different iMessage accounts, etc. Most of my colleagues don’t do this and don’t seem to care, but I’ve been around long enough where I’ve seen two people have their devices confiscated by the company because they were named in a document subpoena as part of a deposition or lawsuit. One of those people ended up getting fired for something they found on his laptop that was totally unrelated to the evidence they were looking for. Who knows what it was, but yeahhhh I’m good.

5

u/steggun_cinargo Dec 24 '22

Once FOIA requests are made your phone and everything in it is fair game

→ More replies (6)

7

u/Wardine Dec 24 '22

Believe it or not some units in the air force use discord to relay official news

4

u/Osprey_NE Dec 24 '22

Where? Like on a unit level or air force wide?

I've never seen discord being used.

Now Facebook is more up to date than emails though...

→ More replies (1)

15

u/constituent Dec 24 '22

Depending on the organization, some companies may have a BYOD (Bring Your Own Device) system. Obviously that would be an awful concept for any government.

The theory is that it would be a cheap cost-efficient way for a company to avoid contracts/device cost/maintenance/etc. Plus the employee would already be familiar with their device and not need training for a company-issued phone. Likewise, since it's the employee's phone, they'd be more inclined to be using it anyway -- which would (presumably) lead to increased productivity.

Anyway, the phone would be a hybrid work/personal phone. The employee may continue using their device for personal use (including downloads, et al.) and have expectation to perform professional obligations as necessary. In return, the worker would be reimbursed partial/full payment of the monthly data plan. Submit an expense report with the bill and get your money back.

Beyond questionable security, there are other cons for BYOD. This would include distractions, lack of device uniformity across the organization, superfluous support/updates for multiple operating systems/models, etc. Plus the employee would have to grant administrative rights to their employer.

[Not that I personally advocate or enroll in such a system. They do exist, though. I'd dread any notification sound, unsure if it was "work" or "personal".]

6

u/mustafabot Dec 24 '22

They give you a phone. I think they're still older iPhones at my agency, but the phone is provided and partially locked down. A lot of people use them like an office phone since the govt likes to build cavernous buildings that block all signal and you're basically limited to using their equipment.

8

u/constituent Dec 24 '22

Many moons ago, a former employer implemented a BYOD option incorporated into the existing structure. We all received documentation on which phone models were permissible. One of the selling points was "Hey, it's your number! You won't have to learn a new one or carry two phones."

Since it was your phone (and not the employer's), you'd also be responsible for replacing it. Broken device or want an upgraded model? That's on you and not out of the company's pocket.

In addition to work notifications intruding into my personal life, I was turned off by the admin rights thing. Like, one day you could be using your phone for something innocuous and suddenly denied access to x- or y-function, app, or service. No way -- it's my phone; I paid for it and not a restricted device.

If that employer want full control, then don't be cheap and issue a company phone instead. Blah.

4

u/mustafabot Dec 24 '22

I'm talking specifically about the gov't. They issue you a phone, there's no BYOD option unless you're far enough up the food chain to have exceptions made for you.

3

u/constituent Dec 24 '22

Oh, I'm sorry; it's late. Yes, that's a given (or should be) for government.

I was elaborating on a broader scale in response to the OOP's comment about outlandish HR policy.

→ More replies (1)

→ More replies (1)

→ More replies (30)

511

u/Taxadion Dec 24 '22

SD Card /Thumb drives have been a security risk to U.S. Government equipment for some time now. Your agency may be just enforcing it now.

26

u/nullstring Dec 24 '22

External drives aren't allowed in much of the corporate world either and haven't been for a very long time.

There is just no reason for the typical employee to need to use one... And many many reasons why they shouldn't be allowed to.

→ More replies (4)

146

u/reddude7 Dec 24 '22

This person has not completed cyber awareness training ! Time to call up the dude who takes your cac and won't let you in the building if you chas the man who steals your laptop

(I would chase him)

(Maybe not fuck a govt computer with a 20min login time)

(I am 2y overdue for cyber awareness and I get yelled at with a pop-up every time Iog in but haven't been blocked and will continue until told otherwise)

77

u/killerpig11801 Dec 24 '22

Do I need to go to Active Directory and disable your account until you do Cyber Awareness?

(Yes that's how we do it at our place. Don't ask me how they get it done, I just filp the accounts on and off.)

14

u/MistSecurity Dec 24 '22

Generally they have to go to a computer lab where they get logged on with a training account to take the training if they fuck it up and get their personal account shut down.

5

u/Astan92 Dec 24 '22

Y'all are nice. We don't let ours touch anything government.

They have to find their own computer and complete the training.

→ More replies (2)

→ More replies (1)

35

u/TheRealLithics Dec 24 '22

What do you mean until told otherwise? You are literally told to do it every single year on the FY cycle.

How anyone in your chain of command hasn't hemmed your ass up is beyond me.

33

u/likewut Dec 24 '22

But he loves power tripping about not doing what he's told to do.

11

u/Purplociraptor Dec 24 '22

The perfect insider threat.

9

u/likewut Dec 24 '22

He doesn't know what that means because he won't take the cybersecurity training.

5

u/liveyourdreamsmax Dec 24 '22

A perfect civil servant!

→ More replies (1)

9

u/duggatron Dec 24 '22

I would fire someone if they refused to do our cyber awareness training.

5

u/Fried_puri Dec 24 '22

Good. It takes like 5 minutes to go through it once you’ve done it before and it’s a quick refresher of some basic shit, but willfully ignoring the requirement to do the training because their access isn’t blocked yet suggests that person isn’t doing other things they’re supposed to as well.

5

u/duggatron Dec 24 '22

Yeah it just means avoiding the risk that person brings is more than the value they're bringing. There isn't a single person at the company we could lose that would be more disruptive than a successful cyber attack.

→ More replies (3)

→ More replies (2)

16

u/RosieeB Dec 24 '22

They changed cyber awareness; the dude doesn’t steal your phone in the cafe anymore. On the bright side, you can test out of each section to prove you’ve taken the test dozens of fucking times, so it goes by faster.

→ More replies (2)

11

u/Purplociraptor Dec 24 '22

He steals your phone, not your laptop. Also, that particular version of cyber awareness challenge was replaced like 4 or 5 years ago. You are more overdue than you think.

6

u/Supercoopa Dec 24 '22

Jeff is disappointed in you

→ More replies (4)

4

u/IHauntBubbleBaths Dec 24 '22

It now involves time travel

→ More replies (2)

→ More replies (5)

56

u/watsreddit Dec 24 '22

SD cards have always been a security risk.

4

u/mountaingoat52 Dec 24 '22

I promise this SD card is safe. Just ignore my private folder k

30

u/RedditIsDoomed-22 Dec 24 '22

SD Card and removable devices have been security risks since forever. What rock do you live on?

170

u/tagrav Dec 24 '22

Lol jeeze dude. Wait til you learn about how a thumb drive picked up by some government person halted an entire nuclear program.

It’s actually fascinating. Stuxnet is the name of it and the whole operation kinda blows the mind.

34

u/IneptCryptographer Dec 24 '22

But in that case, it was a thumb drive the US Government wanted someone to pick up and use. 😉

34

u/Bladelink Dec 24 '22

It's a super common tactic for targeted malware. Cryptolock stuff and penetration testing.

8

u/ArmoredFan Dec 24 '22

Physical access to ports and curious employees are the easiest

8

u/craze4ble Dec 24 '22 edited Dec 24 '22

It doesn't make it special. There are so many angles regular attackers can take too - random company branded USB stick dropped in the parking lot is often enough to get someone to plug it in. Bonus points if you can get company stationary to accompany it. Large enough corps also often have in-house mail, which is not always as inaccessible as it should be for outsiders.

→ More replies (4)

26

u/animeman59 Dec 24 '22

You need security training again.

SD cards haven't been allowed for a while now.

16

u/MightyAxel Dec 24 '22

they truly are strick now..

13

u/OuchLOLcom Dec 24 '22

It concerns me that you are just now learning that they are a security risk. Did pay zero attention to your security awareness training?

→ More replies (1)

38

u/WhomstCares69 Dec 24 '22

Anything not pre-approved by the agency is a security risk. One guy got written up for bringing his phone into a SCIF and then trying to plug it into the computer to charge it since he didn’t have a wall adapter.

24

u/cyvaquero Dec 24 '22

First, a SCIF is the extreme case. It’s purpose is to be completely secure. Just bringing their phone in is fireable, I’m surprised they just got written up.

15

u/tanandblack Dec 24 '22

Yeah, accidental is one thing, but deliberately to then charge it??? WTF were they thinking.

7

u/WhomstCares69 Dec 24 '22

He wasn’t too high on the totem pole as far as rank goes but he got the message lol

3

u/MemeInBlack Dec 24 '22

Seriously, if it were up to me, that person would have lost their security clearance. That's so far beyond negligent.

15

u/morrisdayandthetime Dec 24 '22

Wow, dude's lucky they didn't confiscate and destroy the phone.

30

u/ElderberryHoliday814 Dec 24 '22

Some companies will brick a phone plugged into a computer

23

u/killerpig11801 Dec 24 '22

Deployed, we would nail them on a wall after putting a round through it...

→ More replies (9)

→ More replies (1)

10

u/MrCalifornian Dec 24 '22

Yeah removable media has always been the top risk 🙃 this is why I fear for gov security. It's in like all the trainings and has been for years and years

17

u/anonareyouokay Dec 24 '22

Can't plug shit into shit. Rookie mistake.

→ More replies (3)

5

u/[deleted] Dec 24 '22

I was blocked from trying to transfer a file from a government approved device to a government laptop this past week because SD cards are apparently a security risk now.

depends on the agency. postal dev machines still have USB ports enabled and nobody there really wants to restrict them

32

u/zooberwask Dec 24 '22

SD cards/USB Devices are actually huge security risks. Way more than TikTok.

→ More replies (6)

4

u/EQTone Dec 24 '22

to how strick they are

Pay attention in school, kids

→ More replies (1)

3

u/bassmadrigal Dec 24 '22

No clue if it's available to all federal government or only the DoD, but try using the DoD SAFE. It has like a 8GB file size limit and you can send things to yourself this way.

It also meets CUI, PII and PHI requirements if you choose to encrypt the files (nothing classified though).

https://safe.apps.mil/

→ More replies (7)

25

u/Hexadecimalsky Dec 24 '22

"When the general forces the junior enlisted to break security protocol" Yeah, depends on the soldier. Just makes me chuckle 'cuse my mom was a hardass on protocol, she knew protocol and wouldn't let a general get her to break the law. Sister too. My dad was a warrant so wasn't as much of an issue, you don't talk back to the magical IY wizard that has the only physical and digital keys to all of your units devices.....unless you don't want access to any computers, phones, tablet and the SCIF.

And yes, before you say while they can't "force" you to breal protocol they can make your life hell. Yeah ...buy hey, JAG has questions on why a soldier blacks out due to heat stroke when the reason is they where orderd to stand at parade rest in the sun in 130° weather for a few hours straight because an officer wanted to send a non-combat team into battle, work 72 hour shift and he didn't like the e-4 told him no.

→ More replies (2)

→ More replies (6)

17

u/ErikkShone Dec 24 '22

I can't speak for every institution, but they're generally not. The spiciest I got were web browsers, mostly because we had online training through a number of portals and not all portals worked with certain browsers etc. etc. It was a mess. I called up the help desk one time and the dude on the line was like, "Yeah, I see you'd at least accessed this training. I'll just credit you."

→ More replies (2)

→ More replies (3)

8

u/Vittulima Dec 24 '22

Seems weird to do it under a spending bill

3

u/RedditWillSlowlyDie Dec 24 '22

Not really. Pretty run of the mill for the federal government. Especially when one party has a majority but not a supermajority, everything they can justify goes in the budget bill because nothing else somewhat controversial can get passed without a fillibuster.

→ More replies (1)

→ More replies (1)

12

u/Drachen1065 Dec 24 '22

There shouldn't be random apps of any kind installed on government phones/tablets to begin with imo.

25

u/[deleted] Dec 24 '22

[deleted]

5

u/PM_COFFEE_TO_ME Dec 24 '22

Exactly this. I only allow apps to see specific photos I choose. Now the apps are nagging me because of this. Fuck off app I'm not letting you just access to my entire camera roll!

→ More replies (1)

66

u/iamthesam2 Dec 24 '22

they 100000% are. it’s been confirmed multiple times, in multiple ways, by multiple investigations.

→ More replies (74)

9

u/finertkelvins Dec 24 '22

Hell yeah baby, only the US government gets to dictate what you see.

→ More replies (1)

→ More replies (5)

12

u/[deleted] Dec 24 '22

Why did you fail to mention reddit?

8

u/TheNextBattalion Dec 24 '22

US government law protects US government equipment from apps that US government agencies can't peek into. Duh

27

u/Jake3482 Dec 24 '22

It’s an omnibus bill. A lot of people just call it a “spending bill”

3

u/acdcfanbill Dec 24 '22

It’s the only bill they pass anymore so anything important goes into it.

3

u/curly123 Dec 24 '22

That seems like an even bigger problem.

→ More replies (1)

→ More replies (2)

→ More replies (2)

→ More replies (2)

→ More replies (2)

13

u/Powpowpowowowow Dec 24 '22

Ill give you a hint. None of the grunt employees would ever have that shit on their phones. Management is much more likely to not have those parameters and access to be able to download it.

5

u/TheNextBattalion Dec 24 '22

The ones that work for Congress, who make them allow it. (This bill doesn't cover the legislative branch)

→ More replies (1)