24 March 1998
From: email@example.com by toad.com for firstname.lastname@example.org Date: Tue, 24 Mar 98 11:50:49 EST To: email@example.com Subject: NSA planning "penetration study" of NASA computer security Date: 23 Mar 98 10:07 -0800 TO: Ames Resident Staff FROM: S. Scott Santiago, NASA-ARC CIO SUBJECT: Notification That Use of Computer System Constitutes Consent to Monitoring The General Accounting Office (GAO) will soon initiate a Penetration Study of NASA systems. GAO intends to use the National Security Agency (NSA) to conduct the penetration tests. NASA and GAO are in the process of developing a protocol for the test. This test will affect computers which are Government-owned or Government-funded. Also, for users, there can be no expectation of privacy, and that in using the system, they consent to their keystrokes and data content being monitored. The National Telecommunications and Information Systems Security, Communications Security (COMSEC), monitoring guidelines state that users of systems to be monitored must be properly notified in advance that their use of these systems constitutes consent to monitoring for COMSEC purposes. NSA has told NASA and GAO that before they begin their test, they need written verification that users have been notified consistent with these guidelines. A notification in the Centerwide Email will satisfy providing notice for this penetration study. NASA is required to provide a written certification that this notification has been sent and that a valid attempt was made to notify all employees and contractors affected by this penetration testing. If you would like to respond to this memo electronically, you may do so by double-clicking the following: mailto:firstname.lastname@example.org.