You are absolutely correct about the compartmentalization and physical separation of classified and unclassified systems.

I disagree that this is about keeping "clean" systems clean. That is the justification for the block. The implied task, which typically carries tremendous latitude, is in this clause:

> Leadership must establish a vigilant command climate that underscores the critical importance of safeguarding classified material against compromise.

Officers will discuss this in an email, maybe during a routine brief, and issue intent (maybe guidance) to the NCOs. That clause about the vigilant command climate being underscored is where the NCOs will be interpreting the implied task(s). Somewhere, for some units, this will be similar to the way alcohol and pornography is handled. There will be an amnesty and then there will be barracks inspections. Platoon and team leaders will treat any device used to access an unclassified system as though it were a thumb drive. Most of the lower enlisted depend heavily upon their Defense Knowledge Online (DKO) portal and webmail. Many use personal computers to access from their barracks. Medical records, address books, professional development, college coursework, all are accessed through the portal. If you have been keeping up on the Snowden leaks on your personal laptop and you are caught with that material on your personal laptop, which you use to access DKO, you will be charged with a security violation. Your clearance will be revoked. You will lose your job and there will be a criminal investigation. If you sync your phone with your laptop, that will be inspected, as well. Your phone might as well be a thumb drive. If you have an email with Snowden material attached to it in your GMail Inbox, and that is pushed to your phone but you fail to report and scrub it, you will be charged.

These are marching orders. Soldiers will feel the squeeze from this.

> if ... you are caught with that material on your personal laptop, which you use to access DKO, you will be charged with a security violation

Yes, as is the same with all other classified information. How else should the government deal with it? De-classify the information? If you have a security clearance you should know that you should never have classified information on a un-classified computer system. There's nothing new about this.

Prior to Wikileaks and an Executive Order addressing the matter of classified information in public domain, the presence of classified information on an unclassified system almost certainly required a deliberate effort to remove the classified information. A soldier would have had to gain access to the classified system and deliberately violate regulation to extract the information. Finding the classified information on an unclassified system would otherwise have exposed gross negligence or criminal intent. This is shifting the focus from the violation that took place to transfer classified information to an unclassified system; it shifts the focus to exposure to classified information on an unclassified system.

Not every soldier is familiar with handling classified information. Their ignorance is bliss. They do not have access to classified systems. Now, though they have no access, they are to be treated as though they mishandled classified information because they visited a public domain website on their personal computer. They had to be told the information was classified because they otherwise could not be certain.

This is new enough. I do understand your position about data at rest. But I believe there is a difference based upon where the classified information was encountered and how it got there. If it is on an unclassified system, and it got there via communication with an unclassified system, I fail to see the soldier's violation. When the soldier's mother expressed outrage over the leak or details of the leak is the soldier supposed to report her and cease contact?

The block is one thing. The bit about leadership and climate is another.

And that´s why the system fails to protect the informations routinely. It makes sense from the rules point of view, but lacks perspective and is not practical.

It´s just trying to grab a pint of water with your hand, no matter how hard you try and how many rules you set, it´s not going to work.

What would happen if, say, a common Linux distribution integrated classified material into its base documentation (not unreasonable; encryption algorithms can be classified, for example) and then pushed that change out as a bugfix-level auto-update? Would tens of thousands of people suddenly be breaking the law?

Surely once information's been published in a national newspaper it should no longer be treated as classified.

Certainly, there must be a state for "leaked" classified documents, for which this rule simply wouldn't apply (these leaked documents could literally appear anywhere on the web in theory).

"Classified" remains classified even if leaked to remove ambiguity and possible sloppiness.

It is to avoid situations like: "this document says it needs to be handled as if it is classified but I am pretty sure it leaked last week so I will treat it as unclassified which is easier..."

The only other state is formally unclassifying them.