DAOD 6002-2, Acceptable Use of the Internet, Defence Intranet, Computers and Other Information Technology Systems

Table of Contents

  1. Introduction
  2. Definitions
  3. Overview
  4. Types of Use
  5. Consequences
  6. Responsibilities
  7. References

1. Introduction

Date of Issue: 1999-02-12

Date of Last Modification: 2016-10-07

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Approval Authority: Assistant Deputy Minister (Information Management) (ADM(IM))

Enquiries: Director Defence Information Management Planning (DDIMP)

2. Definitions

defence intranet (intranet de la défense)

The DND and CAF internal electronic network that uses a common communication protocol to enable DND and CAF computers of all kinds to directly and transparently communicate and share services. (Defence Terminology Bank record number 43036)

electronic network (réseau électronique)

A group of computers and computer systems that can communicate with each other, including the Internet, the defence intranet or other intranet, or a public or private network. (Defence Terminology Bank record number 43056)

mobile wireless device (dispositif mobile sans fil)

A cellular telephone, smart phone, pager, personal digital assistant, cellular modem or any other mobile device with an integrated capability for utilizing wireless telecommunication services. (Defence Terminology Bank record number 47433)

3. Overview

Interpretation

3.1 In this DAOD, “information technology system” (IT system) consists of any Government of Canada (GC), DND or CAF:

  1. assembly of computer hardware, software or firmware, either stand-alone or interconnected, that is used to process or transmit data, or to control mechanical or other devices; or
  2. mobile wireless device.

Note – Additional instructions in respect of the management of mobile wireless devices are set out in DAOD 6002-3, Management of Mobile Wireless Devices.

Authorized Users

3.2 For purposes of this DAOD, authorized users are:

  1. DND employees;
  2. CAF members; and
  3. contractors and other persons who have been authorized by or on behalf of the Deputy Minister (DM) or the Chief of the Defence Staff (CDS) to use an IT system and who have agreed to comply with the terms of this DAOD.

Statement of Use

3.3 This DAOD provides instructions to authorized users on the use of IT systems.

3.4 For purposes of this DAOD, there are official, authorized, unauthorized and prohibited uses of IT systems.

3.5 Authorized users must only use IT systems for official or authorized uses.

3.6 Authorized users must not use IT systems for any unauthorized or prohibited uses. Section 5 outlines actions that may be taken in the event of such use.

Values and Ethics Codes

3.7 DND employees and CAF members are entrusted with the responsible use and care of GC, DND and CAF resources, including IT systems. DND employees and CAF members must ensure they maintain the highest ethical standards and values in all uses of the Internet, the defence intranet, computers and other IT systems. Additional instructions and guidance on values and ethics are set out in the:

  1. Values and Ethics Code for the Public Sector;
  2. Department of National Defence and Canadian Forces Code of Values and Ethics; and
  3. DAOD 7023-1, Defence Ethics Program.

Expectation of Privacy

3.8 There is only a limited expectation of privacy when using IT systems because they are subject to monitoring for the purposes of system administration, maintenance and security, and to ensure compliance with Treasury Board, DND and CAF policies, instructions, directives and standards.

IM and IT Policy Framework

3.9 This DAOD should be read in conjunction with the DND and CF IM and IT Policy Framework and other relevant ADM(IM) policies, instructions, directives, standards and guidance.

4. Types of Use

Official Use

4.1 “Official use” is any use of an IT system that is necessary to carry out duties and official functions in furtherance of DND and CAF goals and objectives, including:

  1. communicating with other authorized users, other government departments, allies and the private sector; and
  2. conducting research for DND and CAF purposes.

4.2 This DAOD does not restrict or modify the mandate or legitimate activities of any organization that uses IT systems as a means to conduct DND and CAF business and operations.

Authorized Use

4.3 “Authorized use” is any use of an IT system that, while not necessary to carry out duties and official functions in furtherance of DND and CAF goals and objectives, is permitted, including:

  1. engaging in professional development activities in accordance with DAOD 5031-0, Learning and Professional Development;
  2. communicating with family, friends and other persons, for other than official use;
  3. accessing news and other electronic network information sources, provided such access is not an unauthorized or prohibited use;
  4. conducting personal banking transactions;
  5. shopping for personal and family items;
  6. conducting any union business specifically pre-authorized in writing by a manager or supervisor (see DAOD 5008-1, Use of Departmental Premises and Equipment, and Electronic Networks, for Bargaining Agent or Union Business); and
  7. any other use that is consistent with the Treasury Board Policy on Acceptable Network and Device Use and this DAOD, and is specifically authorized in writing by a DND manager or supervisor, or a commander, commanding officer (CO) or military supervisor.

4.4 Authorized use of an IT system is subject to the following limitations:

  1. the duration and frequency must be reasonable;
  2. the performance of the IT system must not be negatively impacted;
  3. there must not be any interference with the performance of the duties and official functions of the authorized user or any other authorized user; and
  4. additional costs to the DND or the CAF must not be incurred unless approved by a DND manager or supervisor, or a commander, CO or military supervisor.

4.5 The ADM(IM), a DND manager or supervisor, or a commander, CO or military supervisor, may restrict or prohibit any otherwise-authorized use if:

  1. the use threatens the capability or integrity of an IT system; or
  2. the restriction or prohibition is necessary for operational or administrative reasons.

Unauthorized Use

4.6 “Unauthorized use” is any use of an IT system that is not an official, authorized or prohibited use, including:

  1. authorized use that is not of a reasonable duration or frequency;
  2. authorized use that interferes with the performance of the duties and official functions of an authorized user;
  3. authorized use that is restricted under paragraph 4.5;
  4. use that would result in personal profit, e.g. electronic gaming or a business venture;
  5. union business not specifically pre-authorized in writing by a manager or supervisor (see DAOD 5008-1);
  6. use contrary to any order, instruction or other DAOD issued by or on behalf of the DM or the CDS; and
  7. use that would reflect discredit upon the GC, the DND or the CAF.

Prohibited Use

4.7 “Prohibited use” is any use of an IT system that:

  1. is illegal, including being contrary to the Criminal Code, any other federal statute or regulation, or a provincial statute or regulation, including any non-criminal statute or regulation;
  2. causes or could reasonably cause harm to others;
  3. is an intentional act that jeopardizes or could reasonably jeopardize the integrity of an IT system;
  4. accesses or distributes any material whose main focus is pornography, nudity or sexual acts; or
  5. is prohibited under paragraph 4.5.

5. Consequences

Consequences of Non-Compliance

5.1 Non-compliance with this DAOD may have consequences for both the DND and the CAF as institutions, and for authorized users as individuals. Suspected non-compliance may be investigated. The nature and severity of the consequences resulting from actual non-compliance will be commensurate with the circumstances of the non-compliance. Consequences of non-compliance may include one or more of the following:

  1. the ordering of the completion of appropriate learning, training or professional development;
  2. the entering of individual observations in performance evaluations;
  3. revocation of access to IT systems, either in whole or in part;
  4. investigations which may result in charges being laid under the Criminal Code, the National Defence Act, another federal statute or regulation, or a provincial statute or regulation;
  5. civil liability;
  6. administrative or disciplinary action, or both, including termination of employment of a DND employee or release of a CAF member; and
  7. contract termination.

Note – In respect of the compliance of DND employees, see the Treasury Board Framework for the Management of Compliance for additional information.

5.2 The following table identifies the potential consequences of any unauthorized or prohibited use of an IT system by the type of authorized user: 

For ...unauthorized or prohibited use of an IT system may result in one or more of the following, depending on the circumstances:
a DND employee,
  • administrative action or disciplinary action, or both, including termination of employment; and
  • criminal charges.
a CAF member,
  • administrative action, up to and including release from the CAF;
  • disciplinary proceedings; and
  • criminal charges.
a contractor or other person authorized to use an IT system,
  • contract termination; and
  • criminal charges.

 Guidance

5.3 In the case of any unauthorized use, a DND manager or supervisor, or commander or CO, should consider, as a minimum, the following circumstances before taking any action set out in paragraph 5.1:

  1. the nature of the unauthorized use;
  2. the frequency of similar activity within their DND organization or CAF unit or other element;
  3. the impact of the unauthorized use on the morale and discipline of their DND organization or CAF unit or other element; and
  4. any impact the unauthorized use had or may have had on the operational capabilities of their DND organization or CAF unit or other element.

Additional Guidance Relating to CAF members

5.4 In the case of any unauthorized use by a CAF member, unit authorities should normally take administrative action, but disciplinary proceedings may be taken if the circumstances so warrant.

5.5 In the case of any prohibited use by a CAF member, unit authorities should normally take disciplinary proceedings, in conjunction with any necessary administrative action.

6. Responsibilities

Responsibility Table

6.1 The following table identifies the responsibilities associated with this DAOD: 

The ...is or are responsible for ...
Director General Information Management Technology and Strategic Planning
  • providing policies, instructions and guidance on the management and use of information in respect of the Internet, defence intranet and other IT systems.
Canadian Forces Provost Marshal
  • investigating allegations of unauthorized or prohibited use of IT systems.
Director Information Management Security
  • developing, implementing and maintaining a security awareness and education programme in respect of the proper use of IT systems.
ADM (Human Resources – Civilian) Service Centres
  • providing advice and guidance in relation to:
    – administrative or disciplinary matters in the case of DND
       employees; and
    – administrative matters in the case of contractors and other
       persons authorized to use IT systems.
operational authorities of DND and CAF networks
  • providing user application forms for network access, along with user agreements, that incorporate all applicable provisions in this DAOD.
DND managers and supervisors, commanders, COs and military supervisors
  • ensuring their subordinates are provided with guidance and training on the proper use of IT systems;
  • ensuring authorized users are aware of monitoring policies, instructions, directives and standards applicable to the use of IT systems;
  • ensuring authorized users are aware that there is only a limited expectation of privacy when using IT systems; and
  • enforcing compliance with this DAOD.
IT security practitioners
  • notifying the Director Information Management Security of any non-compliance with this DAOD.
authorized users
  • only using IT systems for official or authorized use.

7. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References