What expectation of privacy does a user of the DC Government email system have?
What are the current content filtering activities in the District (email and Internet)?
The District email system operates anti-spam and content filtering technologies within the centralized messaging infrastructure. Content filters are in place for security purposes, and to prevent harassing messages from occurring within the workplace.
What should an end user do if a threatening email is received from an external source?
Threatening emails should be reported immediately to management and emergency procedures followed as outlined in your agency emergency response plan. This might involve contacting Citywide Messaging, contacting your agency risk management officer and/or agency counsel, calling 911 or alerting the FBI if you think imminent danger exists (bomb threat). Follow instructions to help identify the source of the threat or to preserve evidence as needed. Also notify the District Computer Emergency Response Team (CERT) team of the incident.
What should end users do if they receive a pornographic attachment via email from an external source?
Citywide Messaging has anti-spam tools that can be customized for you, in the event that some spam messages reach your mailbox. Please report such incidents to Citywide Messaging at the following mailbox: EmailAbuse@dc.gov. In general, it is advisable for you not to open email messages and attachments from unknown or unexpected sources. Please report spam to Citywide Messaging. The process of reporting spam may require you to follow additional, specific instructions on how to forward a particular spam message.
It may be safer to delete spam messages because of the potential to introduce viruses. However, if you open an email and find that it contains sexually explicit material that is considered illegal or a federal offense (e.g. child pornography), DO NOT attempt to forward the email unless Citywide Messaging requests that you do so (for purposes of using that message to equip our spam systems from blocking further messages of that type). Immediately notify your supervisor and OCTO CERT for assistance in blocking email from the offender and cleaning up your mailbox. The District CERT will call 911 or the FBI to report the illegal incident and follow their instructions to help identify the source of the illegal material. If you believe you are the specific target of sexual harassment you should call 911 or the FBI at (202) 278-2000.
Can OCTO block certain email addresses (incoming vs. outgoing)?
Yes. If you believe that you are the target of harassing emails or unwanted advertisements after you have requested the sender to stop emailing you, you should first contact Citywide Messaging to institute a block, and then notify your supervisor and OCTO CERT.
What can end users do about pop-up messages and spamming (including pornographic pictures)?
If you believe that you are the target of harassing emails or unwanted advertisements after you have requested the sender to stop emailing you, you should first contact Citywide Messaging to institute a bloick, and then notify your supervisor and OCTO CERT.
Does one email list exist of all IT administrators to ensure they receive OCTO broadcasts and alerts?
Yes, the DCERT has a distribution list for this purpose. Please send a message to email@example.com to be added to this list.
How should threatening emails be handled?
Threatening emails should be reported immediately to management and emergency procedures followed as outlined in your Agency Emergency response plan. This might involve calling 911 or alerting the FBI (202) 278-2000. The FBI has established a special link on the Internet to report suspected terrorism at https://tips.fbi.gov. If you think imminent danger exists (bomb threat), follow law enforcement instructions to help identify the source of the threat or to preserve evidence as needed. Do not hesitate to call 911 or alert the FBI if you think danger exists (bomb threat, physical harm). Also notify your supervisor immediately of the incident and the District CERT team at CERT@DC.GOV.
You say we should send email using security and encryption. Do zip files and passwords constitute encryption?
The Citywide Messaging system has transport encryption. It is not advisable for users to install other email encryption applications, but instead, to await a Public Key Infrastructure (PKI) that is DC Government sponsored.