Doug Brown and Todd Spangler, ZDNet
DOD spokeswoman Susan Hanson confirmed there have been discussions within the DOD about the future use of mobile code. She would not confirm that the department is talking about banning mobile code, but a high-level government source said it is common knowledge that the department's deputy chief information officer, Marvin Langston, is considering eliminating the use of the code within department Web pages.
Langston was traveling and unavailable for comment.
The security threat posed by the codes has been discussed within both the DOD and the Department of Justice since early this year. Many are concerned that the codes can carry malicious programs that surreptitiously launch from a user's browser.
"I think it's wise to be worried about mobile code security issues," said Edward Felten, director of the Secure Internet Programming Lab at Princeton University. "Right now, there is no mobile code [safe] enough for high-security uses."
But without the popular code, Web sites become largely passive and unable to deliver the most basic interactivity. Dave Plummer, a vice president for Internet and Java at the GartnerGroup consulting firm, noted that without any mobile code capabilities, DOD Web sites would become much more static than standard corporate Web sites.
"Your sites will end up being less competitive overnight," Plummer said, adding that a complete ban on all mobile script capabilities could lead to a Web presence that does not permit online chats or the filling out and sending of online forms.
According to a high-level DOD official, the department has more than 2,500 primary Web sites, including one for the U.S. Army and another for the Defense Contract Audit Agency, and hundreds of servers to host the Web sites. It hosts the largest network of Web pages in the federal government.
In April alone, according to statistics, the DOD's primary Web sites were accessed 5.4 million times by 422,000 unique visitors, who received 365,000 megabytes of data.
Security has long been a headache for the DOD as it has inched its way into the online world. The department houses and protects extremely classified and potentially volatile information on its computer networks. Keeping hackers away from classified information has been a prominent concern within the department.
Many companies, he said, do have policies of some sort toward mobile code. Some companies, for example, will order employees not to open e-mail attachments.
News of Langston's proposal caused immediate ire on an internal DOD listserv. One poster called the idea a perfect case of "throwing out the baby with the bathwater." Another asked: "So now we're not going to use the Web?"