WASHINGTON--Politicians charged on Tuesday that peer-to-peer networks can pose a "national security threat" because they enable federal employees to share sensitive or classified documents accidentally from their computers.
At a hearing on the topic, Government Reform Committee Chairman Henry Waxman (D-Calif.) said, without offering details, that he is considering new laws aimed at addressing the problem. He said he was troubled by the possibility that foreign governments, terrorists or organized crime could gain access to documents that reveal national secrets.
Also at the hearing, Mark Gorton, the chairman of Lime Wire, which makes the peer-to-peer software LimeWire, was assailed for allegedly harming national security through offering his product.
The documents at risk of exposure supposedly include classified government military orders, confidential corporate-accounting documents, localized terrorist threat assessments, as well as personal information such as federal workers' credit card numbers, bank statements, tax returns and medical records, according to recent studies by the U.S. House of Representatives Committee on Oversight and Government Reform, the U.S. Patent and Trademark Office, and private researchers.
Evidence that sensitive information is accessible through peer-to-peer networks illustrates "the importance of strengthening the laws and rules protecting personal information held by federal agencies" and other organizations, said Rep. Tom Davis (R-Va.), the committee's ranking member, who has sponsored a bill that would impose new requirements on government agencies that discover security breaches. "We need to do this quickly."
The politicians present Tuesday generally said they believe that there are benefits to peer-to-peer technology but that it will imperil national security, intrude on personal privacy and violate copyright law, if not properly restricted. Both Waxman and Rep. Paul Hodes (D-N.H.) dubbed P2P networks ongoing national security threats.
Congressional gripes about P2P networks are hardly new, and in the past, they have reinforced concerns raised by the Motion Picture Association of America and the Recording Industry Association of America. Four years ago, the same committee held a pair of hearings that condemned pornography sharing on P2P networks and also explored leaks of sensitive information. And throughout 2004, Congress considered multiple proposals that would have restricted--or effectively banned--many popular file-swapping networks. Waxman noted that he was not seeking to ban peer-to-peer networks this time around but rather to "achieve a balance that protects sensitive government, personal and corporate information and copyright laws."
News.com Poll
To be sure, the kind of information leaks that alarmed politicians at Tuesday's hearing are most likely already against the law or federal policy. It is illegal for government employees to leak certain types of classified documents without approval, either electronically or through traditional paper means.
Mary Koelbel Engle, the associate director for advertising practices in the Federal Trade Commission's Bureau of Consumer Protection, said her agency has found in its studies of peer-to-peer network use that risks to sensitive information "stem largely from how individuals use the technology rather than being inherent in the technology itself."
If a government official is using a P2P network on a government computer and storing sensitive data in the shared folder......Then whose fault is that?
Point to point is used for SHARING. You're right, what idiots!
By the way, very simple stop to it, on the network firewall block the common ports used for point to point sharing. WOW hard thing that national security stuff!
***!?! What are classified docs doing anywhere near file sharing programs, anyway? What idiot installs such programs on computer networks that have classified documents in them? What sort of lackwitted fools do they have in their IT departments? Where are their security people?
I don't think that <a href="http://www.playme.com/">free streaming music</a> will ever bring national security to a halt. Doesn't our government have bigger fish to fry?
A few years ago, when I had some reason to know how restricted data, etc., were handled, computers containing such were not allowed onto a network at all, at least where I worked. It sounds like that's not the case anymore.
Last I heard, there are separate classified networks that don't connect to the regulare internet for processing this type of stuff. If anyone is processing classified information on a computer that is in any way contected to the net, eventually some security breach is going to happen. Why are they just targeting P2P?
I am not sure where to begin. I would write something witty about computers, however, I am now convinced that our government, who holds such hearings, have not the first clue on how any of this works. I know explaining firewalls and port blocking would go over the heads of the ones in charge of regulating technology, of which they are the least competent body of people to carry out such a task. I thought my mother's bridge club would be less competent, until I read this article of course. So I will do my best to make this as simple as possible for someone like a US Senator or a congressman. The government should not hire people that install file sharing on the same machines that they have classified information on. This would be equivalent of having someone taking home a bunch of classified documents they printed out and stuffed in a backpack with a broken zipper. Congress, would this mean that backpacks with broken zippers are a threat to national security? I honestly think it is our hiring and electing process, but I could be wrong, of course I doubt it.
Let's see... the Windows OS, Microsoft stuff in general... perhaps government employees and reps who, well- the "series of tubes", "I don't really do email", and "the google"- all those, you know...
I think efficient open distribution protocols like bittorent are the least of their problems. As they say, "Look within."
to think that people this stupid are in control of our nation. If they grew a brain cell, it would be very lonely. I can't imagine how these men do anything productive.
Oh, and I'm pretty sure no one has an interest in "government secrets". Most of them seem to involve people like John Lennon anyhow.
If the law allows an internet-capable computer to store information that could compromise national security, then the problem is Congress. Likewise, portable computers.
In fact, it used to be verboten to even let a floppy that had been in a classified computer to leave the classified info repository without being shredded.
[i]Deep in NSA headquarters, it was 4am in the Mother NOC. All was quiet as data by the petabyte slipped quietly along Teh Intawebs...
Suddenly, an operative leaps from his desk and rushes to the General's desk, sweat puring from his brow and his breath coming in short pants. He wasn't tired... he was scared.
The General tried to calm him, but the operative shoved a piece of paper under the General's nose in reply.
As the Gray-haired officer began reading the missive, his eyes began to show fear. Fear he hadn't experienced since 'Nam. Fear that grabs a fistful of intestine and yanks downwards... hard.
And on the paper, there was but a simple note, with a source header that pointed to somewhere in China:"
[b]"LOLz Im in UR Intarwebz downl04d1nG y3r tR4nzf0rm3rz m00v33!"[/b]
- sheyah - what the frig ever.
Thanks Mr. Reid, for proving that the Democrat Party can be just as drop-stupid, brain-dead, and tech-ignorant as the rest of the friggin' political spectrums' respective ruling classes.
If only Al Quaeda improperly used Limewire in 2001 and went out of their way to set it to automatically share non-music/video documents, 9/11 could have been prevented. The government can now hope to stop all terrorist attacks, since p2p programs are so popular and terrorists will install the p2p programs and accidently go through dozens of steps to create torrents to share their communications, etc. So really, p2p is the only thing stopping terrorists from planning future sophisticated attacks, since the attacks take too long to carry out and in the meantime they will just be revealed by accidental file sharing. So, Congress needs to realize that p2p networks assure national security. In fact, all CIA field ops can be halted immediately. Just monitor Limewire and search the string 'bomb america' every few weeks and you are set.
If the government has decent network engineers on staff...many overpaid ass government employees wouldn't be able to surf the web,let alone use P2P. I think the government needs to clean house internally instead of trying to place new policies in the private sector.
Before saying 'overpaid' government workers, I recommend typing into your google "GS pay scale." Now, to be a GS-5 requires a 4 year college degree. so before spouting off on crap you obviously don't know, research it! Politicians are overpaid, but the average GS pay scale (which is most of the FEDERAL employees) according to internal reviews, are 12% underpaid compared to PRIVATE SECTOR. So don't lump us all into the overpaid category, or prepare to defend yourself with your baseless arguments.
Oh, and the reason that the IT for the government can be frustrating.. check out the pay scale for them! they're only slightly better paid than normal GS-grade pay scale! Oh, and dont' go blaming everything on internal IT, you'd be veeerry surprised to know how much IT and software coding is outsourced to companies in the US (not overseas, it's illegal to outsource any Federal Government work outside of the US).
Firing a federal employee is nearly impossible. There's also a "rule" floating around that in order to understand a government buraucracy, assume it is run by it's worst enemy. The people in charge gain status by having more subordinates, so inefficient subordinates are cherished, so long as they do not draw anyone's attention.
Why not have the Government just BAN all Personal computers because just having one can compromise National Security! At the very least BAN the Internet, that's just such a huge Security risk right now. I mean Terrorists can email each other using PGP and feel quite secure that way. Much safer then using a phone. That can't happen with No INTERNET. There's so many things that would be a National Security problem with people owning Computers and the Internet. Better off just BANNING IT ALL!!! What a joke, in a long lists of Jokes, except they just arn't funny.
Keep in mind that it was a member of Congress that gave away on national tv a few years ago that we were tracking Bin Ladin through his cell phone. Where is he now? I agree, ban p2p from any sensitive or All gov't computers, jeez, how dumb are you up there? You are allowing these files, under YOUR care to get around so easily and Limewire is the bad guy? LOL Get with reality quickly Senators and reps or we'll through you bums out. Speak your minds on election day too, people. Honor the ammendments America. P.S. Gas is three bucks a gallon here and it's putting people out of business. Can you fix that? Or fix my nearly worthless health insurance and our delapidated rural school system? Iraq????
Government employes allowed to install programs..?!?!
Simple solution would be to block all government employes from installing software on their computers without the systems administrator's permission (which I seriously doubt they are allowed to do in the first place). In other words some moron is trying to use 911 as an excuse to limit piracy online.
that horrific and sad day has been used way too many times to justify retarded, stupid, ignorant, dictatorial, and any other kind of absurd actions, laws, etc. by way to many people.
they need to stop exploiting such national tragedy.
Rign now I can't even run scan disk on my own computer because I don't have permissions. Installing a P2P network on my computer would require an act of congress. Obviously that's not going to happen. :)
The put pretty strict policies in affect not only on the machine but through the firewalls too. One of the problems is some of the old legacy programs that the government uses require admin rights in order to use them. This creates a bunch of people who have admin rights to their machine who know next to nothing about computers.
I am a retired Federal employee. The agency I worked for banned P2P years ago. After our office installed Win XP, individual users could no longer install any software, not even screensavers. IT staff could only install authorized software. Our office used detection and logging programs to keep track of what is happening on each PC. I don't know what is wrong with other agencies. Congress should force all agencies to do the same.
Neither Congress, nor CNET tried to link P2P with 9-11. You just did that all by yourself.
Waxman has been Subpoena-ing the sh*t out of the Bush Administration for Lying about the evidence to go to War.
None of the data breaches discussed in the hearing took place on government agencies' enterprise networks. Waxman discussed legislation to do exactly what you just proposed, except extend it to PRIVATE contractors and vendors who handle government data.
Do you really agree with CNET that everyone should just ignore this problem and hope it goes away?
>> "...it will imperil national security, intrude on personal privacy and violate copyright law, if not properly restricted".
This is nothing more than a ridiculous excuse for the power-mad (who have, quite frankly, illegally seized-control within the United States) to further tighten the screws... and, even further, bury any shred of lingering freedom.
This is about, effectively, criminalizing "unregulated" and un-controlled Internet-use. In fact, this is actually about extending absolute Government, and special-interest, CONTROL over virtually ANY private-technology.
Anyone who has actually been following such legislative-actions... so-called, "private" computer-security initiatives, such as, "Trusted Computing"... and the endless scare-tactics used by "our" Government ("The War on drugs", "The War on crime", and now, "The War on Terrorism"), to cow the citizens into giving up their most basic-rights... has known that this was coming, for years.
It is so, painfully, obvious what... and, WHO, is actually behind this... Which is why I cannot believe that ANYONE could actually still fall for these, perennial "...security", "safety", and "...terrorism", lines of COMPLETE-BS, anymore.
But, then, what do you expect in a country that compliantly-abandoned its freedom, and no longer has any semblance of a legitimate government (the Federal-Government lost ALL claims to legitimacy when they effectively, permanently suspended the U.S. Constitution, Habeas Corpus, the Rule-Of-Law, began illegally spying on Americans, ...and, especially, when the "Executive-Branch", flat-out, declared itself above the "...will of the people", and utterly beyond the reach of ANY LAW... what-so-ever... in ANY matter that it arbitrarily chooses.
Oh, but... We are at "WAR"...
Oh, and, "enemies" are just everywhere...
And, we just have to do whatever "the Government" ORDERS us to do... Dont we..?
They obviously know very little about IT Security when they attack the software vendors and not thier own IT managers for allowing the software to be installed! They can shut down limewire tomorrow and they will be replaced by 10 new P2P or Torrent packages to replace it! This current administration loves to jump on the "buzz word" band wagon. This is really just some Record or Movie CO lobbyist who now want to blame the continuing slide in Media CO revenues to some SW package ..... IDIOTS!
They need to talk to S JOBS and EMI and just maybe they have a model that actually may work!
Nobody suggested shutting down P2P software completely. Sure, if P2P vendors knowingly facilitate illegal activities then they are likely to be regulated... but that is not the issue at hand. If you think that P2P software on a government computer is NOT a risk, I would suggest that you may be the actual idiot. This has nothing to do with buzz words, and is not at the whim of hollywood CEOs, as you suggest. You need to stop and think... It absolutely IS the government's job to protect secret data. And it absolutely IS a risk to have insecure software and networks used to move/store that data. If P2P is not 100% secure, then it is a risk. A national risk. Plain and simple. And if they pass a law stating that any entity dealing with top-secret government data must not use P2P, then it is a logical outcome. Don't be so angry and quick to attack...
Once again technology is taking the lame for a managment problem. They don't want to deal with, fire, or hurt the poor wittle feelings of their precious employees to say "No No little Billy, you can't share your MP3s from your work computer... DO IT AGAIN AND I'LL FIRE YOUR ARSE!"
I sickens me that either: a. The government feels we are too incompentant to manage employees who abuse their workplace, have no work ethics, etc. OR b. Thinks we are stupid enough to believe this is a technology problem. Why not just take the computers away. That's the true source of the risk anyway. All it takes is an employee browsing the wrong web site on an unpatched browser and say bye-bye to anything private on your computer. Now where is P2P in that picture?
Any rep or senator from my state that speaks for or votes for any such legislation is definintly NOT getting my vote.
I wonder who's contributing to Waxman's coffers...
More to the point...who can we fund to oppose him?
Seems like it would be more to the point to fund his opposition. I strongly suspect that will get his undivided attention. The boy needs rest and recuperation...outside of elected office!
... had this amusing little "feature" that if you exported a directory with default flags, it was world read- and writable. Maybe such defaults made sense when it was developed in a closed environment back then... and those default were left in.
In my country (The Netherlands), government and army officials leave behind USB sticks with confidential information in taxi's. A prosecutor even put his Windows computer, riddled with viruses and kiddy-porn outside on the sidewalk to be collected as garbage because he thought the thing was broken. These are much more efficient ways to leak information....
At our college no faculty or staff member can install software on their computers. All software is either pushed down or manually installed by IT. Guess what? There is no P2P running on on our business network. Student network is a whole issue in its self.
If a computer contains sensitive information, the computer should NOT have peer-to-peer software installed. So, why are government employees installing such software on their work systems?
I think any system containing such sensitive information should not even be connected to the Internet.
So why is that the peer-to-peer software maker's problem?
You can't blame P2P as much as the network administrators. If a computer has sensitive information on it, it should be locked down so that only approved software can be installed on it. The problem I have seen in many places is that too many so called Admins have no clue about network security. If a laptop is used for company business, then it needs to be locked down so that no unapproved software can be installed on it.
If you want to really tighten security on the network then use Linux or buy a Mac.
The internet is just as much a risk as any information can be made "accidentally" available. So can Laptops too, so we should regulate those as well. Oh, so can notepads, so we need regulation on paper products too... Tired Yet?
As someone who has worked in govenment facilities, I can attest to the fact that DoD standards require sensitive information to be held in separate, isolated environments. That anyone with access to such data would be so careless as to have it unsecured, making Congress feel the need for this proposed law, is quite frightening.
This is beside that point that has been brought up by so many previous forum members, that end users should not, under any circumstances, have the access permissions to install this software. In any environment where that is the case, IT Management and any Data Security structure that may be in place are solely to blame.
I've been there myself... as a government employee, and working directly for a major government contractor. The law may indeed be necessary, however. I agree with many folks here that the government should secure their own networks and not allow any risky software to be implemented. HOWEVER... Government contractors need to follow similar rules, or the effort is for not. Those rules, imposed by the federal governemnt upon private companies, amount to laws.
Nowhere in the article did I see anybody mention that P2P should be illegal... so most of these angry posts are just people flying off the handle... quite ridiculous, really. Information MUST be protected for the security of our country, and laws can, and do, help.
Seems to me that a law stating security protocols for any network connected computer or device that handles classified material in any context would be very reasonable and would accomplish the intended goal.
Passing laws to regulate P2P doesn't have to mean that those laws are going to infringe on our rights as citizens... too many people here are angry activists.. but... they really do help fund CNet with all their furious and ignorant posts... more comments = more pages = more advertising.
P2P is dangerous the way that cars are dangerous. If used improperly, disastrous results are possible - drivers could kill using cars, idiot employees could share national/company secrets. If you don't know how to use it, you have no business using it. How about talking to the IT department and locking down the computer? Duh. This is a scapegoat argument by these representatives, some of whom are Republicans. This from the party who trumpets personal accountability and responsibility for your actions. I am a Republican, I don't particularly care for P2P, and I think these arguments against P2P are lame.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
computer and storing sensitive data in the shared folder......Then
whose fault is that?
Wow, stereotype much?
Waxman is just ******* for the MPAA and software manufacturers. It's absurdly transparent. Vote the rotten bum out.
You're right, what idiots!
By the way, very simple stop to it, on the network firewall block the common ports used for point to point sharing. WOW hard thing that national security stuff!
data, etc., were handled, computers containing such were not
allowed onto a network at all, at least where I worked. It sounds
like that's not the case anymore.
So I will do my best to make this as simple as possible for someone like a US Senator or a congressman.
The government should not hire people that install file sharing on the same machines that they have classified information on. This would be equivalent of having someone taking home a bunch of classified documents they printed out and stuffed in a backpack with a broken zipper.
Congress, would this mean that backpacks with broken zippers are a threat to national security? I honestly think it is our hiring and electing process, but I could be wrong, of course I doubt it.
I think efficient open distribution protocols like bittorent are the least of their problems. As they say, "Look within."
Typed in Ubuntu/Firefox/Colemak.
Oh, and I'm pretty sure no one has an interest in "government secrets". Most of them seem to involve people like John Lennon anyhow.
a classified computer to leave the classified info repository without
being shredded.
[i]Deep in NSA headquarters, it was 4am in the Mother NOC. All was quiet as data by the petabyte slipped quietly along Teh Intawebs...
Suddenly, an operative leaps from his desk and rushes to the General's desk, sweat puring from his brow and his breath coming in short pants. He wasn't tired... he was scared.
The General tried to calm him, but the operative shoved a piece of paper under the General's nose in reply.
As the Gray-haired officer began reading the missive, his eyes began to show fear. Fear he hadn't experienced since 'Nam. Fear that grabs a fistful of intestine and yanks downwards... hard.
And on the paper, there was but a simple note, with a source header that pointed to somewhere in China:"
[b]"LOLz Im in UR Intarwebz downl04d1nG y3r tR4nzf0rm3rz m00v33!"[/b]
- sheyah - what the frig ever.
Thanks Mr. Reid, for proving that the Democrat Party can be just as drop-stupid, brain-dead, and tech-ignorant as the rest of the friggin' political spectrums' respective ruling classes.
Idiot.
/P
The IT guys should have only the software on the machines that these 'government employees' need and lock down the machine.
Oh, and the reason that the IT for the government can be frustrating.. check out the pay scale for them! they're only slightly better paid than normal GS-grade pay scale! Oh, and dont' go blaming everything on internal IT, you'd be veeerry surprised to know how much IT and software coding is outsourced to companies in the US (not overseas, it's illegal to outsource any Federal Government work outside of the US).
Firing a federal employee is nearly impossible. There's also a "rule" floating around that in order to understand a government buraucracy, assume it is run by it's worst enemy. The people in charge gain status by having more subordinates, so inefficient subordinates are cherished, so long as they do not draw anyone's attention.
P.S. Gas is three bucks a gallon here and it's putting people out of business. Can you fix that? Or fix my nearly worthless health insurance and our delapidated rural school system? Iraq????
still in office. No indication of increased intelligence detectable.
Yes, P2P is one way, but there are QOS tools to disallow P2P traffic.
What is next? Going after cars because they are murder weapons?
Why didn't we ban airplanes? They are a weapon of mass destruction.
installing software on their computers without the systems
administrator's permission (which I seriously doubt they are
allowed to do in the first place). In other words some moron is
trying to use 911 as an excuse to limit piracy online.
they need to stop exploiting such national tragedy.
Waxman has been Subpoena-ing the sh*t out of the Bush Administration for Lying about the evidence to go to War.
None of the data breaches discussed in the hearing took place on government agencies' enterprise networks. Waxman discussed legislation to do exactly what you just proposed, except extend it to PRIVATE contractors and vendors who handle government data.
Do you really agree with CNET that everyone should just ignore this problem and hope it goes away?
This is nothing more than a ridiculous excuse for the power-mad (who have, quite frankly, illegally seized-control within the United States) to further tighten the screws... and, even further, bury any shred of lingering freedom.
This is about, effectively, criminalizing "unregulated" and un-controlled Internet-use. In fact, this is actually about extending absolute Government, and special-interest, CONTROL over virtually ANY private-technology.
Anyone who has actually been following such legislative-actions... so-called, "private" computer-security initiatives, such as, "Trusted Computing"... and the endless scare-tactics used by "our" Government ("The War on drugs", "The War on crime", and now, "The War on Terrorism"), to cow the citizens into giving up their most basic-rights... has known that this was coming, for years.
It is so, painfully, obvious what... and, WHO, is actually behind this... Which is why I cannot believe that ANYONE could actually still fall for these, perennial "...security", "safety", and "...terrorism", lines of COMPLETE-BS, anymore.
But, then, what do you expect in a country that compliantly-abandoned its freedom, and no longer has any semblance of a legitimate government (the Federal-Government lost ALL claims to legitimacy when they effectively, permanently suspended the U.S. Constitution, Habeas Corpus, the Rule-Of-Law, began illegally spying on Americans, ...and, especially, when the "Executive-Branch", flat-out, declared itself above the "...will of the people", and utterly beyond the reach of ANY LAW... what-so-ever... in ANY matter that it arbitrarily chooses.
Oh, but... We are at "WAR"...
Oh, and, "enemies" are just everywhere...
And, we just have to do whatever "the Government" ORDERS us to do... Dont we..?
Well...
Welcome to ABSOLUTE TYRANNY...
I'm sorry to say I see my government (I'm dutch) taking the same route...
They need to talk to S JOBS and EMI and just maybe they have a model that actually may work!
I sickens me that either:
a. The government feels we are too incompentant to manage employees who abuse their workplace, have no work ethics, etc.
OR
b. Thinks we are stupid enough to believe this is a technology problem. Why not just take the computers away. That's the true source of the risk anyway. All it takes is an employee browsing the wrong web site on an unpatched browser and say bye-bye to anything private on your computer. Now where is P2P in that picture?
Any rep or senator from my state that speaks for or votes for any such legislation is definintly NOT getting my vote.
I wonder who's contributing to Waxman's coffers...
Hollywood. MPAA.
Did they ban NFS because of it?
/P
I think any system containing such sensitive information should not even be connected to the Internet.
So why is that the peer-to-peer software maker's problem?
If you want to really tighten security on the network then use Linux or buy a Mac.
Both parties are nothing more than greed and graft.
This is beside that point that has been brought up by so many previous forum members, that end users should not, under any circumstances, have the access permissions to install this software. In any environment where that is the case, IT Management and any Data Security structure that may be in place are solely to blame.
Nowhere in the article did I see anybody mention that P2P should be illegal... so most of these angry posts are just people flying off the handle... quite ridiculous, really. Information MUST be protected for the security of our country, and laws can, and do, help.
Seems to me that a law stating security protocols for any network connected computer or device that handles classified material in any context would be very reasonable and would accomplish the intended goal.
Passing laws to regulate P2P doesn't have to mean that those laws are going to infringe on our rights as citizens... too many people here are angry activists.. but... they really do help fund CNet with all their furious and ignorant posts... more comments = more pages = more advertising.