Congress: P2P networks harm national security

WASHINGTON--Politicians charged on Tuesday that peer-to-peer networks can pose a "national security threat" because they enable federal employees to share sensitive or classified documents accidentally from their computers.

At a hearing on the topic, Government Reform Committee Chairman Henry Waxman (D-Calif.) said, without offering details, that he is considering new laws aimed at addressing the problem. He said he was troubled by the possibility that foreign governments, terrorists or organized crime could gain access to documents that reveal national secrets.

Also at the hearing, Mark Gorton, the chairman of Lime Wire, which makes the peer-to-peer software LimeWire, was assailed for allegedly harming national security through offering his product.

The documents at risk of exposure supposedly include classified government military orders, confidential corporate-accounting documents, localized terrorist threat assessments, as well as personal information such as federal workers' credit card numbers, bank statements, tax returns and medical records, according to recent studies by the U.S. House of Representatives Committee on Oversight and Government Reform, the U.S. Patent and Trademark Office, and private researchers.

Evidence that sensitive information is accessible through peer-to-peer networks illustrates "the importance of strengthening the laws and rules protecting personal information held by federal agencies" and other organizations, said Rep. Tom Davis (R-Va.), the committee's ranking member, who has sponsored a bill that would impose new requirements on government agencies that discover security breaches. "We need to do this quickly."

The politicians present Tuesday generally said they believe that there are benefits to peer-to-peer technology but that it will imperil national security, intrude on personal privacy and violate copyright law, if not properly restricted. Both Waxman and Rep. Paul Hodes (D-N.H.) dubbed P2P networks ongoing national security threats.

Congressional gripes about P2P networks are hardly new, and in the past, they have reinforced concerns raised by the Motion Picture Association of America and the Recording Industry Association of America. Four years ago, the same committee held a pair of hearings that condemned pornography sharing on P2P networks and also explored leaks of sensitive information. And throughout 2004, Congress considered multiple proposals that would have restricted--or effectively banned--many popular file-swapping networks. Waxman noted that he was not seeking to ban peer-to-peer networks this time around but rather to "achieve a balance that protects sensitive government, personal and corporate information and copyright laws."

News.com Poll

Is Congress clueless about P2P and national security?

Yes
No

View results

To be sure, the kind of information leaks that alarmed politicians at Tuesday's hearing are most likely already against the law or federal policy. It is illegal for government employees to leak certain types of classified documents without approval, either electronically or through traditional paper means.

Mary Koelbel Engle, the associate director for advertising practices in the Federal Trade Commission's Bureau of Consumer Protection, said her agency has found in its studies of peer-to-peer network use that risks to sensitive information "stem largely from how individuals use the technology rather than being inherent in the technology itself."

[gsmiller88]

Americans in general harm national security...

If a government official is using a P2P network on a government
computer and storing sensitive data in the shared folder......Then
whose fault is that?

[killav]

no kidding

sounds like they need to unplug those guys and leave us alone

[SeizeCTRL]

Ummm

The title of your topic suggests that it's the fault of every single person living in that nation.

Wow, stereotype much?

[cybervigilante]

Waxman Kissing MPAA Butt

Every time a politician wants to screw the people, now, he starts to cry "terr'ists" Well, they are the terrorists, out to destroy our freedom.

Waxman is just ******* for the MPAA and software manufacturers. It's absurdly transparent. Vote the rotten bum out.

[jabberwolf]

They missed the reason for having p2p

Point to point is used for SHARING.
You're right, what idiots!

By the way, very simple stop to it, on the network firewall block the common ports used for point to point sharing. WOW hard thing that national security stuff!

[Phillep_H]

Unbelievable

***!?! What are classified docs doing anywhere near file sharing programs, anyway? What idiot installs such programs on computer networks that have classified documents in them? What sort of lackwitted fools do they have in their IT departments? Where are their security people?

[billmosby]

National Security?

A few years ago, when I had some reason to know how restricted
data, etc., were handled, computers containing such were not
allowed onto a network at all, at least where I worked. It sounds
like that's not the case anymore.

[Ushiikun]

Secure Nets?

Last I heard, there are separate classified networks that don't connect to the regulare internet for processing this type of stuff. If anyone is processing classified information on a computer that is in any way contected to the net, eventually some security breach is going to happen. Why are they just targeting P2P?

[wewereright1054]

broken zippers

I am not sure where to begin. I would write something witty about computers, however, I am now convinced that our government, who holds such hearings, have not the first clue on how any of this works. I know explaining firewalls and port blocking would go over the heads of the ones in charge of regulating technology, of which they are the least competent body of people to carry out such a task. I thought my mother's bridge club would be less competent, until I read this article of course.
So I will do my best to make this as simple as possible for someone like a US Senator or a congressman.
The government should not hire people that install file sharing on the same machines that they have classified information on. This would be equivalent of having someone taking home a bunch of classified documents they printed out and stuffed in a backpack with a broken zipper.
Congress, would this mean that backpacks with broken zippers are a threat to national security? I honestly think it is our hiring and electing process, but I could be wrong, of course I doubt it.

[Dale Sundstrom]

Idiots

These knee jerks might just as well say that COMMUNICATIONS TECHNOLOGIES are a threat to national security.

[ethana2]

Or maybe...

Let's see... the Windows OS, Microsoft stuff in general... perhaps government employees and reps who, well- the "series of tubes", "I don't really do email", and "the google"- all those, you know...

I think efficient open distribution protocols like bittorent are the least of their problems. As they say, "Look within."

Typed in Ubuntu/Firefox/Colemak.

[limefan913]

Its frightening...

to think that people this stupid are in control of our nation. If they grew a brain cell, it would be very lonely. I can't imagine how these men do anything productive.

Oh, and I'm pretty sure no one has an interest in "government secrets". Most of them seem to involve people like John Lennon anyhow.

[dvthex]

security+internet=oxymoron

If the law allows an internet-capable computer to store information that could compromise national security, then the problem is Congress. Likewise, portable computers.

[billmosby]

You ain't kiddin

In fact, it used to be verboten to even let a floppy that had been in
a classified computer to leave the classified info repository without
being shredded.

[Penguinisto]

WTF? This is worse than the "tubes" debacle!

I can see it now...

[i]Deep in NSA headquarters, it was 4am in the Mother NOC. All was quiet as data by the petabyte slipped quietly along Teh Intawebs...

Suddenly, an operative leaps from his desk and rushes to the General's desk, sweat puring from his brow and his breath coming in short pants. He wasn't tired... he was scared.

The General tried to calm him, but the operative shoved a piece of paper under the General's nose in reply.

As the Gray-haired officer began reading the missive, his eyes began to show fear. Fear he hadn't experienced since 'Nam. Fear that grabs a fistful of intestine and yanks downwards... hard.

And on the paper, there was but a simple note, with a source header that pointed to somewhere in China:"

[b]"LOLz Im in UR Intarwebz downl04d1nG y3r tR4nzf0rm3rz m00v33!"[/b]


- sheyah - what the frig ever.

Thanks Mr. Reid, for proving that the Democrat Party can be just as drop-stupid, brain-dead, and tech-ignorant as the rest of the friggin' political spectrums' respective ruling classes.

Idiot.

/P

[inachu]

if you use p2p software

If you use P2P software at work and you are a govt employee or contrator then you should get fired if the software is being used at the job site.

[TxTom]

OR...

If you're using P2P software on a government owned computer that you're authorized to take home also, you should be fired.

The IT guys should have only the software on the machines that these 'government employees' need and lock down the machine.

[marccooper]

What If Al Quaeda Accidently Shared Attack Plans?

If only Al Quaeda improperly used Limewire in 2001 and went out of their way to set it to automatically share non-music/video documents, 9/11 could have been prevented. The government can now hope to stop all terrorist attacks, since p2p programs are so popular and terrorists will install the p2p programs and accidently go through dozens of steps to create torrents to share their communications, etc. So really, p2p is the only thing stopping terrorists from planning future sophisticated attacks, since the attacks take too long to carry out and in the meantime they will just be revealed by accidental file sharing. So, Congress needs to realize that p2p networks assure national security. In fact, all CIA field ops can be halted immediately. Just monitor Limewire and search the string 'bomb america' every few weeks and you are set.

[LuvThatCO2]

Good idea!

And while they're at it, the CIA can seed the p2p networks with false documents... that'd screw up the terrorists!

[vibezelect1]

WTF!!!!!!!!!!!!!!!!!!!!!!!!

If the government has decent network engineers on staff...many overpaid ass government employees wouldn't be able to surf the web,let alone use P2P. I think the government needs to clean house internally instead of trying to place new policies in the private sector.

[dondarko]

but it's easier to blame someone else

;)

[crazynexus]

overpaid?

Before saying 'overpaid' government workers, I recommend typing into your google "GS pay scale." Now, to be a GS-5 requires a 4 year college degree. so before spouting off on crap you obviously don't know, research it! Politicians are overpaid, but the average GS pay scale (which is most of the FEDERAL employees) according to internal reviews, are 12% underpaid compared to PRIVATE SECTOR. So don't lump us all into the overpaid category, or prepare to defend yourself with your baseless arguments.

Oh, and the reason that the IT for the government can be frustrating.. check out the pay scale for them! they're only slightly better paid than normal GS-grade pay scale! Oh, and dont' go blaming everything on internal IT, you'd be veeerry surprised to know how much IT and software coding is outsourced to companies in the US (not overseas, it's illegal to outsource any Federal Government work outside of the US).

[Phillep_H]

Easy

"Unions" and "Civil Service"

Firing a federal employee is nearly impossible. There's also a "rule" floating around that in order to understand a government buraucracy, assume it is run by it's worst enemy. The people in charge gain status by having more subordinates, so inefficient subordinates are cherished, so long as they do not draw anyone's attention.

[JBDragon]

Idiots

Why not have the Government just BAN all Personal computers because just having one can compromise National Security! At the very least BAN the Internet, that's just such a huge Security risk right now. I mean Terrorists can email each other using PGP and feel quite secure that way. Much safer then using a phone. That can't happen with No INTERNET. There's so many things that would be a National Security problem with people owning Computers and the Internet. Better off just BANNING IT ALL!!! What a joke, in a long lists of Jokes, except they just arn't funny.

[mustangjjz109]

My Congress?

Keep in mind that it was a member of Congress that gave away on national tv a few years ago that we were tracking Bin Ladin through his cell phone. Where is he now? I agree, ban p2p from any sensitive or All gov't computers, jeez, how dumb are you up there? You are allowing these files, under YOUR care to get around so easily and Limewire is the bad guy? LOL Get with reality quickly Senators and reps or we'll through you bums out. Speak your minds on election day too, people. Honor the ammendments America.
P.S. Gas is three bucks a gallon here and it's putting people out of business. Can you fix that? Or fix my nearly worthless health insurance and our delapidated rural school system? Iraq????

[Luvaduc]

Big mouth senator

In answer to your "where is he now?", Senator-for-life Hatch is
still in office. No indication of increased intelligence detectable.

[The_Decider]

Missing the point

There are a million ways to leak sensitive data.

Yes, P2P is one way, but there are QOS tools to disallow P2P traffic.

What is next? Going after cars because they are murder weapons?

Why didn't we ban airplanes? They are a weapon of mass destruction.

[imacpwr]

Government employes allowed to install programs..?!?!

Simple solution would be to block all government employes from
installing software on their computers without the systems
administrator's permission (which I seriously doubt they are
allowed to do in the first place). In other words some moron is
trying to use 911 as an excuse to limit piracy online.

[dondarko]

unfortunately

that horrific and sad day has been used way too many times to justify retarded, stupid, ignorant, dictatorial, and any other kind of absurd actions, laws, etc. by way to many people.

they need to stop exploiting such national tragedy.

[Renegade Knight]

True Enough

Rign now I can't even run scan disk on my own computer because I don't have permissions. Installing a P2P network on my computer would require an act of congress. Obviously that's not going to happen. :)

[Ushiikun]

Your RIght, BUT...

The put pretty strict policies in affect not only on the machine but through the firewalls too. One of the problems is some of the old legacy programs that the government uses require admin rights in order to use them. This creates a bunch of people who have admin rights to their machine who know next to nothing about computers.

[budeverett]

no installations allowed

I am a retired Federal employee. The agency I worked for banned P2P years ago. After our office installed Win XP, individual users could no longer install any software, not even screensavers. IT staff could only install authorized software. Our office used detection and logging programs to keep track of what is happening on each PC. I don't know what is wrong with other agencies. Congress should force all agencies to do the same.

[Informed Citizen]

You brought up 9-11

Neither Congress, nor CNET tried to link P2P with 9-11. You just did that all by yourself.

Waxman has been Subpoena-ing the sh*t out of the Bush Administration for Lying about the evidence to go to War.

None of the data breaches discussed in the hearing took place on government agencies' enterprise networks. Waxman discussed legislation to do exactly what you just proposed, except extend it to PRIVATE contractors and vendors who handle government data.

Do you really agree with CNET that everyone should just ignore this problem and hope it goes away?

[Had_to_be_said]

Only a MORON thinks this is about "security"...

>> "...it will imperil national security, intrude on personal privacy and violate copyright law, if not properly restricted".


This is nothing more than a ridiculous excuse for the power-mad (who have, quite frankly, illegally seized-control within the United States) to further tighten the screws... and, even further, bury any shred of lingering freedom.

This is about, effectively, criminalizing "unregulated" and un-controlled Internet-use. In fact, this is actually about extending absolute Government, and special-interest, CONTROL over virtually ANY private-technology.

Anyone who has actually been following such legislative-actions... so-called, "private" computer-security initiatives, such as, "Trusted Computing"... and the endless scare-tactics used by "our" Government ("The War on drugs", "The War on crime", and now, "The War on Terrorism"), to cow the citizens into giving up their most basic-rights... has known that this was coming, for years.

It is so, painfully, obvious what... and, WHO, is actually behind this... Which is why I cannot believe that ANYONE could actually still fall for these, perennial "...security", "safety", and "...terrorism", lines of COMPLETE-BS, anymore.

But, then, what do you expect in a country that compliantly-abandoned its freedom, and no longer has any semblance of a legitimate government (the Federal-Government lost ALL claims to legitimacy when they effectively, permanently suspended the U.S. Constitution, Habeas Corpus, the Rule-Of-Law, began illegally spying on Americans, ...and, especially, when the "Executive-Branch", flat-out, declared itself above the "...will of the people", and utterly beyond the reach of ANY LAW... what-so-ever... in ANY matter that it arbitrarily chooses.

Oh, but... We are at "WAR"...

Oh, and, "enemies" are just everywhere...

And, we just have to do whatever "the Government" ORDERS us to do... Dont we..?

Well...

Welcome to ABSOLUTE TYRANNY...

[dondarko]

you forgot

that Chenney is not part of the executive office. at least according to him so he's excused.

[huddie klein]

You're so right!

All absolutely true. The sad thing is, that it seems there's still a large group of people who are actually fooled by this nonsense.

I'm sorry to say I see my government (I'm dutch) taking the same route...

[GrandpaN1947]

you are wrong

It's only absolute if we let it be absolute. Unfortunately, it may take more than just talk to change it.

[txlakeside]

IDIOT POLITICIANS!

They obviously know very little about IT Security when they attack the software vendors and not thier own IT managers for allowing the software to be installed! They can shut down limewire tomorrow and they will be replaced by 10 new P2P or Torrent packages to replace it! This current administration loves to jump on the "buzz word" band wagon. This is really just some Record or Movie CO lobbyist who now want to blame the continuing slide in Media CO revenues to some SW package ..... IDIOTS!

They need to talk to S JOBS and EMI and just maybe they have a model that actually may work!

[David Arbogast]

Idiot Comment

Nobody suggested shutting down P2P software completely. Sure, if P2P vendors knowingly facilitate illegal activities then they are likely to be regulated... but that is not the issue at hand. If you think that P2P software on a government computer is NOT a risk, I would suggest that you may be the actual idiot. This has nothing to do with buzz words, and is not at the whim of hollywood CEOs, as you suggest. You need to stop and think... It absolutely IS the government's job to protect secret data. And it absolutely IS a risk to have insecure software and networks used to move/store that data. If P2P is not 100% secure, then it is a risk. A national risk. Plain and simple. And if they pass a law stating that any entity dealing with top-secret government data must not use P2P, then it is a logical outcome. Don't be so angry and quick to attack...

[kojacked]

It's a management issue

Once again technology is taking the lame for a managment problem. They don't want to deal with, fire, or hurt the poor wittle feelings of their precious employees to say "No No little Billy, you can't share your MP3s from your work computer... DO IT AGAIN AND I'LL FIRE YOUR ARSE!"

I sickens me that either:
a. The government feels we are too incompentant to manage employees who abuse their workplace, have no work ethics, etc.
OR
b. Thinks we are stupid enough to believe this is a technology problem. Why not just take the computers away. That's the true source of the risk anyway. All it takes is an employee browsing the wrong web site on an unpatched browser and say bye-bye to anything private on your computer. Now where is P2P in that picture?

Any rep or senator from my state that speaks for or votes for any such legislation is definintly NOT getting my vote.

I wonder who's contributing to Waxman's coffers...

[Expat type]

More to the point...who can we fund to oppose him?

Seems like it would be more to the point to fund his opposition. I strongly suspect that will get his undivided attention. The boy needs rest and recuperation...outside of elected office!

[R. U. Sirius]

all these politicians need to be replaced

> I wonder who's contributing to Waxman's coffers...


Hollywood. MPAA.

[JadedGamer]

Some NFS implementations

... had this amusing little "feature" that if you exported a directory with default flags, it was world read- and writable. Maybe such defaults made sense when it was developed in a closed environment back then... and those default were left in.

Did they ban NFS because of it?

[Penguinisto]

!?

Umm, you may want to check the DISA STIGs... NFS is certainly not banned.

/P

[Carion]

Amatures

In my country (The Netherlands), government and army officials leave behind USB sticks with confidential information in taxi's. A prosecutor even put his Windows computer, riddled with viruses and kiddy-porn outside on the sidewalk to be collected as garbage because he thought the thing was broken. These are much more efficient ways to leak information....

[rpruett]

Where is IT?

At our college no faculty or staff member can install software on their computers. All software is either pushed down or manually installed by IT. Guess what? There is no P2P running on on our business network. Student network is a whole issue in its self.

[bluemist9999]

Practical solutions

If a computer contains sensitive information, the computer should NOT have peer-to-peer software installed. So, why are government employees installing such software on their work systems?

I think any system containing such sensitive information should not even be connected to the Internet.

So why is that the peer-to-peer software maker's problem?