Congress to probe P2P sites over 'inadvertent sharing'

The main investigative committee in the U.S. House of Representatives has reopened a probe of Lime Wire and other peer-to-peer file-sharing companies over the issue of "inadvertent sharing." The move comes nearly two months after it was alleged that Iran took advantage of a computer security breach to obtain information about President Barack Obama's helicopter.

After sensitive information regarding the president's helicopter was leaked, Congress wants to know whether P2P company Lime Wire has made good on helping stop inadvertent sharing.

(Credit: The White House)

CNET News has obtained copies of the letters written by the Committee on Oversight and Government Reform to the Department of Justice and the Federal Trade Commission asking them for help investigating the recent rash of security breaches caused when people who use P2P software accidentally share information on networks like Lime Wire or BearShare.

"These reports indicate that very significant risks continue to plague P2P file sharing networks," lawmakers wrote in an April 20 letter to FTC Chairman John Leibowitz. "Therefore, under Rules X and XI of the Rules of the U.S. House of Representatives, we are reopening our investigation of inadvertent file sharing on peer-to-peer networks, including LimeWire."

Some security experts believe the files probably were transferred through a peer-to-peer network.

The Oversight Committee also wrote a letter to Mark Gorton, chairman of the Lime Group, Lime Wire's parent company.

"On July 24, 2007, you testified before the Committee on Oversight ... in a hearing on 'Inadvertent File Sharing on Peer-to-Peer Networks,'" the committee wrote Gorton. "It appears that nearly two years after your commitment to make significant changes in the software, LimeWire and other P2P providers have not taken adequate steps to address this critical problem."

A spokeswoman for the Committee on Oversight confirmed the letters had gone out. Representatives from the Lime Group were unavailable for comment.

The committee cited some recent high-profile security breaches.

On February 28, 2009, a television station in Pittsburgh reported that the blueprints and avionics package for "Marine One," the President's helicopter, was made available on a P2P network by a defense contractor in Maryland.

On February 26, 2009, the "Today" show broadcast a segment on inadvertent P2P file sharing, reporting that Social Security numbers, more than 150,000 tax returns, 25,800 student loan applications, and nearly 626,000 credit reports were easily accessible on a P2P network.

On February 23, 2009, a Dartmouth College professor published a paper reporting that over a two-week period he was able to search a P2P network and uncover tens of thousands of medical files containing names, addresses, and Social Security numbers for patients seeking treatment for conditions such as AIDS, cancer, and mental health problems

On July 9, 2008, The Washington Post reported that an employee of an investment firm who allegedly used LimeWire to trade music or movies inadvertently exposed the names, dates of birth, and Social Security numbers of about 2,000 of the firm's clients, including Supreme Court Justice Stephen Breyer. There have been reports alleging file-sharing programs have been used for illegal purposes, such as to steal others' identities.

A copy of the letter from U.S. Congressional committee on oversight to Attorney General.

More to come

[GKrynen]

Inadvertant, as in the software scans the My Documents folder, and shares all files of certain types because the USER does not go in and change the default settings. Sounds like the software companies need to have zero file types AUTO-selected AND users need to learn how to use a tool before actually using it. I believe this is called reading and learning! GASP! There are things to learn about new software packages, we can control what it does, wow how novel.

[biffhenerson]

Guns dont kill people. People kill people. Peer to Peer file sharing software systems work great. Its the users of these systems that have no clue what they are sharing. If the software is installed on a top secret government computer to download music, it could be exposing all the goodies on that computer to the world. P2P = Good. People = Bad/Stupid.

[d3vildog69]

Word, you sprechen sie Truth

[Thranx]

Very true. Congressional idiots thinking that the content of files distributed by software are the responsibility of a company that codes the file transfer software and maintains said software... should learn a bit more before they start swinging thier commitee stick.

Are you going to blame this thing called the Internet. Are you going to bring the CEO of internet before a commitee if progress isn't made? How about Microsoft? Get Steve Balmer up there and ask him why a social security number could possibly be allowed to be entered into a text file, saved to the computer, and then maybe even copied to a thumb drive! How outlandish. Also, there's this other smaller company called Linux that I think is controled by some guy named Torvald. I hear that medical records are sometimes moved around in this Linux thing... we should nail him too.

And while you're at it, lets nail the USPS. I hear they are transfering pieces of paper containing medical records and social security numbers and even credit cards. This has to be stopped.

[JCPayne]

Didn't CNN report like a month ago that Iran had the blueprints of the presidential helicopter.

[Viv Collins]

Why is this a software issue? its not its an issue with work places having computers that normal users are allowed to install software on.

Lock down the workstations and implement a proper user security regime that does not allow plain vanilla users instal privileges.

[SergeM256]

Now they blame LimeWire for not doing enough to protect government secrets, which is ridiculous. Government, if it wants to protect its secrets, should establish proper security regiment, such as - only authorized software on government computers, secret data only on authorized computers only in authorized areas, computers not to be used for personal use and not to be taken out of security area - just some simple, common sense precautions, the same rules and procedures that existed for decades for traditional paper documents.

[inachu1]

Oh I am sure it was a Jane Doe or John Doe who brought their laptop from home and connected it to the White House network without telling anyone.

Typical replies between john doe and jane doe.... May I bring I laptop to work its security is up to date.
White House network security guru.... sure why not! We trust you.

[og_gta]

That's y r-tards shouldn't use them on either their job computer or computer with important files. In fact, doesn't LimeWire ask you where to share your files and/or choose what to share? You can always tell it where to scan and what to scan.

also, there is a way to turn off sharing if you don't want to.

maybe they should stick to torrent sites, but then again they're to stupid for that, lol.

ppl are so stupid and don't even slow down to look at what they are doing. Then later on we get reports of types like this.

People need to smarten up a bit. Go back to school and pay a lil more attention, maybe that way we can take out all the retards from this world and make for better... or for worse lol.

[unknown unknown]

I would be more concerned about the apparently lack of security in these government organizations that allows people to install and use unauthorized software.

As for people inadvertently sharing, you can not legislate against ignorance it's just to pervasive. These are the same people who get spyware and viruses because they mindlessly click yes on everything that pops up.

Limewire will show you every file you have shared and will allow you to opt not to share files in that list and has for sometime.

[njpcxprt]

Lock down the computers and don't let people install this stuff.
Don't allow thumb drives or for users to burn CDs/DVDs
Hold people responsible for the systems they leave on the train, in the hotel room or wherever these morons lose government equipment.

The government "loses" hundreds of computers every year. Maybe that's how this stuff is getting out.

[jonathan_bennion]

If this is the beginning of government-led oversight of P2P, in any scope, which country is going to have first dibs on the next P2P network for trading global proprietary or copyrighted stuff? Is there an international organization along the lines of ICAAN that could spawn international enforcement in the interest of an establishment or country, or at least define 'inadvertant sharing' to a global audience?

[BryanSD]

The user may have not wanted his documents shared via P2P, but there is nothing inadvertent in the employee loading P2P software on the same PC that houses classified/sensitive information. The negligence here is not the P2P software companies, but the user installing P2P software in the first place on the same system that has access to sensitive Federal related documents. There is also negligence on the part of the user's employer for allowing sensitive material to be placed on a system where the user had rights to install P2P software. These politicians need to be looking in their own backyard..

[fdunn3]

Good. I hope they take down all those bandwidth-sucking sites.

[Dalkorian]

Thinking is a skill that needs to be practices sometimes, else the brain atrophies. Say I post the blueprints of Marine One on a public post board outside the local grocery store. Is the grocery store at fault, or the public post board, or me? Why?

Now move this online and explain the difference, or try to. "They didn't know?" Since when is ignorance an excuse for breaking the law? "Gee officer, I didn't know it was illegal to rape a 5 year old while driving 150 MPH through a school playground. Can I go now?"

Find government computers with P2P software on it, then find who is supposed to be responsible for that machine. Persecute them with the full force of the law (leaking state secrets - is that treason?). You can't legislate against stupidity, but you can punish it!

[Kainchild]

It's weird how Limewire still hasn't been sued when every other P2P site has. This seems to be giving more validation to the rumors that Limewire is secretly working with the FBI and CIA to crack down on pirates. It also explains the rumors about why the program randomly gives computers a lot of "viruses" as well. Though, from the looks of it, they finally messed up. I guess that's what happens when our government sleeps with the enemy so to speak.

[saidin43]

on the corporate\gov side of things, it doesn't hurt to block the ports that these apps use. I am a 3rd level network tech at my job and we sometimes get alerts regarding a computer running limewire trying to access malicious ranges from somewhere in our network. We track down the user and remove the offending app from their machine. It also helps if there is a firewall policy set so that if the user isn't on the corporate network, the firewall disables certain ports, limiting usability of non approved apps when the user isn't on the desired network.