Congress: P2P networks harm national security

(continued from previous page)

Some politicians nonetheless lashed out at the sole representative from a peer-to-peer software company at Tuesday's hearing: Lime Wire's Gorton, who is also CEO of parent company Lime Group.

The most scathing criticism came from Rep. Jim Cooper (D-Tenn.), who launched into a lengthy monologue in which he deemed Gorton "one of the most naive chairmen and CEOs I've ever run across," and accused his company of making the "skeleton keys" that grant access to material harmful to U.S. national security.

"I'd feel more than a shade of guilt at this point, having made the laptop a dangerous weapon against the security of the United States," Cooper said. "Mr. Gorton, you seem to lack imagination about how your product can be deliberately misused by evildoers against this country." (Cooper also, at one point, claimed that Gorton's own home computer was probably leaking sensitive documents.)

Rep. Darrell Issa (R-Calif.) warned Gorton that Lime Wire's practices may open the company up to serious legal liability.

"Would it surprise you if you have a string of lawsuits for inherent defect in your product if people like Charlie Mueller of Missouri finds out he's lost his IRS filings and feels he's been damaged?" Issa asked.

Gorton repeatedly defended his company's practices and said he wasn't aware of the extent to which national security information was being accessed through his network.

Lime Wire strives to make its product easier to understand and is working on a new version even more tailored to the "neophyte" user, Gorton said. The software incorporates a number of warnings intended to stave off inadvertent file sharing, he added. For instance, pop-up messages appear when users attempt to share folders, such as the all-encompassing "My Documents" folder and the root directory, which are considered likely to contain sensitive information.

"A lot of the information that gets out there now is because people accidentally share directories that they wouldn't mean to share clearly," Gorton said. "Those warnings are not enough, at least in a handful of cases."

That assertion drew sharp disagreement from Thomas Sydnor, an attorney-advisor in the Patent Office's copyright group. He said peer-to-peer users are being tricked into sharing files they don't intend to make public and claimed that LimeWire's warnings to that effect don't always appear as they should.

In research for a report released in March, the Patent Office found it "stunning to see features that are incredibly easy to misuse," Sydnor said. "You can go to an interface in these programs that looks like you're doing nothing except choosing a place to store files, and you end up sharing recursively all the folders on your computer. It's very easy to make a catastrophic mistake."

Earlier this year, the Department of Transportation experienced an incident in which an employee's daughter installed LimeWire on the home computer that her mother occasionally uses for telework--and misconfigured it in such a way that documents from the department and the National Archives were open to others using the network--including a Fox News reporter. Forensic analysis determined that some of those documents were already publicly accessible and that none of the DOT documents contained sensitive personally identifiable information about anyone other than the employee herself.

The agency's chief information officer, Daniel Mintz, told the committee that his agency already has sufficient authority to combat "inadvertent" file sharing and that it already is required to take such activity into account in its annual information security reports to Congress.

The key to preventing additional incidents like that one, Mintz told the politicians, is for his agency to step up oversight and "to make sure we're really pushing the policy," which requires written authorization for installation of P2P programs on government machines. That also means beefing up training for its employees and making sure that they're aware of what the limits are, he added.

General Wesley Clark, who now serves on the board of a small company called Tiversa that makes applications designed to monitor peer-to-peer file-sharing activity, called for "some pretty hard-nosed policies by business and government contractors that prevent people from doing government work on computers that have anything to do with the peer-to-peer networks."

"Even when people...are sophisticated with computers, they can still make a mistake, and all that material can be gone in an instant," the former Democratic presidential candidate told the committee.

CNET News.com's Declan McCullagh contributed to this report.

[gsmiller88]

Americans in general harm national security...

If a government official is using a P2P network on a government
computer and storing sensitive data in the shared folder......Then
whose fault is that?

[killav]

no kidding

sounds like they need to unplug those guys and leave us alone

[SeizeCTRL]

Ummm

The title of your topic suggests that it's the fault of every single person living in that nation.

Wow, stereotype much?

[cybervigilante]

Waxman Kissing MPAA Butt

Every time a politician wants to screw the people, now, he starts to cry "terr'ists" Well, they are the terrorists, out to destroy our freedom.

Waxman is just ******* for the MPAA and software manufacturers. It's absurdly transparent. Vote the rotten bum out.

[jabberwolf]

They missed the reason for having p2p

Point to point is used for SHARING.
You're right, what idiots!

By the way, very simple stop to it, on the network firewall block the common ports used for point to point sharing. WOW hard thing that national security stuff!

[Phillep_H]

Unbelievable

***!?! What are classified docs doing anywhere near file sharing programs, anyway? What idiot installs such programs on computer networks that have classified documents in them? What sort of lackwitted fools do they have in their IT departments? Where are their security people?

[millermax10]

I don't think that <a href="http://www.playme.com/">free streaming music</a> will ever bring national security to a halt. Doesn't our government have bigger fish to fry?

[billmosby]

National Security?

A few years ago, when I had some reason to know how restricted
data, etc., were handled, computers containing such were not
allowed onto a network at all, at least where I worked. It sounds
like that's not the case anymore.

[Ushiikun]

Secure Nets?

Last I heard, there are separate classified networks that don't connect to the regulare internet for processing this type of stuff. If anyone is processing classified information on a computer that is in any way contected to the net, eventually some security breach is going to happen. Why are they just targeting P2P?

[wewereright1054]

broken zippers

I am not sure where to begin. I would write something witty about computers, however, I am now convinced that our government, who holds such hearings, have not the first clue on how any of this works. I know explaining firewalls and port blocking would go over the heads of the ones in charge of regulating technology, of which they are the least competent body of people to carry out such a task. I thought my mother's bridge club would be less competent, until I read this article of course.
So I will do my best to make this as simple as possible for someone like a US Senator or a congressman.
The government should not hire people that install file sharing on the same machines that they have classified information on. This would be equivalent of having someone taking home a bunch of classified documents they printed out and stuffed in a backpack with a broken zipper.
Congress, would this mean that backpacks with broken zippers are a threat to national security? I honestly think it is our hiring and electing process, but I could be wrong, of course I doubt it.

[Dale Sundstrom]

Idiots

These knee jerks might just as well say that COMMUNICATIONS TECHNOLOGIES are a threat to national security.

[ethana2]

Or maybe...

Let's see... the Windows OS, Microsoft stuff in general... perhaps government employees and reps who, well- the "series of tubes", "I don't really do email", and "the google"- all those, you know...

I think efficient open distribution protocols like bittorent are the least of their problems. As they say, "Look within."

Typed in Ubuntu/Firefox/Colemak.

[limefan913]

Its frightening...

to think that people this stupid are in control of our nation. If they grew a brain cell, it would be very lonely. I can't imagine how these men do anything productive.

Oh, and I'm pretty sure no one has an interest in "government secrets". Most of them seem to involve people like John Lennon anyhow.

[dvthex]

security+internet=oxymoron

If the law allows an internet-capable computer to store information that could compromise national security, then the problem is Congress. Likewise, portable computers.

[billmosby]

You ain't kiddin

In fact, it used to be verboten to even let a floppy that had been in
a classified computer to leave the classified info repository without
being shredded.

[Penguinisto]

WTF? This is worse than the "tubes" debacle!

I can see it now...

[i]Deep in NSA headquarters, it was 4am in the Mother NOC. All was quiet as data by the petabyte slipped quietly along Teh Intawebs...

Suddenly, an operative leaps from his desk and rushes to the General's desk, sweat puring from his brow and his breath coming in short pants. He wasn't tired... he was scared.

The General tried to calm him, but the operative shoved a piece of paper under the General's nose in reply.

As the Gray-haired officer began reading the missive, his eyes began to show fear. Fear he hadn't experienced since 'Nam. Fear that grabs a fistful of intestine and yanks downwards... hard.

And on the paper, there was but a simple note, with a source header that pointed to somewhere in China:"

[b]"LOLz Im in UR Intarwebz downl04d1nG y3r tR4nzf0rm3rz m00v33!"[/b]


- sheyah - what the frig ever.

Thanks Mr. Reid, for proving that the Democrat Party can be just as drop-stupid, brain-dead, and tech-ignorant as the rest of the friggin' political spectrums' respective ruling classes.

Idiot.

/P

[inachu]

if you use p2p software

If you use P2P software at work and you are a govt employee or contrator then you should get fired if the software is being used at the job site.

[TxTom]

OR...

If you're using P2P software on a government owned computer that you're authorized to take home also, you should be fired.

The IT guys should have only the software on the machines that these 'government employees' need and lock down the machine.

[marccooper]

What If Al Quaeda Accidently Shared Attack Plans?

If only Al Quaeda improperly used Limewire in 2001 and went out of their way to set it to automatically share non-music/video documents, 9/11 could have been prevented. The government can now hope to stop all terrorist attacks, since p2p programs are so popular and terrorists will install the p2p programs and accidently go through dozens of steps to create torrents to share their communications, etc. So really, p2p is the only thing stopping terrorists from planning future sophisticated attacks, since the attacks take too long to carry out and in the meantime they will just be revealed by accidental file sharing. So, Congress needs to realize that p2p networks assure national security. In fact, all CIA field ops can be halted immediately. Just monitor Limewire and search the string 'bomb america' every few weeks and you are set.

[LuvThatCO2]

Good idea!

And while they're at it, the CIA can seed the p2p networks with false documents... that'd screw up the terrorists!

[vibezelect1]

WTF!!!!!!!!!!!!!!!!!!!!!!!!

If the government has decent network engineers on staff...many overpaid ass government employees wouldn't be able to surf the web,let alone use P2P. I think the government needs to clean house internally instead of trying to place new policies in the private sector.

[dondarko]

but it's easier to blame someone else

;)

[crazynexus]

overpaid?

Before saying 'overpaid' government workers, I recommend typing into your google "GS pay scale." Now, to be a GS-5 requires a 4 year college degree. so before spouting off on crap you obviously don't know, research it! Politicians are overpaid, but the average GS pay scale (which is most of the FEDERAL employees) according to internal reviews, are 12% underpaid compared to PRIVATE SECTOR. So don't lump us all into the overpaid category, or prepare to defend yourself with your baseless arguments.

Oh, and the reason that the IT for the government can be frustrating.. check out the pay scale for them! they're only slightly better paid than normal GS-grade pay scale! Oh, and dont' go blaming everything on internal IT, you'd be veeerry surprised to know how much IT and software coding is outsourced to companies in the US (not overseas, it's illegal to outsource any Federal Government work outside of the US).

[Phillep_H]

Easy

"Unions" and "Civil Service"

Firing a federal employee is nearly impossible. There's also a "rule" floating around that in order to understand a government buraucracy, assume it is run by it's worst enemy. The people in charge gain status by having more subordinates, so inefficient subordinates are cherished, so long as they do not draw anyone's attention.

[JBDragon]

Idiots

Why not have the Government just BAN all Personal computers because just having one can compromise National Security! At the very least BAN the Internet, that's just such a huge Security risk right now. I mean Terrorists can email each other using PGP and feel quite secure that way. Much safer then using a phone. That can't happen with No INTERNET. There's so many things that would be a National Security problem with people owning Computers and the Internet. Better off just BANNING IT ALL!!! What a joke, in a long lists of Jokes, except they just arn't funny.

[mustangjjz109]

My Congress?

Keep in mind that it was a member of Congress that gave away on national tv a few years ago that we were tracking Bin Ladin through his cell phone. Where is he now? I agree, ban p2p from any sensitive or All gov't computers, jeez, how dumb are you up there? You are allowing these files, under YOUR care to get around so easily and Limewire is the bad guy? LOL Get with reality quickly Senators and reps or we'll through you bums out. Speak your minds on election day too, people. Honor the ammendments America.
P.S. Gas is three bucks a gallon here and it's putting people out of business. Can you fix that? Or fix my nearly worthless health insurance and our delapidated rural school system? Iraq????

[Luvaduc]

Big mouth senator

In answer to your "where is he now?", Senator-for-life Hatch is
still in office. No indication of increased intelligence detectable.

[The_Decider]

Missing the point

There are a million ways to leak sensitive data.

Yes, P2P is one way, but there are QOS tools to disallow P2P traffic.

What is next? Going after cars because they are murder weapons?

Why didn't we ban airplanes? They are a weapon of mass destruction.

[imacpwr]

Government employes allowed to install programs..?!?!

Simple solution would be to block all government employes from
installing software on their computers without the systems
administrator's permission (which I seriously doubt they are
allowed to do in the first place). In other words some moron is
trying to use 911 as an excuse to limit piracy online.

[dondarko]

unfortunately

that horrific and sad day has been used way too many times to justify retarded, stupid, ignorant, dictatorial, and any other kind of absurd actions, laws, etc. by way to many people.

they need to stop exploiting such national tragedy.

[Renegade Knight]

True Enough

Rign now I can't even run scan disk on my own computer because I don't have permissions. Installing a P2P network on my computer would require an act of congress. Obviously that's not going to happen. :)

[Ushiikun]

Your RIght, BUT...

The put pretty strict policies in affect not only on the machine but through the firewalls too. One of the problems is some of the old legacy programs that the government uses require admin rights in order to use them. This creates a bunch of people who have admin rights to their machine who know next to nothing about computers.

[budeverett]

no installations allowed

I am a retired Federal employee. The agency I worked for banned P2P years ago. After our office installed Win XP, individual users could no longer install any software, not even screensavers. IT staff could only install authorized software. Our office used detection and logging programs to keep track of what is happening on each PC. I don't know what is wrong with other agencies. Congress should force all agencies to do the same.

[Informed Citizen]

You brought up 9-11

Neither Congress, nor CNET tried to link P2P with 9-11. You just did that all by yourself.

Waxman has been Subpoena-ing the sh*t out of the Bush Administration for Lying about the evidence to go to War.

None of the data breaches discussed in the hearing took place on government agencies' enterprise networks. Waxman discussed legislation to do exactly what you just proposed, except extend it to PRIVATE contractors and vendors who handle government data.

Do you really agree with CNET that everyone should just ignore this problem and hope it goes away?

[Had_to_be_said]

Only a MORON thinks this is about "security"...

>> "...it will imperil national security, intrude on personal privacy and violate copyright law, if not properly restricted".


This is nothing more than a ridiculous excuse for the power-mad (who have, quite frankly, illegally seized-control within the United States) to further tighten the screws... and, even further, bury any shred of lingering freedom.

This is about, effectively, criminalizing "unregulated" and un-controlled Internet-use. In fact, this is actually about extending absolute Government, and special-interest, CONTROL over virtually ANY private-technology.

Anyone who has actually been following such legislative-actions... so-called, "private" computer-security initiatives, such as, "Trusted Computing"... and the endless scare-tactics used by "our" Government ("The War on drugs", "The War on crime", and now, "The War on Terrorism"), to cow the citizens into giving up their most basic-rights... has known that this was coming, for years.

It is so, painfully, obvious what... and, WHO, is actually behind this... Which is why I cannot believe that ANYONE could actually still fall for these, perennial "...security", "safety", and "...terrorism", lines of COMPLETE-BS, anymore.

But, then, what do you expect in a country that compliantly-abandoned its freedom, and no longer has any semblance of a legitimate government (the Federal-Government lost ALL claims to legitimacy when they effectively, permanently suspended the U.S. Constitution, Habeas Corpus, the Rule-Of-Law, began illegally spying on Americans, ...and, especially, when the "Executive-Branch", flat-out, declared itself above the "...will of the people", and utterly beyond the reach of ANY LAW... what-so-ever... in ANY matter that it arbitrarily chooses.

Oh, but... We are at "WAR"...

Oh, and, "enemies" are just everywhere...

And, we just have to do whatever "the Government" ORDERS us to do... Dont we..?

Well...

Welcome to ABSOLUTE TYRANNY...

[dondarko]

you forgot

that Chenney is not part of the executive office. at least according to him so he's excused.

[huddie klein]

You're so right!

All absolutely true. The sad thing is, that it seems there's still a large group of people who are actually fooled by this nonsense.

I'm sorry to say I see my government (I'm dutch) taking the same route...

[GrandpaN1947]

you are wrong

It's only absolute if we let it be absolute. Unfortunately, it may take more than just talk to change it.

[txlakeside]

IDIOT POLITICIANS!

They obviously know very little about IT Security when they attack the software vendors and not thier own IT managers for allowing the software to be installed! They can shut down limewire tomorrow and they will be replaced by 10 new P2P or Torrent packages to replace it! This current administration loves to jump on the "buzz word" band wagon. This is really just some Record or Movie CO lobbyist who now want to blame the continuing slide in Media CO revenues to some SW package ..... IDIOTS!

They need to talk to S JOBS and EMI and just maybe they have a model that actually may work!

[David Arbogast]

Idiot Comment

Nobody suggested shutting down P2P software completely. Sure, if P2P vendors knowingly facilitate illegal activities then they are likely to be regulated... but that is not the issue at hand. If you think that P2P software on a government computer is NOT a risk, I would suggest that you may be the actual idiot. This has nothing to do with buzz words, and is not at the whim of hollywood CEOs, as you suggest. You need to stop and think... It absolutely IS the government's job to protect secret data. And it absolutely IS a risk to have insecure software and networks used to move/store that data. If P2P is not 100% secure, then it is a risk. A national risk. Plain and simple. And if they pass a law stating that any entity dealing with top-secret government data must not use P2P, then it is a logical outcome. Don't be so angry and quick to attack...

[kojacked]

It's a management issue

Once again technology is taking the lame for a managment problem. They don't want to deal with, fire, or hurt the poor wittle feelings of their precious employees to say "No No little Billy, you can't share your MP3s from your work computer... DO IT AGAIN AND I'LL FIRE YOUR ARSE!"

I sickens me that either:
a. The government feels we are too incompentant to manage employees who abuse their workplace, have no work ethics, etc.
OR
b. Thinks we are stupid enough to believe this is a technology problem. Why not just take the computers away. That's the true source of the risk anyway. All it takes is an employee browsing the wrong web site on an unpatched browser and say bye-bye to anything private on your computer. Now where is P2P in that picture?

Any rep or senator from my state that speaks for or votes for any such legislation is definintly NOT getting my vote.

I wonder who's contributing to Waxman's coffers...

[Expat type]

More to the point...who can we fund to oppose him?

Seems like it would be more to the point to fund his opposition. I strongly suspect that will get his undivided attention. The boy needs rest and recuperation...outside of elected office!

[R. U. Sirius]

all these politicians need to be replaced

> I wonder who's contributing to Waxman's coffers...


Hollywood. MPAA.

[JadedGamer]

Some NFS implementations

... had this amusing little "feature" that if you exported a directory with default flags, it was world read- and writable. Maybe such defaults made sense when it was developed in a closed environment back then... and those default were left in.

Did they ban NFS because of it?

[Penguinisto]

!?

Umm, you may want to check the DISA STIGs... NFS is certainly not banned.

/P

[Carion]

Amatures

In my country (The Netherlands), government and army officials leave behind USB sticks with confidential information in taxi's. A prosecutor even put his Windows computer, riddled with viruses and kiddy-porn outside on the sidewalk to be collected as garbage because he thought the thing was broken. These are much more efficient ways to leak information....

[rpruett]

Where is IT?

At our college no faculty or staff member can install software on their computers. All software is either pushed down or manually installed by IT. Guess what? There is no P2P running on on our business network. Student network is a whole issue in its self.

[bluemist9999]

Practical solutions

If a computer contains sensitive information, the computer should NOT have peer-to-peer software installed. So, why are government employees installing such software on their work systems?

I think any system containing such sensitive information should not even be connected to the Internet.

So why is that the peer-to-peer software maker's problem?

[DragonSlayer69_1999]

Bad adminstration

You can't blame P2P as much as the network administrators. If a computer has sensitive information on it, it should be locked down so that only approved software can be installed on it. The problem I have seen in many places is that too many so called Admins have no clue about network security. If a laptop is used for company business, then it needs to be locked down so that no unapproved software can be installed on it.

If you want to really tighten security on the network then use Linux or buy a Mac.

[umbrae]

So can the internet...

The internet is just as much a risk as any information can be made "accidentally" available. So can Laptops too, so we should regulate those as well. Oh, so can notepads, so we need regulation on paper products too... Tired Yet?

[ordaj]

This is a Hollywood attack

MPAA and RIAA using their dollars and lobbyists to scare up an alterantive scenario that brings down P2P.

[BillCall]

Amen!

Aa they say "follow the money"!

[R. U. Sirius]

Waxman is from LA

What's in LA? Oh right, hollywood.

Both parties are nothing more than greed and graft.

[oneeyedcarmen]

Congress states the obvious

As someone who has worked in govenment facilities, I can attest to the fact that DoD standards require sensitive information to be held in separate, isolated environments. That anyone with access to such data would be so careless as to have it unsecured, making Congress feel the need for this proposed law, is quite frightening.

This is beside that point that has been brought up by so many previous forum members, that end users should not, under any circumstances, have the access permissions to install this software. In any environment where that is the case, IT Management and any Data Security structure that may be in place are solely to blame.

[David Arbogast]

Right... except...

I've been there myself... as a government employee, and working directly for a major government contractor. The law may indeed be necessary, however. I agree with many folks here that the government should secure their own networks and not allow any risky software to be implemented. HOWEVER... Government contractors need to follow similar rules, or the effort is for not. Those rules, imposed by the federal governemnt upon private companies, amount to laws.

Nowhere in the article did I see anybody mention that P2P should be illegal... so most of these angry posts are just people flying off the handle... quite ridiculous, really. Information MUST be protected for the security of our country, and laws can, and do, help.

Seems to me that a law stating security protocols for any network connected computer or device that handles classified material in any context would be very reasonable and would accomplish the intended goal.

Passing laws to regulate P2P doesn't have to mean that those laws are going to infringe on our rights as citizens... too many people here are angry activists.. but... they really do help fund CNet with all their furious and ignorant posts... more comments = more pages = more advertising.

[247mark]

Dangerous?

P2P is dangerous the way that cars are dangerous. If used improperly, disastrous results are possible - drivers could kill using cars, idiot employees could share national/company secrets. If you don't know how to use it, you have no business using it. How about talking to the IT department and locking down the computer? Duh. This is a scapegoat argument by these representatives, some of whom are Republicans. This from the party who trumpets personal accountability and responsibility for your actions. I am a Republican, I don't particularly care for P2P, and I think these arguments against P2P are lame.