July 24, 2007 3:09 PM PDT
Congress: P2P networks harm national security
- Related Stories
Congress to legislate file swapping?September 28, 2005
Congress threatens P2P networks on pornJuly 28, 2005
FTC spotlights proposals on P2P risksDecember 7, 2004
Anti-P2P bill may slip past legislative rushNovember 18, 2004
Congress mulls new P2P porn restrictionsMarch 13, 2003
Congress targets P2P piracy on campusFebruary 26, 2003
(continued from previous page)
Some politicians nonetheless lashed out at the sole representative from a peer-to-peer software company at Tuesday's hearing: Lime Wire's Gorton, who is also CEO of parent company Lime Group.
The most scathing criticism came from Rep. Jim Cooper (D-Tenn.), who launched into a lengthy monologue in which he deemed Gorton "one of the most naive chairmen and CEOs I've ever run across," and accused his company of making the "skeleton keys" that grant access to material harmful to U.S. national security.
"I'd feel more than a shade of guilt at this point, having made the laptop a dangerous weapon against the security of the United States," Cooper said. "Mr. Gorton, you seem to lack imagination about how your product can be deliberately misused by evildoers against this country." (Cooper also, at one point, claimed that Gorton's own home computer was probably leaking sensitive documents.)
Rep. Darrell Issa (R-Calif.) warned Gorton that Lime Wire's practices may open the company up to serious legal liability.
"Would it surprise you if you have a string of lawsuits for inherent defect in your product if people like Charlie Mueller of Missouri finds out he's lost his IRS filings and feels he's been damaged?" Issa asked.
Gorton repeatedly defended his company's practices and said he wasn't aware of the extent to which national security information was being accessed through his network.
Lime Wire strives to make its product easier to understand and is working on a new version even more tailored to the "neophyte" user, Gorton said. The software incorporates a number of warnings intended to stave off inadvertent file sharing, he added. For instance, pop-up messages appear when users attempt to share folders, such as the all-encompassing "My Documents" folder and the root directory, which are considered likely to contain sensitive information.
"A lot of the information that gets out there now is because people accidentally share directories that they wouldn't mean to share clearly," Gorton said. "Those warnings are not enough, at least in a handful of cases."
That assertion drew sharp disagreement from Thomas Sydnor, an attorney-advisor in the Patent Office's copyright group. He said peer-to-peer users are being tricked into sharing files they don't intend to make public and claimed that LimeWire's warnings to that effect don't always appear as they should.
In research for a report released in March, the Patent Office found it "stunning to see features that are incredibly easy to misuse," Sydnor said. "You can go to an interface in these programs that looks like you're doing nothing except choosing a place to store files, and you end up sharing recursively all the folders on your computer. It's very easy to make a catastrophic mistake."
Earlier this year, the Department of Transportation experienced an incident in which an employee's daughter installed LimeWire on the home computer that her mother occasionally uses for telework--and misconfigured it in such a way that documents from the department and the National Archives were open to others using the network--including a Fox News reporter. Forensic analysis determined that some of those documents were already publicly accessible and that none of the DOT documents contained sensitive personally identifiable information about anyone other than the employee herself.
The agency's chief information officer, Daniel Mintz, told the committee that his agency already has sufficient authority to combat "inadvertent" file sharing and that it already is required to take such activity into account in its annual information security reports to Congress.
The key to preventing additional incidents like that one, Mintz told the politicians, is for his agency to step up oversight and "to make sure we're really pushing the policy," which requires written authorization for installation of P2P programs on government machines. That also means beefing up training for its employees and making sure that they're aware of what the limits are, he added.
General Wesley Clark, who now serves on the board of a small company called Tiversa that makes applications designed to monitor peer-to-peer file-sharing activity, called for "some pretty hard-nosed policies by business and government contractors that prevent people from doing government work on computers that have anything to do with the peer-to-peer networks."
"Even when people...are sophisticated with computers, they can still make a mistake, and all that material can be gone in an instant," the former Democratic presidential candidate told the committee.
CNET News.com's Declan McCullagh contributed to this report.
156 commentsJoin the conversation! Add your comment