Slashdot Mirror
Dept. Of Homeland Security Chooses Groove, P2P
Ryan Barrett writes "Groove Networks has
announced that their P2P infrastructure will power the
Homeland Security Information Network, an initiative to increase
information sharing between federal, state, and local intelligence agencies.
(The initiative doesn't give the govt. more information, it just helps agencies
better share the information they already have.) Groove
Workspace has also been certified with two govt. security standards,
FIPS 140-2
level 1 and NIAP CCITSE. In related news,
Groove's developers have been diagnosed with acronym whiplash."
It's a very interesting idea that the govt. is considering P2P technology as a way to share information...what a turnaround from their RIAA-hand-holding policy. (Sure, I'm a little biased). But more importantly, despite these security measures, I wonder how insecure our data will be. And how many more government employees will have access to it. One things for sure, they'd better make damn sure this system is safe.
Every windows user is a sadomasochist.
This will make it hard for the RIAA and MPAA to denounce p2p as evil now doesnt it?
In Soviet Russia the insensitive clod is YOU!
I think it is a good idea because this way there will not need to be one central database. If my police station needed records from California they could just search and get it. It will also prove to the government that P2P programs are good and can often serve productive uses. Will medical records be next?
Get paid to read spam
No. I've used a demo of Groove, and it provides nice real-time groupware on modest hardware/bandwidth. It could be used to do quite a bit of good work, in the hands of sophisticated users. Oh, wait...
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
If every single department shared their information with every other department, wouldn't there be information overload? I don't think bandwidth is infinite...and even if it was, the people are still human and can only process so much information at a time. If P2P is implemented on a department-by-department basis, information overload will be reduced, but some of the benefits (e.g. increased collaboration) will be negated. Ditto if P2P is implemented on even smaller scales (sub-department). If I recall correctly Groove stores all its information on client nodes, and I believe each node caches the information on other nodes. This would create another problem with respect to information overload...hard disk space, memory for database indexes etc.
Dizzam, this is risky as hell.
The Federales can't even protect thier friggin' nuclear research labs from 5cr1p7 k166195 hacking thier way in and having thier own way.
Now, all of DHS is going to open up their entire information exchange apparatus to possible cyber-attacks, spoofing and God Knows What Else by a-Q and others?
Nice.
I don't think a-Q is going to be swapping any pr0n, unless you define it as putting fuses into hot boxes of combustible materiel.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
if it gets you really hot does that mean it's OK or extra bad?
Extra bad, I would guess.
Similar to the torturers during the Spanish Inquisition who considered their own sexual arousal as they tortured naked female "witches" to be proof of the Devil's influence.
I work with the DoD often, and am saddened to see them adopting Groove. (It's not just for Homeland Security either. Since Groove has been rubber-stamped as "secure" software, many other military/intel groups are using it)
My dislike comes from two simple reasons: Groove is Windows-only, and Groove is non-free. (It's a paid product, not cheap, and the license enforcement is more effective than anything Microsoft Word has)
If it were up to me, this wouldn't even be a concern: everyone would have Linux (or Mac OS X), there'd be no NATs blocking ports, and we'd all just share files via cvs or rsync (tunneled over ssh of course).
Can anyone recommend a free competitor to Groove I can try to push on my Windows-using colleagues, before they get sucked into a proprietary protocol? I suspect the strongest advantage Groove has is it's ability to penetrate NAT (that and having been approved by Washington) "Free Software" would be prefered, but "free beer" is ok.
And the Justice Department can finally get quick access to pr0n so they can research it to help ban it
This isn't a joke. Its true.
I used to have a small webserver hosted off of my cable modem. I had a collection of "funny pictures". They were not ponrographic in nature, but there were a few words in some of the filenames that could be construted as porn in a different context.
What do I see one day? A hit from the DOJ. They were looking for porno (a specific set of keywords, I dont remember, but it was a Google Search referer).
Have you ever done one of those "logic puzzles" you see in game/wordsearch/crossword magazines. You are told a story something like this.
Bob, Mary and Jane went to the store. Each bought an item. One of them brought $.47 to spend, one brought $1.50 and one brought $.35. Bob didn't buy the popsicle. Jane didn't buy the bubble gum. Bob had less than $.50 to spend. The nachos one of them bought cost $1.29.
Then you are given a chart that has each person's name on it, along with a list of the items and a list of the amounts of money brought to the store. Then you have to figure out who bought what, and how much money they started with. You aren't given enough information to answer straight away - you have to figure it out.
Bringing all this information together (consider banking records, credit records, information gleaned through co-operative business (remember that supermarket "discount" card you signed up for?) forwarding addresses given to the post office, college records, income tax information - the list goes on) a decent computer app to display it all in a meaningful way, and a smart analyst to look at it, and they can figure out most anything about anyone.
Big Brother never had it so good!
And you say "bah - it's all public knowledge anyway. They can already find it out."
and my response is this: Before, it was work. Before this, it cost money. Before this they had to have a reason to look at someone so closely. Now you go tickety-tickety-tick on the keyboard and blammo - you see that Mr. Johnson is apparantly feeling ill from the sushi he ate last night (from his credit report) because he bought some pepto bismol and OTC tagament from the supermarket (from the supermarket's customer tracking database - gotta love that discount card). But what's this? He took $300 out of the atm at 6pm, spent fifty at the grocery store, then took out another $300 at 9pm. This automated traffic camera places him in the seedy side of town at 11pm. What was he doing over there in the middle of the night with $550 in cash? Looks like we need to pay closer attention to Mr. Johnson.
And yes - the terms and conditions papers from my bank when I opened my checking account said that "since 9/11 any large transactions (over $200) will be reported immediately to the department of homeland security".
This is why the thought of a cashless society scares me.
Now where's my typewriter and my compound in montana? I thought those things were standard to us luddite freaks...?
BTW, did you see that the Lotus Development co-founder, Mitchell Kapor (also co-founder of EFF), resigned from Groove a few days ago? Not a positive sign for Groove, IMHO.
= st _rn
http://news.com.com/2100-1012_3-991986.html?tag
Since these documents are residing on the computers of federal, state, and local intelligence agencies, wouldn't you actually want some sort of Digital Rights Management to be used?
This isn't some sort of government-sponsored MP3/mov fileserver for the public.
BTW, A Nazi sort of name would be Homelandsicherheit.
When they came for the communists, I said "He's next door. Take him away. Goddam commies."
Not to veer dangerously offtopic in a slashdot post, but I would be very happy if the P2P filesharing networks were shut down, and research focused instead on other, better uses for P2P.
Bittorrent, for one example. A distributed website distribution system, that would make sites go faster the more people reading them, for another. In this case, a distributed resource network for sharing data amongst spooks. Another would be a decentralized network file server using the famous 1-2, 2-3, 3-1 file transfer system (Ok, I forget the name and it wasn't that famous).
Except for viruses, computers aren't pro-active enough on the LAN. There is no easy way to share data, information, PDA files, or anything else without setting explicit servers and explicit clients. More research into simpler, decentralized networking systems would be very helpful.
It's not that I don't like filesharing pirated content. It's just that there are so many other uses for the technology that are being underrepresented at the table.
*Full Disclosure, I've got e-donkey running right now.
The ______ Agenda
Awhile ago my friend and I formed a band (that only lasted for a few weeks) and we called it..."The Department of Homeland Groove". I thought it was catchy.
And now it actually makes sense.
I belong to the ______ generation.
It is very unlikely that they have the ability to understand the difference between specification and implementation. This is true, even for many people in the open source community if we just remember what happened when openssl had a security hole last year we see this was also a monoculture.
Choosing monoculture means that paying less (money, time, compatibility) in the normal case is more important then limiting the damage done in the special case. While choosing many different implementations means paying more in the normal case but also having a buffer in the special case so that operation are not disrupted more then usual.
The problem is that most people tend to choose stability and monolithic solutions, especially when in doubt, above endurance or flexibility. Maybe it's in our genes but most people have no-clue at all about the fact that change is normal in the world and that the stability they think they see is just a illusion.
So they do not choose the flexible solution which would have given them 99% service 100% of the time, and would have forced the people to cope with failure. No, they will choose the stable solution which gives them 100% service 99% of the time, and a workforce which doesn't have a clue when the system fails.
Maybe we are just not wise enough to use this technology.
What I cannot create, I do not understand
You obviously have not used Groove on a real day-to-day basis. I run the IT for an company where Groove has been our main mean of information sharing for the past year. Anyone here can tell you first hand that Groove is definitely NOT hardware nor bandwidth conscious once you start feeding it with real data. Groove is a de-centralized P2P information sharing software that basically synchronizes every PC on the network with all the data for every group they subscribe. Since there's no "magic" way of transferring data, every time someone copies a 10, 20 or 50 MB file to their workspace it does it in a second, than it takes everyone's bandwidth to broadcast the same information to every other user on that group. You should try explaining to the traveling execs connecting by modem in some 33.6 KBps 4th world country, that they should not use Groove when out of the office!!! We are now looking for a centralized solution (web based) for our intranet and we'll probably keep Groove for the light weight data stuff.
A technology is purely a means for achieving any number of ends. The specific ends for which it is used are individual and not directly the responsibility nor the scope of that technology.
The specific uses it is employed for are the issue for anyone taking offence at the incursions on their business model.
That the government is using that very same technology as a means to counter terrorism will make their rhetoric much more difficult to promote. Instantly any question of "how could this technology be used excapt for illegal purposes?" has been answered and with resounding implications for the security of the nation.
Deal with the specific actions. Don't try to suppress the technology.
Perhaps its adoption by the Department of Homeland Security will, once and for all, demonstrate that there are legitimate uses for the technology.
By extension, perhaps this will also serve to undermine the RIAA and MPAA's rhetoric that they have some sort of right to monitor the private communications of citizens using this technology.
Perhaps the Department of Homeland Security has genuinely made a move which will uphold the privacy rights of its own citizens.
Maybe I'm a rose coloured glasses type of idealist or a romantic, but I'd like to think so.
I have worked for a similar entity as a contract sysadmin, and yes they actually DO review.
The initial review is done by software, then the 'suspicious' logs are sent to the network security department for human review... It doesn't catch 100%, but that doesn't mean you cant get caught..
In a smaller shop, I was doing the entire process, and reporting violations direct to HR..
It was not my favorite part of my job, but it was part of my duties. ( as well as watching application usage, for 'unapproved' apps.. )
In these times you have to do this, or open yourself up to various lawsuits.. just a sad reality now. ( actually this is what started the 'small shops' monitoring, due to some threatening emails being sent.. only took one person to screw it up for the rest of us )
---- Booth was a patriot ----