Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Decides P2P Isn't All Bad?

Posted by Zonk on from the someone-took-some-night-school-classes dept.

ethericalzen writes "An article this week at Cnet revealed that the White House doesn't necessarily hate everything about P2P. The Bush Administration apparently has called into question a law, known as the Federal Agency Data Protection Act, that would force all federal agencies to have plans guarding against the risks of P2P file sharing. In a Congressional hearing on IT security threats, the LimeWire founder was questioned about how his service warned users about the files and folders they are sharing. Karen Evans, the chief information officer for the federal government, stated that she was against singling out a particular technology when issuing computer security requirements. As it is the government already has a law which requires federal agencies to report on information security plans and risk assessments known as FISMA."

14 of 45 comments (clear)

  1. So let me get this right... by Guinness2702 · · Score: 5, Funny

    ...filesharing is the number 1 threat of leaking sensitive information. Damn, and I wasted all that money on memory sticks, FTP servers, back doors, and searching busses, taxis and trains trying to get my hands on secret data.

    --
    This space is intentionally left blank
    1. Re:So let me get this right... by Dan541 · · Score: 2, Funny

      Bittorrent is inherently more secure than lime wire,
      and a hell of ALOT more secure than idiots losing laptops.

      ~Dan

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    2. Re:So let me get this right... by iamacat · · Score: 4, Insightful

      In the context of a computer with classified information, P2P filesharing is a form of back door. Unlike Intranet server-based file sharing, the list of available files can not be centrally audited. Unlike FTP or SMB, programs like FireWire make extraordinary efforts to bypass firewalls, even potentially an HTTP-only proxy. Unlike a memory stick, computers can not be physically modified to prevent running P2P (unless you make federal employees use XBOX 360's with up-to-date firmware).

      A federal agency blocking LimeWire and BitTorrent is a lot different from Comcast blocking LimeWire and BitTorrent and it's frustrating to see Bush administration going after the wrong thing. Let security-hardened versions of P2P be tried and tested in corporate world and then perhaps it will be ready for government use. I am thinking a version of BitTorrent where clients first share an encrypted file with each other and then get the decryption key and verify checksum from an Intranet server with a known public key.

    3. Re:So let me get this right... by Shade+of+Pyrrhus · · Score: 2, Insightful

      The number 1 question here is "Why is this computer with classified information connected to the Internet, anyway?". It's VERY easy to "physically modify to prevent running P2P" by simply disconnecting the ethernet cable.

      If there is so much of an issue with P2P and such, why are the important systems not in a controlled network with no outside access? In such a case, I would assume it's easier to lose a flash drive with a bit of info, rather than someone physically break into a government controlled facility to steal the data. I understand this makes it more difficult to get data that you need in a timely fashion, but if it's meant to be so secret, then you SHOULD have to jump through hoops to get it.

  2. Not the "stance" of the Bush administration. by Anonymous Coward · · Score: 4, Informative

    This was an off-the-cuff remark made by an individual who is loosely associated with the Bush administration. It is clearly not the stance of the administration, nor of the Republican Party as a whole.

    1. Re:Not the "stance" of the Bush administration. by Guinness2702 · · Score: 2, Informative

      To be fair, you are quite correct.

      FTA: Karen Evans, the federal government's chief information officer, told a House information policy subcommittee ... "While we recognize that technologies that are improperly implemented introduce increased risk, we recommend any potential changes to the statute be technology-neutral,"

      Which kinda shoots down my earlier cynical FUD suggestion....in fact everything I've said sofar. I hang my head in shame at missing the key point of the article, and I shall go and start writing for the Daily Mail, where I belong.

      --
      This space is intentionally left blank
  3. Email by Colin+Smith · · Score: 4, Insightful

    Peer to peer... The single largest distribution network for files and other information.

    This is why government isn't always a good thing.

    --
    Deleted
    1. Re:Email by mixmatch · · Score: 4, Insightful

      As far as I know email is a server-based network. P2P got its name from the ability of clients to connect with each other directly without the use of a server. There are server-like services that assist the clients in finding each other and function as proxies for data, but often-times these also function as clients. By your definition, anything transfered on the Net is peer to peer.

  4. Conspiracy Theories by MyNameIsFred · · Score: 5, Insightful

    I wish everyone who believes in grand conspiracy theories could work in Washington DC for a couple of years. They would then realize that most conspiracies are a load of bull. The vast majority of the government is run by civil servants that are NOT political appointees. And having worked in Washington, if you get a stupid political appointee as a boss, the system has a lot of inertia, and tends to wait them out. Look at the track record for most appointees, based on my experience, most of them don't last four years. A couple of years is normal. Its easy for the bureaucracy to drag its feet for a couple of years. With a new appointee, you get new priorities. Problem solved. That and Washington leaks like a colander. Keeping a secret is impossible.

  5. Limewire has no business in the government by MikeRT · · Score: 3, Interesting

    There is absolutely not a single good reason for anyone outside of a handful of employees at the Department of Justice who investigate copyright infringement and pornography to have Limewire installed on a government machine. That is precisely how the head of Limewire should have responded to Congress.

    There are some limited applications for P2P in the government, but not an implementation like Limewire.

    But then, why am I not surprised that Congress once again doesn't do the job we pay them to do? See, this is why I have come to the conclusion that maybe we need to call a new constitutional convention through state legislatures, and add in a constitutional amendment that contains an entire article of civil and criminal liability for each part of the body politic.

    Personally, I think legislators ought to be held civilly and criminally liable where necessary for the negative outcomes of their laws. They don't hesitate to hold engineers, doctors, programmers, etc. accountable for their mistakes. Here's turnabout for them:

    1) Establish two legal distinctions: misdemeanor and felony unconstitutionality. The distinction is that felony unconstitutionality is a blatant, obvious to anyone, violation of the constitution such as passing a gun ban in direct violation of the 2nd amendment or outlawing political speech. Everytime a law is declared unconstitutional, everyone who voted for it gets effectively put on trial. If it's at the Supreme Court, everyone gets sanctioned, without right to a trial, for supporting it. I mean, at that point, how could you argue that they should get their day in court when it is the SCOTUS ruling against their law?

    2) Allow private citizens to sue members of Congress for loss of life, liberty, property and/or emotional distress caused by the enforcement of any unconstitutional law.

    3) Declare that the only political activity that can be legally done while Congress is in session is government-related work. Make campaigning effectively timecard fraud that can cost the legislator their position. Allow the leadership of both parts of Congress to sanction members who go on a tangent like Arlen Spectre going after the NFL. Repeat offenders can be censored from entering Congress for up to one month. Imagine going back home to your district, and having to explain why you were so off topic from what is constitutional, that the Speaker of the House told you to shut up and go home. That's great for reelection.

    1. Re:Limewire has no business in the government by Coraon · · Score: 2, Interesting

      everything you have written here makes perfect sense, there just a few problems. 1. the objective of a politician is to get into power and stay there, as long as possible. therefore anything that could remove them from power will be struck down, as they are the ones voting on it. 2. your under the mistaken impression that enough voters care about what happens in government. The Americans have been so brow beat into thinking that their vote doesn't matter, with that much voter apathy I doubt you could get enough people angry enough to get those resolutions passed. 3. America is heading to a police state, there arnt going to submit anti police state legislation.

      --
      -Ours is the wisdom of Solomon, the magic of Merlyn, the fall of Icaris.
  6. Don't Blame Technology by ilikepi314 · · Score: 2, Informative

    My favorite part was this:

    The most scathing criticism came from Rep. Jim Cooper (D-Tenn.), who launched into a lengthy monologue in which he deemed Gorton "one of the most naive chairmen and CEOs I've ever run across," and accused his company of making the "skeleton keys" that grant access to material harmful to U.S. national security.

    "I'd feel more than a shade of guilt at this point, having made the laptop a dangerous weapon against the security of the United States," Cooper said. "Mr. Gorton, you seem to lack imagination about how your product can be deliberately misused by evildoers against this country." (Cooper also, at one point, claimed that Gorton's own home computer was probably leaking sensitive documents.)

    This is exactly the problem, not enough people understand technology... or really common sense. Limewire is not some default protocol available on any computer, it must be installed. It shouldn't be on any computer with sensitive information in the first place. Limewire didn't force it on those computers, so leave them alone, go after the idiots that installed it!! Of course, that would probably be themselves, and they're not going to put themselves in jail. And as far as deliberate misuse goes, I say we call in all baseball bat makers while we're at it; don't they realize how many felons they've aided by providing a product that can be used to assault people?

    This reminds me of a classmate of mine that got a letter saying her information was possibly exposed to the internet through a website run by her high school. All I could think of was: "Why in the world was ANYONE's sensitive information anywhere near a computer with an apache server?".

  7. Fly in the Soup by MacWiz · · Score: 2, Interesting

    I'm looking at the comments on this page and I have to wonder if anyone remembers what file sharing is at its basic level.

    Back in the late 80s, I was the editor of an entertainment supplement that ran in the newspaper in three mid-size towns. We had to use a modem to connect to each other and sometimes we could get a whole 1 kbps transfer rate to move text files. Within the office, file sharing was faster because we could swap floppy disks.

    While I know you're all talking about swapping movies, music, games, etc., every corporate environment involves the sharing of information. A newspaper is a real good example of how you have to pull files in from your "peers" to collect and assemble them. Every day.

    We spent so long looking for faster ways to move files around and now we've reached the point where this basic function is finally is working so well that we've gotta screw it up.

    File sharing/information sharing is the purpose of the Internet. To even consider trying to stop it is ludicrous. You might as well just shut down the entire net because that's the only way file sharing stops. Then we'll just go back to faxes and snail mail.

    Should it really be up to the guy that owns LimeWire to tell the government that maybe they shouldn't be using it at work? We have an Intelligence Department, but no one can figure out that, if they are going to use p2p, to do it from a machine with no sensitive information?

    Probably not.

    After all, most of the government still uses Windows, so security must not be that important to them.

  8. Again, Executive incompetence = more Legislation by gr8scot · · Score: 3, Insightful
    My favorite part of the article was the hyperlink text at the bottom of page one leading to page two, which suggests two interpretations of the situation that are both completely wrong.

    CONTINUED: Blame P2P users or software makers?... BS. Blame sysadmins who give their end-[L]users Administrator privileges. Not rights, privileges. Government employees don't own those computers, or those data. I do, along with the rest of the taxpayers. Administrator privileges to a government laptop by its daily user are completely inappropriate. Every software package on every government computer should be approved through a bureaucratic process as time-consuming as the worst urban myth about the Motor Vehicle Department and building permits put together. And, this is not uniquely a government problem, it's one of many symptoms of a cultural problem, specifically entitlement mentality. There is no good reason to have administrator access to a computer you have not personally purchased, but I hear a cacophony of pseudo-populist whining whenever I say that to semi-literate, entry-level keyboard operators.

    Evidence that sensitive information is accessible through peer-to-peer networks illustrates "the importance of strengthening the laws and rules protecting personal information held by federal agencies" and other organizations, said Rep. Tom Davis (R-Va.), the committee's ranking member, who has sponsored a bill that would impose new requirements on government agencies that discover security breaches. "We need to do this quickly." You need to do it right, and be sure to include a few clear, simple guidelines preventing -- not just prohibiting -- the installation of software by the end user, by limiting them to Limited User status.
    --
    All 19 hijackers were known terrorists 09-10-2001. Lack of FBI intelligence does not justify warrantless wiretaps..