The House of Representatives Is Blocking All Apps Using Google's Appspot.com (fastcompany.com)

← Back to Stories (view on slashdot.org)

The House of Representatives Is Blocking All Apps Using Google's Appspot.com (fastcompany.com)

Posted by msmash on Saturday May 7, 2016 @09:29AM from the block-it-if-you-don't-understand-it dept.

New reader calewithac writes: In an attempt to stop ransomware attacks, the House's security team has banned all apps hosted on appspot.com from being used on its servers. This means that all appspot hosted apps are inaccessible inside Congress. According to Ted Henderson, the founder of the Cloakroom -- an anonymous messaging app for Capitol Hill staffers -- all of his apps are effectively not available to their target audience.

46 comments

Min score:

Reason:

Sort:

Sounds Like A Feature. by zenlessyank · 2016-05-07 09:36 · Score: 1

Or a Congressional Easter Egg.
This sounds weird. by stephanruby · 2016-05-07 09:38 · Score: 4, Interesting

I would think Cloakroom was the one thing being targeted, because the House or Representatives doesn't want anonymous leaks.
1. Re:This sounds weird. by Anonymous Coward · 2016-05-07 10:00 · Score: 0
  
  yep, I'd mod you up if I wasn't an AC
2. Re:This sounds weird. by Anonymous Coward · 2016-05-07 10:08 · Score: 0
  
  Of course the House wants anonymous leaks. If America knew who was pissing on them, they might do something.
3. Re:This sounds weird. by Anonymous Coward · 2016-05-07 10:30 · Score: 2, Insightful
  
  They want leaks that they can control, not actual leaks.
  Try and bring a camera phone into a gop fundraiser these days and see what that gets you
4. Re:This sounds weird. by allquixotic · 2016-05-07 16:28 · Score: 1
  
  Actually, they probably already have a forced MITM proxy (requiring you to trust a self-signed root CA from the gateway) that decrypts all traffic going across the wire.
  If they have such a MITM -- and I can't imagine that they don't, since I know this is an extremely common thing in Federal IT -- then they would actually gain enormous insight into *who* is leaking, simply by allowing people to connect to these sites like Cloakroom and observing the traffic.
  I will concede, however, the argument that if you perform an off-the-record (sneakernet, etc) key exchange with a trusted individual in order to begin your transaction with something like Cloakroom, then you could still privately communicate with Cloakroom even if the hostile gateway is performing MITM. All you have to do is paste your ciphertext into a text box on an HTML form and submit.
  In that case, the Fed would know *that* you sent something to Cloakroom, because they'd know the IP of the computer that submitted the request and who was logged on via their PIV card, but they wouldn't know what you said -- whether something completely innocuous like "Nancy Pelosi has weird eyebrows" or something actually politically impactful.
5. Re:This sounds weird. by SNRatio · 2016-05-07 17:36 · Score: 2
  
  Cloakroom -- an anonymous messaging app for Capitol Hill staffers
  I would think if someone made an app specifically for such a small user base the whole intent was to spy on their messages. After all, capital hill staffers are allowed to participate in insider trading, so the developer could turn a HUGE profit without ever leaking any of the content he intercepted.
6. Re:This sounds weird. by CloakroomTed · 2016-05-09 06:37 · Score: 1
  
  Interesting idea. So what you're saying is if I can get our users to talk stocks, it wouldn't be considered insider trading for me to use the data as long as they've published it on Cloakroom?!
7. Re:This sounds weird. by SNRatio · 2016-05-15 16:10 · Score: 1
  
  I think it would still be insider information, it's just that Congress considers itself and its staff immune to prosecution for insider trading. (after passing a law saying the opposite). https://theintercept.com/2015/...
Ransom Congress by Anonymous Coward · 2016-05-07 10:05 · Score: 2, Funny

How would ransomware work on a country with a gazillion dollars in debt load? Could they give the debt to the ransomers?
1. Re:Ransom Congress by just+another+AC · 2016-05-07 21:01 · Score: 1
  
  Simple, they tell everyday Americans to pay up or they will let the politicians go back to messing up the country
dirty app source; block it by dltaylor · 2016-05-07 10:17 · Score: 1

Seems reasonable.
If the app server cannot be relied upon to provide clean (no spyware, trojans, ...) apps, then it is entirely reasonable to block it, and any communications with it.
'Course, since many of the Apple apps have those same "features", spyware, in particular, they should be blocked, also.
GPS tracking, for example, can be used to follow aides from one office to another, or from the floor to an office, making it more difficult to have some of the delicate negotiations often required to make a government work. Same thing with tracking the to/from of texts.
1. Re:dirty app source; block it by Anonymous Coward · 2016-05-07 10:35 · Score: 1
  
  By design everything and anything from Google is spyware. That is how they make money.
  By blocking anything Google you automatically block about 90% of the web spyware.
2. Re:dirty app source; block it by AK+Marc · 2016-05-07 11:23 · Score: 2
  
  GPS tracking, for example, can be used to follow aides from one office to another, or from the floor to an office, making it more difficult to have some of the delicate negotiations often required to make a government work
  The negotiations would be done without phones present anyway. If you are worried about it, hand your phone to another aide. Let them wander around like they are doing the regular things. Nobody will ever know that you were sitting somewhere else. Or just leave it in your desk. It'll be obvious you don't have your phone on you, but it won't point to anything in particular.
  
  --
  Learn to love Alaska
3. Re:dirty app source; block it by SumterLiving · 2016-05-08 00:44 · Score: 1
  
  By design, automobiles are dangerous. There is no way around that fact. By blocking the use of automobiles, you automatically reduce dangerous behavior by 90%. I now have a new outlook on life thanks to my new skill to make up facts, stats and scary stuff to post on the internet.
WebFilings / "Workiva" by Anonymous Coward · 2016-05-07 10:53 · Score: 0

Wonder if any of them need to work on taxes for corporations.
Perfection by Anonymous Coward · 2016-05-07 11:05 · Score: 2, Insightful

... banned all apps hosted ...

Tell me again how perfect the cloud is: I forget. When you give up security and archiving duties to someone else, some form of auditing is needed. Otherwise you're not getting the efficiency you paid for, and you don't have any way to detect that.
Re:Republicans... by Anonymous Coward · 2016-05-07 11:06 · Score: 0

It's how they be. Anything that doesn't make money for a Republican must be destroyed.
Feminists... by Anonymous Coward · 2016-05-07 11:11 · Score: 0

hate free speech on the Internet. It's as simple as that.
well duh. by Gravis+Zero · 2016-05-07 11:15 · Score: 1

According to Ted Henderson, the founder of the Cloakroom -- an anonymous messaging app for Capitol Hill staffers -- all of his apps are effectively not available to their target audience.
which means the blocking is working as intended.

--
Anons need not reply. Questions end with a question mark.
Re:Fags! by Anonymous Coward · 2016-05-07 11:28 · Score: 0

Looks like someone has repressed homosexual desires.
Do people still say 'asshat'? That's so 2007.
Hypocrisy by Anonymous Coward · 2016-05-07 11:29 · Score: 0

This is hypocrisy. We rightly are highly critical of Hillary Clinton for the private email server and leaking classified information. Why do we want to make it easier to leak classified information from Congress. How do we know these apps are secure? How do we know the information isn't being leaked to opposing campaigns, to potentially unethical lobbyists, or even to foreign entities? There already are ways to leak information when it needs to be leaked. Normally that involves being an anonymous source for credible members of the media. Why is it bad for Hillary Clinton to have awful security practices but desirable for Congress to have apps designed to leak information? Both are awful ideas.
1. Re: Hypocrisy by DaHat · 2016-05-07 14:40 · Score: 1
  
  How do we know these apps are secure? How do we know the information isn't being leaked to opposing campaigns, to potentially unethical lobbyists, or even to foreign entities?
  Because these apps aren't used for classified information? Most anytime a congress critter gets briefed on something classified, it happens in a SCIF (https://en.m.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility), a place where unrestricted internet access doesn't really exist.
  
  --
  Help Brendan pay off his student loans
2. Re: Hypocrisy by Anonymous Coward · 2016-05-08 00:51 · Score: 0
  
  You missunderstand the use case for the app. It's not to conduct official business it's to let your buddies know "Issa's new intern is smoking hot and if you sit in the left chair while meeting with them you can get a great view of her ass when she bends over the coffee cart."
Wrong target, House by Sir+Holo · 2016-05-07 11:48 · Score: 4, Interesting

How about banning DropBox. The CEO as openly stated they they index every file that crosses their servers.
Oh, now I see. Republicans won't ban DropBox because Condi Rice is on its Board of Directors.
My own (huge) institution has banned Dropbox entirely. Instead, a subscription to Box Sync was purchased for everyone. Box Sync encrypts before upload/sync, and then decrypts locally. They literally cannot peer into your files—This is by Design.
1. Re:Wrong target, House by Anonymous Coward · 2016-05-07 13:23 · Score: 0
  
  is box's client software open source? can you download sources, read them, and compile yourself? no? then you are foolishly trusting a company in an industry EVERY player has likely received multiple requests, orders and/or demands from government agencies that they can't talk about. you don't know what's in that client, you should fully expect that someone, somewhere on the other end knows what's in your files or at least how to decrypt them.
  your institution didn't "ban" dropbox, they just inked a deal for full scale deployment of a competitor, that is all.
2. Re:Wrong target, House by BitZtream · 2016-05-07 14:24 · Score: 1
  
  Instead, a subscription to Box Sync was purchased for everyone.
  Ah yes, because you certified the source was actually using the full chain of requirements to ensure encryption doesn't accidentally leak info, right?
  hey, heres a novel idea ... run your own fucking file servers and stop putting shit in the cloud then you won't have to even wonder whats going on with it.
  
  They literally cannot peer into your files—This is by Design.
  Thats cute, you totally have no idea how easy it is to get information out of copious amounts of encrypted information.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
3. Re:Wrong target, House by allquixotic · 2016-05-07 16:33 · Score: 1
  
  Any time your data is being stored in an unencrypted format (or encrypted with keyword indexing, whatever, same difference) on a server you don't control, you should bring with you the *expectation* that the company hosting your data, and/or potential political or corporate adversaries, can and WILL access that data.
  If you're OK with that, then more power to you. I doubt NSA or a corporate competitor cares about your pictures of playing fetch with your dog. They might care a bit about a copy of a secret agreement like the TPP, though.
4. Re:Wrong target, House by Sir+Holo · 2016-05-07 21:01 · Score: 1
  
  your institution didn't "ban" dropbox, they just inked a deal for full scale deployment of a competitor, that is all.
  No. They did. A 6-month warning was given that access to DropBox domains will soon be blocked from any institutional network connection. Yes, you could proxy around that. Yes, you could use it at home. But why?
  I only use Box Sync to share project files with colleagues within the same institution. For real collaborators around the world, especially if the data is sensitive (i.e., patentable), I make them sftp to MY OWN SERVER. I'm working on WebDAV, so they will quit bitching about having to see a command line.
  Yes, I know easy-interface sftp software abounds, but graduate students today are, to be quite honest, terribly ignorant about how computers actually work. RoR and running 'demo files' of expensive software makes them feel powerful –yet they have no clue how any of the steps between 0's and 1's, all the way to the clicky-easy interface that they are "instant experts" at, operate. They don't know how to build a NAND gate, but they should at least have a grasp of ANY of the layers in between that make doing things so easy. They are clueless.
5. Re:Wrong target, House by sumdumass · 2016-05-08 01:01 · Score: 1
  
  Thats cute, you totally have no idea how easy it is to get information out of copious amounts of encrypted information.
  Especially considering that without the source code of the client software and a lot of man hours auditing it, there is no guarantee that the client software is not making the encryption keys available is an obscure part of the encrypted files specifically for access by parties you didn't intend to view/use them.
Re:Fags! by Ol+Olsoc · 2016-05-07 12:21 · Score: 1

Do people still say 'asshat'?
Only asshats do that now.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Blocking something?? by Neuronwelder · 2016-05-07 12:48 · Score: 1

Gee.. that's something new for them. sarchasm
1. Re:Blocking something?? by Anonymous Coward · 2016-05-07 16:13 · Score: 1
  
  Is a sarchasm a giant hole you fall into if you misinterpret's someone's use of irony?
So you can't do random shit on a gov network? by BitZtream · 2016-05-07 14:21 · Score: 2, Insightful

Thats really all this is about? Fuck off

According to Ted Henderson, the founder of the Cloakroom -- an anonymous messaging app for Capitol Hill staffers -- all of his apps are effectively not available to their target audience.
Go fuck yourself Ted and Cloakroom. They can pull out their personal phone and visit your shitty site that no one cares about if they want to.
They can go home and send you posts.
What you're really pissed off about is that they can't easily leak shit to you, and you're crying about how they aren't paying their employees and resources to give you shit you want to then stab them in the back with.
You're a complete and total douche for whining about this.
I'm all for leaking anything illegal or just flat out 'wrong', but I don't expect the party I'm spying on to facilitate it nor to I expect them to make it easy on me.
You think its a good idea for secrets to just flip out to assholes like you and that everyone who 'leaks' shit is intelligent enough to leak the proper stuff and not actual secrets, or is smart enough to never be exploited by random public services that allow anyone and everyone to sign up without any useful chain back to the physical person.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
1. Re:So you can't do random shit on a gov network? by CloakroomTed · 2016-05-09 06:40 · Score: 1
  
  Lol. Hundreds of elected Members of Congress use our app every day for legislative updates and thousands of staffers use Cloakroom as a venue for bipartisan policy debates, which don't happen anywhere else. We host policy experts from every part of the political spectrum and use it to share legislative ideas.
What does this mean? by Anonymous Coward · 2016-05-07 15:45 · Score: 1

Can somebody explain, what is appspot.com, what is an "app" in this context, and what does it mean for them to be "banned from the House's servers"?
The summary (and TFA) doesn't make any sense to me:
- what does it mean for an "app" to be "hosted on appspot.com" but "used on the House's servers"?
- in what way do restrictions on the House's servers affect what software is or is not "accessible inside Congress", or what software is "available to" Capitol Hill staffers?
- who and what are they trying to protect from ransomware, and how is this move meant to achieve that goal?
1. Re:What does this mean? by Anonymous Coward · 2016-05-07 23:15 · Score: 0
  
  It means Hillary's going to jail.
2. Re:What does this mean? by SumterLiving · 2016-05-08 01:01 · Score: 0
  
  You must be a Republican. Making a political issue out of a non-political issue is the trait of a true Republican. While I have no proof of this fact, Facebook is all the evidence I need. An example? Bill posts "The rain has just started at my house and it looks like it's moving east" / Republican Donald posts" Odumbos climate change didn't account for the EPA dictators secret Hillary emails before letting the chemtrails to be delivered FOR FREE to libracon dumbloaders. Trump will make America great again when he writes a new Trumpsitution and gets rid of that past-due Bill of the Rights."
3. Re:What does this mean? by Sir+Lurkalot · 2016-05-08 01:52 · Score: 1
  
  Wish I had Mod points...
4. Re:What does this mean? by CloakroomTed · 2016-05-09 06:42 · Score: 1
  
  Apps hosted on Google AppSpot are being blindly banned. That's what it means. The result on this ban is a stifling of free speech among public servants in Congress.
Box for Linux by tepples · 2016-05-07 16:18 · Score: 1

My own (huge) institution has banned Dropbox entirely. Instead, a subscription to Box Sync was purchased for everyone.
Dropbox has a client for GNU/Linux OS; Box appears not to because of low demand. Did the price of this "subscription to Box Sync" include a subscription to Windows for Linux users to run in a VM? Or how well does the Box client for Windows work in Wine? Or are you using an unofficial client?
And then there were vpn's by Anonymous Coward · 2016-05-12 06:30 · Score: 0

well, I'd guess that, like China, people will start using vpn software to evade the blocks.