Feeds

US Congress probes accidental top secret file sharing

Protecting fed workers from themselves

Security for virtualized datacentres

US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing.

A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security.

At issue are numerous cases of federal government employees and contractors who install P2P software on computers without realizing the sensitive documents they expose for sharing. According to the committee chairman, this is a problem with the software rather than user.

"As far as I am concerned, the days of self-regulation should be over for the file-sharing industry," committee chairman Edolphus Towns said in his opening statement. "In the last administration, the Federal Trade Commission took a 'see-no-evil, hear-no-evil' approach to the file sharing software industry. I hope the new administration is revisiting that approach and I hope to work with them on how to better protect the privacy of consumers."

The politicians focused their concern specifically towards LimeWire, which is the most widely used PSP software in the country.

Towns laid out several past cases of apparent accidental file-sharing that lead to major security breaches on LimeWire. In one, the social security numbers and family information for every master sergeant in the US Army was made available. Another security breach involving the Secret Service resulted in the leak of a file containing a safe house location for the First Family. Lime Wire founder and chairman Mark Gorton addressed the committee to defend the file-sharing software.

Sydnor calls LimeWire "dangerously unpredictable"

"Unfortunately, the popular perception of LimeWire regarding inadvertent file sharing fails to match Lime Wire's excellent record in addressing this problem," Gorton said in prepared testimony for the committee. "A good part of this misperception is due to the distribution of inaccurate and misleading information concerning LimeWire."

Gorton fingered a recent report by Thomas Sydnor of the Center for the Progress & Freedom Foundation. Most contemptuous of the report's supposed inaccuracies is the claim that LimeWire shares user-originated files by default.

"In fact, by default, LimeWire 5 shares no files of any sort for the new LimeWire user," he said. "Also contrary to what Mr. Sydnor states, LimeWire 5 does not share 'sensitive file types' by default. In fact, by default LimeWire does not permit sharing of Microsoft Word documents, Corel documents, many proprietary tax document extensions, Excel spreadsheets, Power Point presentations, and .pdf files."

But Sydnor followed the testimony claiming Gorton is incorrect and calling the software "dangerously unpredictable." He said over the past weekend, he conducted an experiment where he set up a test computer with 16,798 personal documents, images, videos, and audio files within the standard Windows My Documents folder. After confirming no versions of LimeWire was installed, he claims to have downloaded the latest version of LimeWire (version 5.2.8) and completed a "default" installation by clicking "next" or accepting default settings. When he was done, the software was supposedly sharing all 16,798 files.

"The truth of the matter is, if you install this program – if any normal person installs this program on an ordinary home computer – they have no way to know what it will do to them by default," he told the committee.

In a closing statement, Towns said he is planning to introduce a bill to ban open network peer-to-peer software from all government and contractor computers and networks. He also called for the US Federal Trade Commission to launch an investigation into whether allegedly inadequate safeguards on LimeWire constitute an unfair trade practice.

"The file-sharing software industry has shown it is unwilling or unable to ensure user safety," Town said. "It's time to put a referee on the field."

A video of the hearing is available here. Documents and prepared testimony can be found yonder. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.