Feeds

US Congress probes accidental top secret file sharing

Protecting fed workers from themselves

Beginner's guide to SSL certificates

US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing.

A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security.

At issue are numerous cases of federal government employees and contractors who install P2P software on computers without realizing the sensitive documents they expose for sharing. According to the committee chairman, this is a problem with the software rather than user.

"As far as I am concerned, the days of self-regulation should be over for the file-sharing industry," committee chairman Edolphus Towns said in his opening statement. "In the last administration, the Federal Trade Commission took a 'see-no-evil, hear-no-evil' approach to the file sharing software industry. I hope the new administration is revisiting that approach and I hope to work with them on how to better protect the privacy of consumers."

The politicians focused their concern specifically towards LimeWire, which is the most widely used PSP software in the country.

Towns laid out several past cases of apparent accidental file-sharing that lead to major security breaches on LimeWire. In one, the social security numbers and family information for every master sergeant in the US Army was made available. Another security breach involving the Secret Service resulted in the leak of a file containing a safe house location for the First Family. Lime Wire founder and chairman Mark Gorton addressed the committee to defend the file-sharing software.

Sydnor calls LimeWire "dangerously unpredictable"

"Unfortunately, the popular perception of LimeWire regarding inadvertent file sharing fails to match Lime Wire's excellent record in addressing this problem," Gorton said in prepared testimony for the committee. "A good part of this misperception is due to the distribution of inaccurate and misleading information concerning LimeWire."

Gorton fingered a recent report by Thomas Sydnor of the Center for the Progress & Freedom Foundation. Most contemptuous of the report's supposed inaccuracies is the claim that LimeWire shares user-originated files by default.

"In fact, by default, LimeWire 5 shares no files of any sort for the new LimeWire user," he said. "Also contrary to what Mr. Sydnor states, LimeWire 5 does not share 'sensitive file types' by default. In fact, by default LimeWire does not permit sharing of Microsoft Word documents, Corel documents, many proprietary tax document extensions, Excel spreadsheets, Power Point presentations, and .pdf files."

But Sydnor followed the testimony claiming Gorton is incorrect and calling the software "dangerously unpredictable." He said over the past weekend, he conducted an experiment where he set up a test computer with 16,798 personal documents, images, videos, and audio files within the standard Windows My Documents folder. After confirming no versions of LimeWire was installed, he claims to have downloaded the latest version of LimeWire (version 5.2.8) and completed a "default" installation by clicking "next" or accepting default settings. When he was done, the software was supposedly sharing all 16,798 files.

"The truth of the matter is, if you install this program – if any normal person installs this program on an ordinary home computer – they have no way to know what it will do to them by default," he told the committee.

In a closing statement, Towns said he is planning to introduce a bill to ban open network peer-to-peer software from all government and contractor computers and networks. He also called for the US Federal Trade Commission to launch an investigation into whether allegedly inadequate safeguards on LimeWire constitute an unfair trade practice.

"The file-sharing software industry has shown it is unwilling or unable to ensure user safety," Town said. "It's time to put a referee on the field."

A video of the hearing is available here. Documents and prepared testimony can be found yonder. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.