Feeds

US Congress probes accidental top secret file sharing

Protecting fed workers from themselves

Secure remote control for conventional and virtual desktops

US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing.

A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security.

At issue are numerous cases of federal government employees and contractors who install P2P software on computers without realizing the sensitive documents they expose for sharing. According to the committee chairman, this is a problem with the software rather than user.

"As far as I am concerned, the days of self-regulation should be over for the file-sharing industry," committee chairman Edolphus Towns said in his opening statement. "In the last administration, the Federal Trade Commission took a 'see-no-evil, hear-no-evil' approach to the file sharing software industry. I hope the new administration is revisiting that approach and I hope to work with them on how to better protect the privacy of consumers."

The politicians focused their concern specifically towards LimeWire, which is the most widely used PSP software in the country.

Towns laid out several past cases of apparent accidental file-sharing that lead to major security breaches on LimeWire. In one, the social security numbers and family information for every master sergeant in the US Army was made available. Another security breach involving the Secret Service resulted in the leak of a file containing a safe house location for the First Family. Lime Wire founder and chairman Mark Gorton addressed the committee to defend the file-sharing software.

Sydnor calls LimeWire "dangerously unpredictable"

"Unfortunately, the popular perception of LimeWire regarding inadvertent file sharing fails to match Lime Wire's excellent record in addressing this problem," Gorton said in prepared testimony for the committee. "A good part of this misperception is due to the distribution of inaccurate and misleading information concerning LimeWire."

Gorton fingered a recent report by Thomas Sydnor of the Center for the Progress & Freedom Foundation. Most contemptuous of the report's supposed inaccuracies is the claim that LimeWire shares user-originated files by default.

"In fact, by default, LimeWire 5 shares no files of any sort for the new LimeWire user," he said. "Also contrary to what Mr. Sydnor states, LimeWire 5 does not share 'sensitive file types' by default. In fact, by default LimeWire does not permit sharing of Microsoft Word documents, Corel documents, many proprietary tax document extensions, Excel spreadsheets, Power Point presentations, and .pdf files."

But Sydnor followed the testimony claiming Gorton is incorrect and calling the software "dangerously unpredictable." He said over the past weekend, he conducted an experiment where he set up a test computer with 16,798 personal documents, images, videos, and audio files within the standard Windows My Documents folder. After confirming no versions of LimeWire was installed, he claims to have downloaded the latest version of LimeWire (version 5.2.8) and completed a "default" installation by clicking "next" or accepting default settings. When he was done, the software was supposedly sharing all 16,798 files.

"The truth of the matter is, if you install this program – if any normal person installs this program on an ordinary home computer – they have no way to know what it will do to them by default," he told the committee.

In a closing statement, Towns said he is planning to introduce a bill to ban open network peer-to-peer software from all government and contractor computers and networks. He also called for the US Federal Trade Commission to launch an investigation into whether allegedly inadequate safeguards on LimeWire constitute an unfair trade practice.

"The file-sharing software industry has shown it is unwilling or unable to ensure user safety," Town said. "It's time to put a referee on the field."

A video of the hearing is available here. Documents and prepared testimony can be found yonder. ®

The essential guide to IT transformation

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.