Feeds

US Congress probes accidental top secret file sharing

Protecting fed workers from themselves

Providing a secure and efficient Helpdesk

US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing.

A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security.

At issue are numerous cases of federal government employees and contractors who install P2P software on computers without realizing the sensitive documents they expose for sharing. According to the committee chairman, this is a problem with the software rather than user.

"As far as I am concerned, the days of self-regulation should be over for the file-sharing industry," committee chairman Edolphus Towns said in his opening statement. "In the last administration, the Federal Trade Commission took a 'see-no-evil, hear-no-evil' approach to the file sharing software industry. I hope the new administration is revisiting that approach and I hope to work with them on how to better protect the privacy of consumers."

The politicians focused their concern specifically towards LimeWire, which is the most widely used PSP software in the country.

Towns laid out several past cases of apparent accidental file-sharing that lead to major security breaches on LimeWire. In one, the social security numbers and family information for every master sergeant in the US Army was made available. Another security breach involving the Secret Service resulted in the leak of a file containing a safe house location for the First Family. Lime Wire founder and chairman Mark Gorton addressed the committee to defend the file-sharing software.

Sydnor calls LimeWire "dangerously unpredictable"

"Unfortunately, the popular perception of LimeWire regarding inadvertent file sharing fails to match Lime Wire's excellent record in addressing this problem," Gorton said in prepared testimony for the committee. "A good part of this misperception is due to the distribution of inaccurate and misleading information concerning LimeWire."

Gorton fingered a recent report by Thomas Sydnor of the Center for the Progress & Freedom Foundation. Most contemptuous of the report's supposed inaccuracies is the claim that LimeWire shares user-originated files by default.

"In fact, by default, LimeWire 5 shares no files of any sort for the new LimeWire user," he said. "Also contrary to what Mr. Sydnor states, LimeWire 5 does not share 'sensitive file types' by default. In fact, by default LimeWire does not permit sharing of Microsoft Word documents, Corel documents, many proprietary tax document extensions, Excel spreadsheets, Power Point presentations, and .pdf files."

But Sydnor followed the testimony claiming Gorton is incorrect and calling the software "dangerously unpredictable." He said over the past weekend, he conducted an experiment where he set up a test computer with 16,798 personal documents, images, videos, and audio files within the standard Windows My Documents folder. After confirming no versions of LimeWire was installed, he claims to have downloaded the latest version of LimeWire (version 5.2.8) and completed a "default" installation by clicking "next" or accepting default settings. When he was done, the software was supposedly sharing all 16,798 files.

"The truth of the matter is, if you install this program – if any normal person installs this program on an ordinary home computer – they have no way to know what it will do to them by default," he told the committee.

In a closing statement, Towns said he is planning to introduce a bill to ban open network peer-to-peer software from all government and contractor computers and networks. He also called for the US Federal Trade Commission to launch an investigation into whether allegedly inadequate safeguards on LimeWire constitute an unfair trade practice.

"The file-sharing software industry has shown it is unwilling or unable to ensure user safety," Town said. "It's time to put a referee on the field."

A video of the hearing is available here. Documents and prepared testimony can be found yonder. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.