Feeds

US Congress probes accidental top secret file sharing

Protecting fed workers from themselves

High performance access to file storage

US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing.

A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security.

At issue are numerous cases of federal government employees and contractors who install P2P software on computers without realizing the sensitive documents they expose for sharing. According to the committee chairman, this is a problem with the software rather than user.

"As far as I am concerned, the days of self-regulation should be over for the file-sharing industry," committee chairman Edolphus Towns said in his opening statement. "In the last administration, the Federal Trade Commission took a 'see-no-evil, hear-no-evil' approach to the file sharing software industry. I hope the new administration is revisiting that approach and I hope to work with them on how to better protect the privacy of consumers."

The politicians focused their concern specifically towards LimeWire, which is the most widely used PSP software in the country.

Towns laid out several past cases of apparent accidental file-sharing that lead to major security breaches on LimeWire. In one, the social security numbers and family information for every master sergeant in the US Army was made available. Another security breach involving the Secret Service resulted in the leak of a file containing a safe house location for the First Family. Lime Wire founder and chairman Mark Gorton addressed the committee to defend the file-sharing software.

Sydnor calls LimeWire "dangerously unpredictable"

"Unfortunately, the popular perception of LimeWire regarding inadvertent file sharing fails to match Lime Wire's excellent record in addressing this problem," Gorton said in prepared testimony for the committee. "A good part of this misperception is due to the distribution of inaccurate and misleading information concerning LimeWire."

Gorton fingered a recent report by Thomas Sydnor of the Center for the Progress & Freedom Foundation. Most contemptuous of the report's supposed inaccuracies is the claim that LimeWire shares user-originated files by default.

"In fact, by default, LimeWire 5 shares no files of any sort for the new LimeWire user," he said. "Also contrary to what Mr. Sydnor states, LimeWire 5 does not share 'sensitive file types' by default. In fact, by default LimeWire does not permit sharing of Microsoft Word documents, Corel documents, many proprietary tax document extensions, Excel spreadsheets, Power Point presentations, and .pdf files."

But Sydnor followed the testimony claiming Gorton is incorrect and calling the software "dangerously unpredictable." He said over the past weekend, he conducted an experiment where he set up a test computer with 16,798 personal documents, images, videos, and audio files within the standard Windows My Documents folder. After confirming no versions of LimeWire was installed, he claims to have downloaded the latest version of LimeWire (version 5.2.8) and completed a "default" installation by clicking "next" or accepting default settings. When he was done, the software was supposedly sharing all 16,798 files.

"The truth of the matter is, if you install this program – if any normal person installs this program on an ordinary home computer – they have no way to know what it will do to them by default," he told the committee.

In a closing statement, Towns said he is planning to introduce a bill to ban open network peer-to-peer software from all government and contractor computers and networks. He also called for the US Federal Trade Commission to launch an investigation into whether allegedly inadequate safeguards on LimeWire constitute an unfair trade practice.

"The file-sharing software industry has shown it is unwilling or unable to ensure user safety," Town said. "It's time to put a referee on the field."

A video of the hearing is available here. Documents and prepared testimony can be found yonder. ®

SANS - Survey on application security programs

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.