File sharers leak government secrets
By Declan McCullagh CBSNews.com
Posted on ZDNet News: Jul 29, 2009 11:20:33 AM
Sensitive files including Secret Service safehouse locations, military
rosters, and IRS tax returns can still be found on file-sharing
networks, according to a report issued to a U.S. House of
Representatives committee on Wednesday.
In many cases, that's because federal government employees or
contractors installed peer-to-peer software on their computers without
paying attention to which documents would be shared, Robert Boback, the
chief executive of Tiversa, told the panel.
Boback said his company found the Secret Service's evacuation plans for
the first lady and motorcade routes. (See an interview with Tiversa
about Marine One documents found on a peer-to-peer network this spring.)
That led some politicians to announce that new federal laws were
necessary to stop inadvertent file sharing.
"I'm planning to introduce a bill," said Rep. Edolphus Towns, a New York
Democrat who heads a House oversight committee. He said his legislation
would limit the use of peer-to-peer software on all computer networks
operated by the federal government or its contractors.
In addition, the Federal Trade Commission should investigate whether P2P
software developers are violating the law, and the Obama administration
should "undertake a national campaign to educate consumers about the
dangers of file-sharing software," Towns said. (In April, Towns'
committee informed the FTC it had reopened an investigation into
inadvertent file sharing.)
Rep. Peter Welch, a Vermont Democrat, suggested a similar approach. He
wanted to know "whether there's some legal action that should be taken
to protect intellectual property, to protect kids from pornography, to
protect classified medical information, national security information."
The two-and-a-half hour hearing singled out LimeWire, which is probably
the highest-profile P2P client in use today. LimeWire is distributed by
Manhattan-based Lime Wire LLC (which sells a more featureful version
called LimeWire Pro) and it uses the BitTorrent and Gnutella networks.
Lime Group chairman Mark Gorton tried to defuse some of the criticism,
saying "the current version of LimeWire does not share any documents by
default," and many security improvements were added in version 5 of the
software -- released in December 2008 -- that were absent from version
4.
Gorton also tried to make a more subtle point: the Gnutella network is
an amalgamation of scores of different P2P clients, many of which may
have different default settings, and LimeWire shouldn't be held
responsible for someone's decision to share files using a program
written by a different company.
It didn't work. "It is chilling what the public now has available to
it," Rep. Towns said. "The idea that you can look at the first lady's
information, where she's going, how she's getting there, tax records,
things of that nature. ... we need to get to the bottom of this."
Not helping was the fact that Gorton testified at an earlier hearing in
July 2007 on the same topic.
"Mr. Gorton, I find your testimony today stunning," said Rep. Paul Hodes,
a New Hampshire Democrat. "You promised us two years ago you were going
to fix LimeWire."
Replied Gorton: "LimeWire does not control the computers of people
around the country."
He added later: "It's not unreasonable to expect that people who install
file-sharing software want to share files."
Other suggestions were more extreme. Rep. Bill Foster, an Illinois
Democrat who's more technically-inclined than most politicians (he has a
doctorate in physics), said that "the nuclear option is to block the
Gnutella protocol" on a national basis.
But, Foster acknowledged, that wasn't likely to work. Another option, he
said, would be to create a new version of the Gnutella protocol that
allowed only limited clients -- that curbed what folders or filetypes
could be shared -- to connect to it.
Copyright ©2009 CBS Interactive Inc. All rights reserved
This article was originally posted on
CBS News.
|