Post I.T. - Washington Post Technology Blog Frank Ahrens Sara Goo Sam Diaz Mike Musgrove Alan Sipress Yuki Noguchi Post I.T.
Tech Podcast
The Bloggers
Subscribe to this Blog

File-Sharing: A National Security Threat?

The makers of peer-to-peer file sharing software such as Limewire are no strangers to controversy. Hollywood has been battling file-sharing over the Internet for years as a way to curb music and video piracy. But now, Congress is back in the debate, alleging that P2P software can pose a "national security threat."

It appears that sensitive or classified documents - military orders, terrorist threat assessments, accounting documents, tax returns, medical records and more - could fall into the wrong hands if government employees who install file-sharing software on their computers aren't careful about which files and folders they share. According to a CNET report, members of the Government Reform Committee told Limewire chairman Mark Gorton at a hearing on Tuesday that his company also might be exposed to legal liability if someone's income tax returns ended up on the Internet for anyone to see because the file sharing software put them out there.

Here's a few questions to consider: Why are government employees installing file-sharing software on government-issued computers where these files are stored? Isn't that against government policy and regulation? (I'm not allowed to install P2P software on my work computer. Are you?) If these are their own personal computers, then why would sensitive or classified information be on them in the first place? Better yet, why is sensitive or classified information being stored locally on any computer that could leave the confines of a secured office? (Have we learned nothing from the data breaches that stem from laptop thefts?)

In a posting this morning, Mike Masnick, a contributing blogger for TechDirt, was a bit more harsh. He wonders why file sharing system providers should take the blame for the, um, stupidity of government employees - and politicians. He singles out Rep. Jim Cooper (D-Tenn.), who reportedly blasted Gorton during the hearing and told him, "you seem to lack imagination about how your product can be deliberately misused by evildoers against this country."

Masnick's response: "That's laughably wrong. The misuse isn't by so-called 'evildoers.' It's by gov't employees who are disobeying policy and stupidly revealing confidential documents by misusing the software... This is yet another case where politicians want to regulate a technology they don't understand."

Your thoughts?

By Sam Diaz  |  July 25, 2007; 12:35 PM ET  | Category:  Sam Diaz
Previous: Sparks Still Flying Over SunRocket | Next: Sprint Partners With Google on WiMax


Add Post I.T. to Your Site
Stay on top of the latest Post I.T. news! This easy-to-use widget is simple to add to your own Web site and will update every time there's a new installment of Post I.T.
Get This Widget >>


Comments

Please email us to report offensive comments.



Fact: P2P software is not allowed on government computers.
Fact: Politicians (and the Media) have rarely let the Facts get in the way of a good, self-serving rant.

Posted by: Nukem | July 25, 2007 1:58 PM

Peer to peer programs are used to share the files on your computer with your peers. Hence the name. If you don't want to do that, you don't install the programs. You don't see the senate complaining that ladders allow for unauthorized access into government buildings. That's because everyone knows what ladders are for, and know enough not to put them under their windows.

Posted by: Alex Haviland | July 25, 2007 3:29 PM

riiiiight...i suppose the best thing for this would be to remove the limewire and input a more secure p2p program if nessecary. Im not government official but i do still have my common sense

Posted by: Big Daddy Scrumptious | July 25, 2007 4:50 PM

A sysadmin can simply stop p2p protocols at the firewall. Offices simply should not just have a policy, they must audit and enforce them as well. A good firewall does both.

Posted by: Steve | July 25, 2007 5:09 PM

First of all, has there been any real incident of security breach caused by P2P software or are we just talking hypothetical here? Every incident I've seen in the news has been caused by lost laptops and removable disc drives. Does this mean we should outlaw laptops and hard drives too because they are a national security threat? Every federal and Defense agency has policies in place to prohibit or severely restrict users' ability to add any software, and most P2P app's are already banned outright. If P2P app's are ever misused on govt. computer networks, it's because system administrators weren't doing their jobs and employees chose to break the rules. Then again, maybe we should just outlaw everything that could do damage when misused - Let's start with a silverware ban because you could poke somebody's eye out.

Posted by: annanemas | July 26, 2007 7:44 AM

p2p is a threat when users dont understand how to set it up. Our Identity Theft Experts found loads of data that compromises a persons identity and ultimately their security. See here http://www.youtube.com/watch?v=fbMiMQwpwfA

Posted by: Robert Siciliano | July 26, 2007 10:18 AM

Once again our representatives show just how moronic they really are. What's worse is that stupid Americans voted these idiots into office, have we learned nothing?
Voters need to wise up an realise almost every candidate, R or D, is a complete idiot.
Vote for someone, anyone else and send a message that we are no longer putting idiots into public office!

Posted by: CR | July 26, 2007 12:59 PM

Sounds like someone left the car parked on the street with the keys in it and now wants to sue the DOT for providing roads the crooks used to drive it away!

Posted by: Oran Sands | July 26, 2007 1:01 PM

People need to stop being protected from their own stupidity and held responsible for their own actions. If they're going to use P2P software, they should understand it first. Its all there. they just have to look and see what it's doing.

people need to wake up and pay attention to what they do with their computers. computers became mainstream way too quickly and too many people don't understand them enough to safely use them. we force people to take tests to fly planes, yet we give anyone a computer. i think if you're going to use a computer at *any* company, especially a government facility, you should pass an aptitude test with computers to ensure everyone knows how to safely use them.

Posted by: Paul | July 26, 2007 1:05 PM

i would argue that the person who installs p2p software on govt computers (and doesn't know better than to share the "nuclear secrets" folder) is the national secruity risk.

Posted by: philly jd | July 26, 2007 1:06 PM

Tubes....All this info is transferred through tubes....

Come ON, what would a 75 year old politician know about p2p software? He's probably still rubbing potatoes on warts and buring them under a full moon to get rid of the warts.

Posted by: Indigo | July 26, 2007 2:36 PM

It all started when Al Gore invented the internet. I smyte you Al Gore for bring this evil invention into our lives!

Posted by: TomyTuTone | July 26, 2007 2:39 PM

Users can certainly shoot themselves in the foot by sharing out entire hard drives on P2P. The bigger risk in my mind is that virus writers can find exploitable vulnerabilities in P2P clients (just like they could in Google Desktop, theoretically) that modify the intended user settings and open up the entire harddrive for a hacking party. There should be some basic minimum application security standards, clearly indicated by a credible agency seal, to provide some measure of consumer safety.

Posted by: Avni Rambhia | July 26, 2007 5:37 PM

If you let P2P continue, the terrorists will follow us home. GET IT? Is there connection with this new twist to any RIAA lobby? P2P is also a way for ANY artist to distribute their works freely and globally. That's really why some want it and internet radio shut down. Why aren't they addressing the PAYOLA? These lawmakers are anything but idiots. Where's the rest of this story? What is this hearing about and why is the Limewire dude being threatened, personally attacked, and lumped in with "evil doer's"(a flaming Bushism).

Posted by: Jethroctm | July 26, 2007 8:37 PM

Sadly this behavior is not limited to government employees; it is also prevalent in the corporate world. In the case of the corporate world, the downside may not be a potential national security breach but it can have very serious legal ramifications, not to mention a less than flattering mention in the Washington Post.

Should Limeware be outlawed for offering free file sharing? The question really is why someone in their right mind is even tempted to share confidential information in this manner. Does their organization offer an easy-to-use, secure means for the transfer of large files? Smart people will find a way to get the job done; unfortunately security is often of secondary concern when evaluating their options. Government and corporate employees are no different in this regard. The difficulty of sending large files over the Internet has frustrated a lot of people in the past, and still does today.

In many organizations email attachments greater than 10MB are typically blocked. Sounds like a good IT move to keep control of email storage demands, and not bog down email performance with large file delivery. The only problem is that many files used everyday in business, and the government, are larger than 10MB.

What options do people have who need to send a large file? If an IT organization isn't providing a secure large file transfer capability that is readily accessible to business (and government) users, then people will find their own way. Historically, the choice of software tools for secure large file transfer have not been very user friendly, or easily accessible. No wonder P2P looks tempting. However times are a-changing. Accellion is a secure file transfer capability in use by government, and corporate users, that focuses on ensuring file security while at the same time letting people get their jobs done.

Rather than outlaw P2P software, how about ensuring government (and corporate) employees have the right tool to share files securely? Accellion.

Posted by: Paula Skokowski | July 27, 2007 6:31 PM

Copy, Paste, & Share Me!

The Truth about File Sharing and What Everyone Should Know!
The Ultimate Blog on This Subject

Please take the time to read this reply from beginning to end. It's the only way you'll benefit from it!

Written and researched by the Anonymous Digital Blogger

Have you ever wondered why is it, when a person lawfully purchases an item first, physically shares it or loans it with those around them, that is considered a common thing without consequence, but when that same person shares the same product online he is considered a criminal?

Downloading has become a controversial issue, but dose it really impact manufactures etc. the way that anti-file sharing groups say that it does? The truth to that question is probably buried deep under the existing mix of what is yet to be learned, propaganda, hype, generated fear, anger, and many conflicting and or even unsubstantiated view points. Although, I can't recommend downloading do to various issues users face, I can only provide you with true ethical facts and questions that some anti-file sharing supporters ignore, sometimes skewer, and don't want you the every day consumer to consider.

1. Aside from cloths, food, and house related things, many large garage sales (like flee markets etc.) also contain music, movies, books, games, and sometimes software etc that make up the main things available to download via P2P. If you were to stop and think of the items being sold and how the owners acquired them, the answers would contain a mixture of purchases, gifts, sharing/given to, traded, possibly long ago loans/sharing never returned or even in some small cases, stolen goods. Regardless of the reasons people still make a profit off these items that the vast majority of downloader's do not.
2. Many unknown amounts of people are able to check out books, movies, music and games from libraries without having to pay a fee. This means that those individuals can get away with copying and sharing theses items for free while down loaders still have to pay for internet use (for some bandwidth too) if they own the computer and have to worry about being sued for what people are physically able to do under the law.
3. Many unknown amounts of people rent movies or games and sometimes copy them. The laws regarding renters use is considered a sticky issue, because of user rights etc. even though copying was recently added to the warning screen. If law enforcement will not touch this issue why pursue downloader's for doing the same thing? By downloading a copy you have created a copy and this is the same a making a copy from a rental, loan, or library loan.
4. When an individual lawfully purchases a movie, music, program, or game they are free to physically share these items, trade them, sell them, and copy them. Although, there are those who would prefer you not to copy anything, again nobody is legally pursuing these individuals so back to the question why go after down loaders for doing the same thing? Downloading is after all the online equivalent of what people do physically.
5. Counterfeiting is a huge physical global billion or trillion dollar issue. In fact it was said in a news paper 08/09/07, unquote and in my words, that counterfeiters are able to do such a good job, because of computer technology that makes it faster and easier, proving that the individuals committing the crime are half the problem. The technology manufactures bare the rest of the responsibility even if they are unwilling to accept it. True, most products on the shelf can and are counterfeited, but items on P2P are generally for the most part not counterfeited (knock-offs), nor sold to downloader's and are limited to digital items. An individual will copy a purchased product and share it online. With exception to fake downloads that do not contain the item listed or digital books that contain fake content, nobody is taking a product, redesigning it and then giving it another name before sharing it. A teenager in France was charged in August 2007 for helping to create an unofficial French translation of the last Harry Potter book. At that time the official translated version wasn't published yet making the creation a genuine counterfeit. He could be facing a five year jail term and an estimated $400,000 or so fine. Charging him with counterfeiting is one thing, but given that he and his group were not making money off the book (without that intent also), that they were sharing a created translated copy of a book that one of them purchased in the first place, and that they are all just teenagers, doesn't that make the proposed punishment a little too steep? What about those people who are physically sharing their own copies of Harry Potter in the real world? Is it really ludicrous to think that piracy should be defined more as person who either physically steals an item or takes one that is given to him and generates many copies of the item with the intent to sell them and does sell them, rather than lawfully purchasing an item and sharing it with people physically or online? In terms of file sharing, somewhere down the line most files originate first as purchases and then are uploaded by a person for sharing. Again how is it that we refer to the same thing in the physical world as a common thing and allowable, but deem the same activity online as piracy? If in depth studies were done experts would most likely discover that less than 1% of down loaders are making money from what they download. Some items uploaded can possibly be in the physical world stolen first from someone else or a company, but so can items purchased at a garage sale or given to by another person. Either way, the downloader, the purchaser (at the garage sale), nor the physical receiver has any knowledge of the theft, so why hold them responsible? Or bare it alone when many people share a piece of the same pie? Host sites are rarely charged for making it possible for people to upload or post torrents or files, nor are the creators of P2P downloading programs or those who invent CD/DVD burners/music video devices or copying/ripping software etc. Without all them there would be no substantial down loaders or up loaders. Sure people find ways, but let's face it; they would still be greatly limited without the above.
6. Books downloaded in PDF format originate from the following ways. Some online purchases allow you to download the book in PDF, Others are from web sites that have permission to reproduce old novels where copyrights have long since expired along with the authors, some are from people who have lawfully purchased a physical book and decide to share it digitally, some are leaked on the internet before a book is released in stores, Some are from stolen books, and others are fakes meaning they contain content other than the original book or someone has altered the original. First of all if an online store or publisher is allowing you the right to legally purchase a book in PDF, is it not your right to give it away or share it? Secondly, you will have noticed two glaring sides to the origins of PDF books. The good side is that some shared books come from lawful purchases that individuals decide to share and those who have permission to share them where the copyright has expired. This is where I invite you the reader to think of solutions in support of the good side and solutions to deal with the bad side.
7. Using a video camera in a theatre is illegal and should be!!! Most music, movie, program, book, or game downloads are first uploaded by people who have lawfully purchased them in the first place making the sharing process the same as in the physical world. Here, I'll take the common theme question of this article and put it into another context. Why should those who lawfully purchase a product and share a copy with those around him or online be dumped into the same category as those who steal a product first, or film it in a theatre, make a profit from, or even create cracks for software? Shouldn't those four types of individuals be the ones pursued rather than common down loaders?
8. Corporations and companies who manufacture DVD burners, iPods est., and ripping, burning, and copying software play a culpable role in the digital duplication process. They are like the gun industry who claims it's not their products that kill, but the people who use them, in that they claim our products do not contribute to P2P sharing, general copying, and physical pirating DVDS on the street, it's the people who use our products who are only at fault. What kind of unethical thinking is that? Everyone knows that if the products where not available or greatly restricted then the temptation would be lessoned. Realistically this won't happen of' course, but as one movie critic put it, "The movie industry are victims of their own marketing." Very true and not incorrect! To provide people with the capabilities to copy things you don't want people to copy and then say well burners or blank DVDs est. are only for regular data backup up or personal camcorder style videos, is like holding candy in front of a baby. It begs expert counterfeiters and real movie pirates to come in and make a quick buck. Corporations and companies who manufacture the things mentioned in the opening paragraph sentence remain an accessory to what they are so against. Simply put DVD street pirates and gun toddling criminals would not be able to make thousands of dollars and commit crimes if it wasn't for the products they use. Well to a certain degree anyway.
9. If ISPs or Internet service providers have the capabilities to control bandwidth for P2P users they have the ability to affect the use of P2P programs or using host sites period. They are also an accessory to what some groups are against (file sharing etc.) When you drive by an adult video store on a street there is nothing very graphic and in your face in the windows of that store. On the web, porn sites are the opposite. They display anything they want to advertise. ISPS if they wanted to could prevent their users from seeing the ads or images on these sites. This makes them hypocrites. Similarly, the movie industry, the game industry, and the music industry can get away with putting so much harmful crap in films, games, an music, take advantage of consumers with marketing schemes, but act like complete hypocrites by being against normal file sharing (that begins with a lawful purchase and sharing it). Here is one of many examples of a marketing scheme: Ever see an old movie quietly released on DVD store shelves without ads and several years later a special improved edition is released with the words "Released for the first time on DVD"? Down loaders are at the bottom of the scheme ladder. Many people and organizations above them are embroiled in greater schemes. It can be fairly stated at this point that down loaders are victims of a greater availability made possible by others and are also victims of their own nature.
10. Let's highlight a previous one point for understanding. To download a torrent file you must first find a host site that lists the torrent files you must obtain to download. Similarly, you must click a file on none torrent sites to begin downloading them via P2P. All host sites also act as accessories to file sharing by hosting what you can begin downloading.
11. Since the dawn of man kind humans have used music as a language and a way to preserve history and stories. Some experts believe that man first learned to speak in sounds like music. The truth is that man had been creating and sharing music for thousands of years prior to the first copyright laws that were created. In the documentary "The Corporation" we were given insight into how corporations set out to copyright everything from water to air. Doesn't it make more sense to allow copyrights for written lyrics only, rather then letting individuals try to place ownership over physical sounds they generate, because that in itself is very close to copyrighting a language that belongs to all of us?
12. There is a myth that most down loaders are youth. In most cases youth or kids aren't paying for the internet use and one can't always determine that the person on the other side of the computer is a youth. Many modern DJ's between their twenties and thirties download large volumes of music. Some modern digital music devices have storage capacities so great that not even those with large CD collections (100-300 CDS) can completely fill the device without downloading music via P2P or paying hundreds of dollars to download songs. Another myth is by music down loaders who claim they are different from those who download other items. The process and act is the same period! Most music downloaded for free, comes from people who have first bought a CD, cassette, record, single file from an online store, or from a gift, loan, disposed of, or from the smallest category, stolen.
13. The reasons why stolen items or those illegally filmed in theatres exist in small quantities of uploads on file sharing networks (At least compared with regular uploads by people who have purchased a product first) has to do with psychology. First, decent people in general prefer to share what they buy lawfully, but never profit from what is shared with them. The decent individual who doesn't upload a purchased product, will greatly curb the seeding process during downloading (Not continue to share with others or profit from them). The decent person will only feel inclined to download an authentic item in an attempt to lesson feelings of guilt and fear, but also because they want the real thing that someone purchased before and did not steal or alter. The Decent person as a general rule tries to consciously avoid stolen, altered, or fake items when downloading. Organized criminals and gangs will prefer to get something monetary wise from those who are downloading, otherwise what kind of criminal or gang member spends his days maintaining a host site with free downloads and gets nothing out of it? Who knows, maybe some of these lowlifes are paid by some source else where in a distant place, to upload what they steal so the source can in turn sell them as theatre movie pirates are said to do. Now really folks do decent down loaders do all this? The decent person will sometimes mistakenly download and upload an item that was previously stolen and may not be aware of it. I wouldn't be surprised if, but do not know, if most stolen items first end up on pay P2P sites run by criminals. An unsuspecting decent person may be duped into believing this site is genuine and after paying downloads a file that they may in turn share with a regular P2P site. Regular host sites then get content of all origins. The question here is if decent down loaders are victims of real criminals, by availability itself, and by human nature, why should they be treated more in the media as the biggest culprits? Simply because there are more decent people downloading? How absurd is that! The heart of the real truth that anti-downloading groups do not want you to know lands on this point. The vast majority of down loaders who are decent people are also a big part of the community who support the artists that created the items downloaded via P2P. Think for a moment, how many concert ticket buyers may also download music or physically share the CDs or individual MP3s they buy with members of their family or friends? This argument goes on and on in so many different ways with all items downloaded. Most decent down loaders reach a point anyway when enough is enough. Too many downloads or too frustrating to wait for downloads, so goodbye to P2P systems and let's delete or give away the stuff I won't use or have the time to use anyway! Another tad bit of psychology for the decent downloader.
14. Software manufactures usually pump out upgrades and new versions faster then most consumers need or prefer. I have read opinions posted by software down loaders on the web who state with truth, how can people keep affording to upgrade or constantly buy the latest software? Some have said truthfully that most new versions of a product are never all that different from the previous versions and some have major draw backs that did not exist in the previous version. Meaning consumers who constantly buy the new version are sincerely getting ripped off anyway. Some manufactures, corporations, and online stores use the tactic of getting as much information about a customer as possible, while experts are telling us simultaneously, to avoid lengthy online surveys that ask many detailed questions about your life such as income etc., because this is all a person needs to steal your identity. Why so similar, because criminals, manufacturers, corporations, and online stores a like want a slice of your income or to put it in a gentler politically correct term, business. They also want to know everything about a consumer for marketing purposes, although the criminal just wants to take over your finances where as the others push the envelope without going too far over that edge of official criminality, but do leave suspecting foot prints behind from time to time. On top of these verifiable truths, consumers are faced with many marketing schemes, too much to go on with here. This may all provide one of many explanations why some decent people turn to P2P programs and host sites.
15. If an individual lawfully purchases a DVD from a store loans it to a friend and then decides to share it with you online via P2P, is that not different from those piracy commercials depicting a man stealing a purse or stealing a DVD from a store? It all goes back to the question at the top of this article. So let's answer that question.

CONCLUSION: With file sharing there is no single culprit as some would like there to be. This issue is like a pie and many groups contribute to it. Unfortunately, those who have least power in the pie scenario become the targets. Finally as the opening question to this article asks, how can one action in the real world be deemed a common thing without consequence, but severely frowned upon with consequence in the digital world? When you think about it, the answer has more to do with the new internet frontier and the endless possibilities that go with it. This in turn means money and one thing leads to the next. As director Michael Moore once stated about his movie "Sicko" being leaked online. "I think copyright laws are too restrictive." Could it be that making people live with the fear and guilt of sharing or copying anything they purchase or is given to them, a form of bullying, psychological harassment and adding more controls to people's lives? Don't the lessons regarding the purpose of Aztec Pyramids in Aztec society also apply to this issue? Of' course we need laws, but how far should we let corporations and companies interfere with our lives? How come there isn't stronger lobbying groups defending the right to share or copy only those lawfully purchased items? For those groups that do defend down loaders to a certain degree, how is it that they get so little media exposure compared to those who seek to demonize everyone, but themselves? After reading this article can you identify innovative ways to allow sharing for those who have lawfully purchased an item and compensate those who claim loss of profit?

The truth is there in front of you. Research it your self!

Posted by: Anonymous Digital Blogger | August 11, 2007 11:58 AM

The comments to this entry are closed.

 
 

© 2010 The Washington Post Company