White House Decides P2P Isn't All Bad?

ethericalzen writes "An article this week at Cnet revealed that the White House doesn't necessarily hate everything about P2P. The Bush Administration apparently has called into question a law, known as the Federal Agency Data Protection Act, that would force all federal agencies to have plans guarding against the risks of P2P file sharing. In a Congressional hearing on IT security threats, the LimeWire founder was questioned about how his service warned users about the files and folders they are sharing. Karen Evans, the chief information officer for the federal government, stated that she was against singling out a particular technology when issuing computer security requirements. As it is the government already has a law which requires federal agencies to report on information security plans and risk assessments known as FISMA."

Email

[Colin Smith]

Peer to peer... The single largest distribution network for files and other information.

This is why government isn't always a good thing.

 

Conspiracy Theories

[MyNameIsFred]

I wish everyone who believes in grand conspiracy theories could work in Washington DC for a couple of years. They would then realize that most conspiracies are a load of bull. The vast majority of the government is run by civil servants that are NOT political appointees. And having worked in Washington, if you get a stupid political appointee as a boss, the system has a lot of inertia, and tends to wait them out. Look at the track record for most appointees, based on my experience, most of them don't last four years. A couple of years is normal. Its easy for the bureaucracy to drag its feet for a couple of years. With a new appointee, you get new priorities. Problem solved. That and Washington leaks like a colander. Keeping a secret is impossible.

Re:Email

[mixmatch]

As far as I know email is a server-based network. P2P got its name from the ability of clients to connect with each other directly without the use of a server. There are server-like services that assist the clients in finding each other and function as proxies for data, but often-times these also function as clients. By your definition, anything transfered on the Net is peer to peer.

Re:So let me get this right...

[iamacat]

In the context of a computer with classified information, P2P filesharing is a form of back door. Unlike Intranet server-based file sharing, the list of available files can not be centrally audited. Unlike FTP or SMB, programs like FireWire make extraordinary efforts to bypass firewalls, even potentially an HTTP-only proxy. Unlike a memory stick, computers can not be physically modified to prevent running P2P (unless you make federal employees use XBOX 360's with up-to-date firmware).

A federal agency blocking LimeWire and BitTorrent is a lot different from Comcast blocking LimeWire and BitTorrent and it's frustrating to see Bush administration going after the wrong thing. Let security-hardened versions of P2P be tried and tested in corporate world and then perhaps it will be ready for government use. I am thinking a version of BitTorrent where clients first share an encrypted file with each other and then get the decryption key and verify checksum from an Intranet server with a known public key.

Re:Limewire has no business in the government

[Dhalka226]

) Establish two legal distinctions: misdemeanor and felony unconstitutionality.

You do realize that understanding the Constitution is not the job of the legislature, right? We created an entire third branch of government whose only enumerated power was to interpret the laws (ie eg, Constitution).

I think the best way to achieve a system where less unconstitutional laws go into effect is to require a judicial review for any piece of legislation that, say, 20% of congressmen vote to have one for. No more ducking tough issues by refusing to hear them. No more "you can't sue about our secret spying program because you don't know we spied on you until you sue!" procedural nonsense. If there's a constitutional concern expressed, it goes to a court for review. This information should then be posted on a website that clearly lays out, for every congressman in government, what bills they voted to approve that were upheld or struck down, as well as what bills they voted to require a judicial review for and the outcome of said review. If the people really do care about the Constitution, then such a system should help the people make informed decisions about whether or not their congressmen are working to uphold those beliefs. And if they don't care, well, we're pretty well screwed no matter how you slice it.

I'm not sure the Supreme Court could handle the increased workload of such an idea on their own, so it would probably have to go to other courts. In any event, it should go to the full court rather than a single judge so that crappy bills don't slip by with the luck of the draw. I'm not sure how it should be determined which court holds hearing on the bills; perhaps that should also be voted on by the people who voted to call the review in the first place. It would have to be different than straight yes-or-no voting so that the process isn't subject to tyranny of the majority. Perhaps ranked preference voting would get the job done. Or perhaps it could simply require something like a 66% or even 75% majority in order to force compromise. No compromise means no required judicial review; no required judicial review kills the bill instantly, so it's in anybody who wants the bill's interest to get it done.

The flaw I see with this process is that it could be used as a stalling tactic by the minority party. Requiring a judicial review could delay signing and enforcement of a bill by months or even years. Then again, part of me doesn't care. I prefer the government work slowly than quickly; we've seen what happens when they work quickly too often.

I'm not sure about your second point. Part of me likes it, part of me worries about the chilling effect of people not doing what they feel is right for fear that they may get sued into oblivion for it. I'm a big proponent of the idea that we get the government we deserve, so I suppose I'm leaning toward the idea that elections should be used to handle crappy politicians and not the justice system (except of course as warranted). Especially combined with some sort of system like the one I described above, it would be quite easy to weed out crappy politicians. If we (the People!) did so consistently, I think we would eventually end up with a crop of politicians who knew they can't get away with so much anymore. Remember, politicians want to stay in power; they will push exactly as far as their constituents permit them to push. The fact that they can be as brazen as they are now is as much a strike against the voters as it is against the politicians.

As somebody else pointed out, your third point is ripe for abuse in a lot of ways.

Re:So let me get this right...

[Shade of Pyrrhus]

The number 1 question here is "Why is this computer with classified information connected to the Internet, anyway?". It's VERY easy to "physically modify to prevent running P2P" by simply disconnecting the ethernet cable.

If there is so much of an issue with P2P and such, why are the important systems not in a controlled network with no outside access? In such a case, I would assume it's easier to lose a flash drive with a bit of info, rather than someone physically break into a government controlled facility to steal the data. I understand this makes it more difficult to get data that you need in a timely fashion, but if it's meant to be so secret, then you SHOULD have to jump through hoops to get it.

Again, Executive incompetence = more Legislation

[gr8scot]

My favorite part of the article was the hyperlink text at the bottom of page one leading to page two, which suggests two interpretations of the situation that are both completely wrong.

CONTINUED: Blame P2P users or software makers?...

BS. Blame sysadmins who give their end-[L]users Administrator privileges. Not rights, privileges. Government employees don't own those computers, or those data. I do, along with the rest of the taxpayers. Administrator privileges to a government laptop by its daily user are completely inappropriate. Every software package on every government computer should be approved through a bureaucratic process as time-consuming as the worst urban myth about the Motor Vehicle Department and building permits put together. And, this is not uniquely a government problem, it's one of many symptoms of a cultural problem, specifically entitlement mentality. There is no good reason to have administrator access to a computer you have not personally purchased, but I hear a cacophony of pseudo-populist whining whenever I say that to semi-literate, entry-level keyboard operators.

Evidence that sensitive information is accessible through peer-to-peer networks illustrates "the importance of strengthening the laws and rules protecting personal information held by federal agencies" and other organizations, said Rep. Tom Davis (R-Va.), the committee's ranking member, who has sponsored a bill that would impose new requirements on government agencies that discover security breaches. "We need to do this quickly."

You need to do it right, and be sure to include a few clear, simple guidelines preventing -- not just prohibiting -- the installation of software by the end user, by limiting them to Limited User status.