Forgot your password?
typodupeerror
Government United States Your Rights Online IT News Politics

White House Decides P2P Isn't All Bad? 45

Posted by Zonk
from the someone-took-some-night-school-classes dept.
ethericalzen writes "An article this week at Cnet revealed that the White House doesn't necessarily hate everything about P2P. The Bush Administration apparently has called into question a law, known as the Federal Agency Data Protection Act, that would force all federal agencies to have plans guarding against the risks of P2P file sharing. In a Congressional hearing on IT security threats, the LimeWire founder was questioned about how his service warned users about the files and folders they are sharing. Karen Evans, the chief information officer for the federal government, stated that she was against singling out a particular technology when issuing computer security requirements. As it is the government already has a law which requires federal agencies to report on information security plans and risk assessments known as FISMA."
This discussion has been archived. No new comments can be posted.

White House Decides P2P Isn't All Bad?

Comments Filter:
  • by Guinness2702 (840158) on Saturday February 16, 2008 @09:33AM (#22444902)
    ...filesharing is the number 1 threat of leaking sensitive information. Damn, and I wasted all that money on memory sticks, FTP servers, back doors, and searching busses, taxis and trains [bbc.co.uk] trying to get my hands on secret data.
    • Re: (Score:2, Funny)

      by Dan541 (1032000)
      Bittorrent is inherently more secure than lime wire,
      and a hell of ALOT more secure than idiots losing laptops.

      ~Dan
    • by iamacat (583406) on Saturday February 16, 2008 @12:19PM (#22445828)
      In the context of a computer with classified information, P2P filesharing is a form of back door. Unlike Intranet server-based file sharing, the list of available files can not be centrally audited. Unlike FTP or SMB, programs like FireWire make extraordinary efforts to bypass firewalls, even potentially an HTTP-only proxy. Unlike a memory stick, computers can not be physically modified to prevent running P2P (unless you make federal employees use XBOX 360's with up-to-date firmware).

      A federal agency blocking LimeWire and BitTorrent is a lot different from Comcast blocking LimeWire and BitTorrent and it's frustrating to see Bush administration going after the wrong thing. Let security-hardened versions of P2P be tried and tested in corporate world and then perhaps it will be ready for government use. I am thinking a version of BitTorrent where clients first share an encrypted file with each other and then get the decryption key and verify checksum from an Intranet server with a known public key.
      • Re: (Score:2, Insightful)

        The number 1 question here is "Why is this computer with classified information connected to the Internet, anyway?". It's VERY easy to "physically modify to prevent running P2P" by simply disconnecting the ethernet cable.

        If there is so much of an issue with P2P and such, why are the important systems not in a controlled network with no outside access? In such a case, I would assume it's easier to lose a flash drive with a bit of info, rather than someone physically break into a government controlled faci
        • by julesh (229690)
          The number 1 question here is "Why is this computer with classified information connected to the Internet, anyway?". It's VERY easy to "physically modify to prevent running P2P" by simply disconnecting the ethernet cable.

          Erm... because the people working with the classified information also need Internet access? And I doubt most of them have the information in question on their physical machine anyway, so disconnecting the ethernet cable would prevent them doing any work.
  • by Anonymous Coward on Saturday February 16, 2008 @10:00AM (#22444996)
    This was an off-the-cuff remark made by an individual who is loosely associated with the Bush administration. It is clearly not the stance of the administration, nor of the Republican Party as a whole.
    • Re: (Score:2, Informative)

      by Guinness2702 (840158)
      To be fair, you are quite correct.

      FTA: Karen Evans, the federal government's chief information officer, told a House information policy subcommittee ... "While we recognize that technologies that are improperly implemented introduce increased risk, we recommend any potential changes to the statute be technology-neutral,"

      Which kinda shoots down my earlier cynical FUD suggestion....in fact everything I've said sofar. I hang my head in shame at missing the key point of the article, and I shall go and start wr
    • by calebt3 (1098475)
      "I reject your reality and substitute my own!" --Adam Savage
  • Email (Score:5, Insightful)

    by Colin Smith (2679) on Saturday February 16, 2008 @10:15AM (#22445064)
    Peer to peer... The single largest distribution network for files and other information.

    This is why government isn't always a good thing.

     
    • Re:Email (Score:4, Insightful)

      by mixmatch (957776) on Saturday February 16, 2008 @11:01AM (#22445334) Homepage
      As far as I know email is a server-based network. P2P got its name from the ability of clients to connect with each other directly without the use of a server. There are server-like services that assist the clients in finding each other and function as proxies for data, but often-times these also function as clients. By your definition, anything transfered on the Net is peer to peer.
      • The Net is by definition a peer-to-peer network, the whole concept of the data cloud. Packet goes in, packet comes out ... anywhere. Anything else is just a artifice laid upon that, a convenience at best, an obstruction at worst.
      • by Niten (201835)

        As far as I know email is a server-based network.

        But broadly speaking, a "server" is anything that accepts incoming TCP/IP connections. A Bittorrent client is just as much a "server" as Postfix is.

        On the other hand, if by "server-based" you meant to emphasize the client-server nature of most modern email systems, keep in mind that in the early days the very mainframe or workstation that you logged into was usually the same computer handling your email. At its inception, email was just as "P2P" as Bittorrent is today.

        • by mixmatch (957776)

          But broadly speaking, a "server" is anything that accepts incoming TCP/IP connections. A Bittorrent client is just as much a "server" as Postfix is.
          Thats why we use the term peer. It replaces the client and server terminology when referring to a program that functions just as much as a client as a server.
    • by smurgy (1126401)
      Bit of a non sequitir. Your point lends itself to the conclusion that communication itself is a bad thing; as long as there is some way to exchange information that exchange will be dangerous for entities wanting to control the dissemination of that information.

      Government has nothing to do with it.
    • Sensitive information? You get onto Limewire/BT/Whatever to download Warez and other stuff. How often do you jump on there to grab 'sensitive information'? Most of that is available on FTPs or forums around the net anyway.

      ~Jarik
  • by MikeRT (947531) on Saturday February 16, 2008 @10:33AM (#22445156) Homepage
    There is absolutely not a single good reason for anyone outside of a handful of employees at the Department of Justice who investigate copyright infringement and pornography to have Limewire installed on a government machine. That is precisely how the head of Limewire should have responded to Congress.

    There are some limited applications for P2P in the government, but not an implementation like Limewire.

    But then, why am I not surprised that Congress once again doesn't do the job we pay them to do? See, this is why I have come to the conclusion that maybe we need to call a new constitutional convention through state legislatures, and add in a constitutional amendment that contains an entire article of civil and criminal liability for each part of the body politic.

    Personally, I think legislators ought to be held civilly and criminally liable where necessary for the negative outcomes of their laws. They don't hesitate to hold engineers, doctors, programmers, etc. accountable for their mistakes. Here's turnabout for them:

    1) Establish two legal distinctions: misdemeanor and felony unconstitutionality. The distinction is that felony unconstitutionality is a blatant, obvious to anyone, violation of the constitution such as passing a gun ban in direct violation of the 2nd amendment or outlawing political speech. Everytime a law is declared unconstitutional, everyone who voted for it gets effectively put on trial. If it's at the Supreme Court, everyone gets sanctioned, without right to a trial, for supporting it. I mean, at that point, how could you argue that they should get their day in court when it is the SCOTUS ruling against their law?

    2) Allow private citizens to sue members of Congress for loss of life, liberty, property and/or emotional distress caused by the enforcement of any unconstitutional law.

    3) Declare that the only political activity that can be legally done while Congress is in session is government-related work. Make campaigning effectively timecard fraud that can cost the legislator their position. Allow the leadership of both parts of Congress to sanction members who go on a tangent like Arlen Spectre going after the NFL. Repeat offenders can be censored from entering Congress for up to one month. Imagine going back home to your district, and having to explain why you were so off topic from what is constitutional, that the Speaker of the House told you to shut up and go home. That's great for reelection.
    • If it's at the Supreme Court, everyone gets sanctioned, without right to a trial, for supporting it. I mean, at that point, how could you argue that they should get their day in court when it is the SCOTUS ruling against their law? Interesting plan, though what if SCOTUS rules in an unconstitutional manner such as Dred Scott, etc. Also, for everyone that recognized the blatant "felony" unconstitutionality of gun laws and political speech restrictions in the campaign finance bill, there were many other peop
    • Your obvious unconstitutional gun ban is my obvious constitutional neighborhood safety concern.

      While I do agree with most of your points, and I have wished for a similar plan to be enacted, be careful of using the word obvious. What is obvious today as all people having life, liberty and pursuit of happiness only meant white, landowning males at the time of the founding fathers.

      • by Anonymous Coward

        Your obvious unconstitutional gun ban is my obvious constitutional neighborhood safety concern.
        Yes, because it's been completely demonstrated more than once that gun-free zones are so much safer.

        For the gunman doing the shooting, that is.
        • I was not putting forth any personal opinion. I do not wish to get into a gun control argument right now. Personally, I can see both sides.

          I was merely pointing out that what is obvious to one is inconceivable to another. To use another 'hot topic': Abortion is completely justifiable and an obvious help to some, but to others, it is obviously murder. Does this clear up any confusion? Is it clear as mud?
    • So, all the politicians who had voted for abortion bans before Roe v. Wade should have been arrested for passing unconstitutional laws?

      You do realize that Constitution masturbation isn't actually that helpful towards realizing good government? Canada, Britain, etc., all have reasonably free and decent governments despite not having the American constitution. In other words, it's people and culture that make good government, not written constitutions.

      Finally, whichever party controls Congress will really
      • by Samrobb (12731)

        In other words, it's people and culture that make good government, not written constitutions.

        So... you're saying we're all doomed, then?

    • by maxume (22995)
      You would create a world where most people responded to the honor of being elected to office by resigning.

      The system we have, which is largely based on good faith between elected officials and their constituents, doesn't always work all that well. You want to place all the blame on the elected officials. If you don't want to blame the constituents, why bother with democracy?
    • Re: (Score:2, Interesting)

      by Coraon (1080675)
      everything you have written here makes perfect sense, there just a few problems. 1. the objective of a politician is to get into power and stay there, as long as possible. therefore anything that could remove them from power will be struck down, as they are the ones voting on it. 2. your under the mistaken impression that enough voters care about what happens in government. The Americans have been so brow beat into thinking that their vote doesn't matter, with that much voter apathy I doubt you could get e
    • by anexkahn (935249)
      I really like the third point you mentioned. Why should we pay congress to go out and campaign....
    • Re: (Score:2, Insightful)

      by Dhalka226 (559740)

      ) Establish two legal distinctions: misdemeanor and felony unconstitutionality.

      You do realize that understanding the Constitution is not the job of the legislature, right? We created an entire third branch of government whose only enumerated power was to interpret the laws (ie eg, Constitution).

      I think the best way to achieve a system where less unconstitutional laws go into effect is to require a judicial review for any piece of legislation that, say, 20% of congressmen vote to have one for. No more

  • I would hope government agencies would be smarter enough than to, and have plans to prevent against, installing P2P applications on their computers. Seeing the reaction of the public to government agents losing laptops containing citizens' valuable personal data, how pleased do you think they would be seeing "Joe Smith's Tax Return.pdf" on Limewire? Most government documents aren't made to be shared amongst a large enough group of people to make P2P usefull in any way. The only acceptible use of P2P in this
  • My favorite part was this:

    The most scathing criticism came from Rep. Jim Cooper (D-Tenn.), who launched into a lengthy monologue in which he deemed Gorton "one of the most naive chairmen and CEOs I've ever run across," and accused his company of making the "skeleton keys" that grant access to material harmful to U.S. national security.

    "I'd feel more than a shade of guilt at this point, having made the laptop a dangerous weapon against the security of the United States," Cooper said. "Mr. Gorton, you seem t

  • If our dear leaders are realizing the importance of P2P, does this mean that in the (relatively) near future they may actually seek to end the BitTorrent throttling by broadband providers (specifically Comcast!)? Here's hoping so!
  • Fly in the Soup (Score:3, Interesting)

    by MacWiz (665750) <gzieman54@@@gmail...com> on Sunday February 17, 2008 @04:49AM (#22451618) Journal
    I'm looking at the comments on this page and I have to wonder if anyone remembers what file sharing is at its basic level.

    Back in the late 80s, I was the editor of an entertainment supplement that ran in the newspaper in three mid-size towns. We had to use a modem to connect to each other and sometimes we could get a whole 1 kbps transfer rate to move text files. Within the office, file sharing was faster because we could swap floppy disks.

    While I know you're all talking about swapping movies, music, games, etc., every corporate environment involves the sharing of information. A newspaper is a real good example of how you have to pull files in from your "peers" to collect and assemble them. Every day.

    We spent so long looking for faster ways to move files around and now we've reached the point where this basic function is finally is working so well that we've gotta screw it up.

    File sharing/information sharing is the purpose of the Internet. To even consider trying to stop it is ludicrous. You might as well just shut down the entire net because that's the only way file sharing stops. Then we'll just go back to faxes and snail mail.

    Should it really be up to the guy that owns LimeWire to tell the government that maybe they shouldn't be using it at work? We have an Intelligence Department, but no one can figure out that, if they are going to use p2p, to do it from a machine with no sensitive information?

    Probably not.

    After all, most of the government still uses Windows, so security must not be that important to them.
  • by gr8scot (1172435) on Sunday February 17, 2008 @04:28PM (#22455646) Journal
    My favorite part of the article was the hyperlink text at the bottom of page one leading to page two, which suggests two interpretations of the situation that are both completely wrong.

    CONTINUED: Blame P2P users or software makers?...
    BS. Blame sysadmins who give their end-[L]users Administrator privileges. Not rights, privileges. Government employees don't own those computers, or those data. I do, along with the rest of the taxpayers. Administrator privileges to a government laptop by its daily user are completely inappropriate. Every software package on every government computer should be approved through a bureaucratic process as time-consuming as the worst urban myth about the Motor Vehicle Department and building permits put together. And, this is not uniquely a government problem, it's one of many symptoms of a cultural problem, specifically entitlement mentality. There is no good reason to have administrator access to a computer you have not personally purchased, but I hear a cacophony of pseudo-populist whining whenever I say that to semi-literate, entry-level keyboard operators.

    Evidence that sensitive information is accessible through peer-to-peer networks illustrates "the importance of strengthening the laws and rules protecting personal information held by federal agencies" and other organizations, said Rep. Tom Davis (R-Va.), the committee's ranking member, who has sponsored a bill that would impose new requirements on government agencies that discover security breaches. "We need to do this quickly."
    You need to do it right, and be sure to include a few clear, simple guidelines preventing -- not just prohibiting -- the installation of software by the end user, by limiting them to Limited User status.

Reference the NULL within NULL, it is the gateway to all wizardry.

Working...