Forgot your password?
typodupeerror
Security Government United States IT

US House Passes P2P Ban On Federal Networks 91

Posted by Soulskill
from the you-can't-legislate-against-stupid dept.
An anonymous reader writes "Recently, the US House of Representatives passed a bill in an attempt to ban peer-to-peer file-sharing applications on federal computers and networks. Similar bills have been proposed before, apparently in response to confidential government documents being found on LimeWire. The text of the bill, however, provides a very broad definition of 'peer-to-peer file sharing software,' and may extend to more than they intend (SMB? LDAP?)."
This discussion has been archived. No new comments can be posted.

US House Passes P2P Ban On Federal Networks

Comments Filter:
  • by Orga (1720130) on Friday March 26, 2010 @04:25PM (#31632764)
    I think this will greatly hinder our offensive capabilities in a cyberwar
  • by LoudMusic (199347) on Friday March 26, 2010 @04:26PM (#31632770)

    This is an issue of what can be installed on federal computers? I believe there should be a list of what is allowed and everything else is disallowed. And NO ONE has admin access to their computer.

    Come on people - federal security! Why the hell are they running MS OSes anyway?

    • Re: (Score:1, Funny)

      by cbev (1769390)
      Ever try to write an OS using Ada? You'd spend 14 billion dollars and you might get a functional word processor. Copy and paste would be an extra 2 billion, and double the development time of the project.
    • by will_die (586523) on Friday March 26, 2010 @04:40PM (#31632948) Homepage
      The US Air Force has this and it is a major pain.
      It use to be that a base could keep its own list and the local people could control it, however a few years ago that was removed and now there is a central office that does all approvals. This office takes an average around 1 year to approve major software releases,aka Microsoft, and if it not then it takes longer.
      However even then it is a people problem, the local base level admin and security people total ignore this and install almost anything they want.
      • Re: (Score:1, Insightful)

        However even then it is a people problem, the local base level admin and security people total ignore this and install almost anything they want.

        That tends to happen when the chain of command breaks as badly as it has here...

      • Re: (Score:3, Interesting)

        by YrWrstNtmr (564987)
        It use to be that a base could keep its own list and the local people could control it,

        Centralized control and admin. Used to be, a base would control its own network. No more. Even your local proxy server is now being admined from elsewhere.
        • Re: (Score:2, Funny)

          by cnkurzke (920042)

          Even your local proxy server is now being admined from elsewhere.

          Likely the system administration has been outsourced, and is now run from a CSC guy in Bangalore.

          • by gnapster (1401889)
            Let's hope the Indian administrators are not using Chinese DNS to access the American proxies!
      • by Message (303377)

        We have almost the same problem in the Army... there is a standard approval process that can take months or year to get something approved.. even basic things like a patch... and it doesn't even address things like do I need to get a webpart for SharePoint approved and if so what is someone really checking when it goes through the approval process

        I kind of wish we had centralized censorship... as it is now someone may have access to one post but not another... and who knows when my post will get around to a

        • by hedwards (940851)
          That's an issue of specifics not approach. They could fix it in a way that works. For instance security patches could get an almost automatic green light. New types of software would take much more scrutiny and ones that were similar to currently approved ones would require somewhat less.

          But really, certain classes of application are just too dangerous and easy to screw up that they should be completely banned from the network. This is one of the rare areas where those stupid palladium chips could be an
    • Re: (Score:3, Insightful)

      by H0p313ss (811249)

      Come on people - federal security! Why the hell are they running MS OSes anyway?

      The answer is yes. Though if you do a full audit I'm sure you'll probably find a working copy of just about every operating system ever developed.

      That being said I'd be very surprised if Windows is anything less than 90% of the market.

    • Re: (Score:3, Insightful)

      While I would certainly hope that the fed's IT guys would be on top of their game, the idea of attempting to compile a central list(or, worse, have legislators try to do so) sounds like a 100% assured productivity killer.

      Computer security is, surprise surprise, a technical enterprise(albeit with some organizational dynamics thrown in) WTF is congress doing in there? Should we start holding elections for sysadmins, just to make sure that the will of the people is there to defend the network?

      The idea of
    • This is an issue of what can be installed on federal computers? I believe there should be a list of what is allowed and everything else is disallowed. And NO ONE has admin access to their computer.

      Come on people - federal security! Why the hell are they running MS OSes anyway?

      ECHO.

    • by wsanders (114993)

      That's basically one more rule than what is there now for most employees. I can't speak for all, but my wife works for a federal agency, and she has no control over what happens to her computer. The whole building came in a few months ago, for example, to find they had been upgraded from XP to Windows 7 without any notice. Hilarity ensured! They have been switched back and forth between Exchange and Lotus Notes several times. And I can't send her any email attachments, they are usually and somewhat capricio

    • by shentino (1139071)

      Because Microsoft lobbyists are in bed with congress critters.

    • by YrWrstNtmr (564987) on Friday March 26, 2010 @05:17PM (#31633380)
      I believe there should be a list of what is allowed and everything else is disallowed.

      That's pretty much the way it is. They actually have a pretty secure MS ecosystem. Between DISA, NIST and USAF and Microsoft, they've come up with the Federal Desktop Core Configuration (FDCC) [nist.gov] (which is an outgrowth of the USAF 'Standard Desktop Computer' (SDC)).

      Various security settings, GPO's, etc. If you use a standard FDCC image, it is pretty well locked down, AND can be administered from anywhere. Having said that...'locked down' as much as XP or Vista can be. But the VAST majority of users do not need much more than Office and the base OS. No real need for 8 zillion extra little tools, which may or may not have their own vuln's.
      But there is quite a lot on the approved list. Installed on a case by case eval. Wireshark or Firefox, for example. It is up to each department to further refine that list. For instance, the USAF (mostly) bans Firefox in favor of IE7.

      Why the hell are they running MS OSes anyway?

      Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now. Take the Munich example and multiply the problems by 500. For better or worse, an org of that size can't just switch.
      • by stonewallred (1465497) on Friday March 26, 2010 @05:26PM (#31633492)
        I went to your link, then went to the FAQ, which sent me back to the patch notes, with a link available for the FAQs, which took me back to the patch notes. If that is the best the federal government can do, I am brushing up on my chinese, russian and arabic, because we are all fucked.
      • If you use a standard FDCC image, it is pretty well locked down, AND can be administered from anywhere.

        Gee, I can't imagine any problems with that aspect of the situation...

        • Gee, I can't imagine any problems with that aspect of the situation...

          Anywhere = the next desk over, or 3 states away. The trick is getting inside the network in the first place, and having the correct rights once you are in. If you want to require physical access to do any admin functions, let's go back many years.
        • by Jeian (409916)

          Don't be dense. "Anywhere" being "anywhere that a valid administrative user is logged onto an authenticated machine."

          It becomes a necessity when the helpdesk is located five states away, or on another continent.

      • Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now.

        That is a problem, and it needs to be addressed. We cannot allow any piece of our infrastructure to be so dependent on a single company, especially not the OS.

      • by rtb61 (674572)

        Now there is a rock solid example of proprietary lock in, it is too hard to change to something else regardless of whether it is better because the implementation might be worse. Once you get to that stage, the wisest thing to do, is an immediate swap, it breaks the lock in, it provides expertise in system changes and implementation, it breaks all existing security holes and it forces competition in supply contracts.

        As for banning P2P software, that is really pointlessly dumb. Only approved software for

      • by grahammm (9083) *

        Changing the US fed govt infrastructure from MS to 'something else', Linux for example, will take an extremely long time, and may well end up worse than it is now. Take the Munich example and multiply the problems by 500. For better or worse, an org of that size can't just switch.

        The other question is how did Windows become so entrenched? At one time, nearly all Government computers would have been running IBM's MVS, VM, DOS (the mainframe OS, not PC/MS DOS) etc, CP/M, VMS or some flavour of Unix. For many, especially clerical and 'call centre' like roles, users does a Windows PC offer better productivity and make the job easier than using a 3270 terminal connected to the mainframe to fill in forms and get back the responses.

    • by couchslug (175151)

      They use MSFT OSs to avoid training users,

      FWIW, migration could be as easy as giving the order. When the USAF went from terminals to PCs, it was simply a matter of telling them to adapt.

    • Re: (Score:3, Insightful)

      by McGruber (1417641)

      Come on people - federal security! Why the hell are they running MS OSes anyway?

      I'm a career US federal government employee.

      Right after the then-Governor of Texas became President, my employer (a federal agency) "standardized" on computers from a vendor headquartered in Round Rock, Texas. We were no longer allowed to purchase computers from any other company. This decision was made by a political appointee, appointed by the President.

      Right after the same Administration settled the MS anti-trust suit, our agency "standardized" on MS-Software -- Windows is the only operating se

    • by pclminion (145572)

      And NO ONE has admin access to their computer.

      I have another genius idea. The doors to the buildings should be LOCKED at night!

      (You know, the idiom "It goes without saying" is meant to be taken literally.)

  • People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...

    • Sounds like the IT department either needs more power, or someone who knows how to use an SRP...
    • Re: (Score:2, Insightful)

      People shouldn't be making servers out of their company desktops... it's the nightmare of the IT department to have other departments starting Access databases on their PCs, and then inviting other users to use the file. Eventually this becomes unworkable and the user installs a smaller version of MS-SQL, and then you've got a patching nightmare which leads to a worm and then...

      Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be. People turn their workstations into servers because the alternatively of wrestling with the company bureaucracy to arrive at an unsatisfactory solution isn't very appealing. It would be better for all involved to provide an easy way for people to do these things in a safe environment where

      • by Anonymous Coward

        Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be. People turn their workstations into servers because the alternatively of wrestling with the company bureaucracy to arrive at an unsatisfactory solution isn't very appealing. It would be better for all involved to provide an easy way for people to do these things in a safe environment where it can be monitored.

        Also it would be even better with a pony.

      • by einhverfr (238914)

        I actually agree with you. However there is a major problem that has to be overcome: folks don't know what they want in advance and the process for getting it all working right later is difficult even if the IT department cooperates fully. Either the IT department is in control of the design of the db needed for some in-house tool or you are stuck back with the idea that folks (with no training in database management, formal or otherwise) are doing their db design in access and then moving the data over

      • Yeah, but the problem is precisely too much locking down: workers have always tinkered with their tools trying to improve them and the more locked down the environment the more frustrating their experience will likely be.

        Generally, the job is not to dick around with the computer, but rather to produce something using the computer. Read and approve a report, produce a presentation, crunch some numbers in Excel.

        I rail against the lockeddownness too. But in an org of that size, if you give people free reig
        • Free rein. Not normally a grammar nazi, but since the phrase appears to work with either word, I like to keep its origins alive.
  • Bad law (Score:4, Interesting)

    by LordSnooty (853791) on Friday March 26, 2010 @04:40PM (#31632944)
    Why is computing subject to such vague law-making, so often? Do other sectors suffer to such a degree? Presumably, government law-drafters will call on experts to clarify finer points. But this often doesn't seem to happen with computing law.
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Presumably, government law-drafters will call on experts to clarify finer points.

      You spelled experts wrongs, its spelled lobbyists.

  • by H0p313ss (811249) on Friday March 26, 2010 @04:41PM (#31632960)
    If you read the bill it ONLY refers to OPEN-NETWORK p2p which they define as

    The term ‘open-network’, with respect to software, means a network in which--
    (A) access is granted freely, without limitation or restriction; or
    (B) there are little or no security measures in place.

    What part of this is unreasonable in any controlled environment? Can you think of any corporation that would allow such a thing?

    I wouldn't even let my kids run such a thing.

    N.B. This clearly does not cover things bittorrent since you have to explicitly publish individual files to it.

    • by mdmkolbe (944892)

      This might be perfectly reasonable, but why does this have to be written into the law? Agency/Department rules seem like a more appropriate way to handle this.

    • I would say it's a reaction to ACTA. They're not an ISP, so have no safe-harbour, and therefore must ban anything like "open" P2P where they could potentially be held responsible.

    • by supersat (639745)
      The Internet is an open network. The SMB/CIFS protocol (which is the basis for Windows file sharing) lets you remotely connect to file shares over the Internet. Sure, most people have file sharing turned off (or at least firewalled), but Windows will still let you shoot yourself in the foot, just like P2P software will.
  • It's really a pity that politician don't think before they pass sweeping laws. As the net continues to grow and the way that we share data changes this law will almost certainly prevent the gov't from being able to do useful things online ... and will need to be adjusted or repealed.

    And how exactly does banning P2P sharing prevent people from leaking classified docs?

    • by skine (1524819) on Friday March 26, 2010 @05:27PM (#31633504)

      It's also really a pity that Slashdot admins don't think before posing sweeping accusations. As the number of political articles continues to grow and the way we rely on only reading the summary to understand the article almost certainly prevent users from being able to determine what is sensationalized ... and probably won't be adjusted or repealed when proven biased.

  • Code is Law (Score:2, Insightful)

    by spazdor (902907)

    Why is this being done as a federal law which regulates network users?

    It seems to me that this is a policy that ought to be enforced by federal government sysadmins on their own networks, rather than by the government legislaors on the users of the network.
    To use Lessig's parlance, this is a job for architecture, not law.

    • by DrData99 (916924)
      The way this works in reality (the words are in the bill, but may not be obvious):
      The law instructs OMB to (within 90 days)issue guidance to agencies.
      Agencies then have an additional 90 days to: ...establish or update personal use policies of the agency to be consistent with the guidance issued...
      So congress passes law, OMB translates law into guidance, and agencies develop policies and procedures (architecture if you will).
    • Why is this being done as a federal law which regulates network users? It seems to me that this is a policy that ought to be enforced by federal government sysadmins on their own networks...

      In fact, the policy will be enforced by federal government sysadmins. Absent direction, those sysadmins (or their bosses) would be free to establish their own policies, possibly varying wildly from agency to agency, or choose to have none. But the only mechanism Congress can use to establish a single consistent policy

  • There are always at least two peers. And one of them, having the port open, is the server. Doesn’t matter if it has a GUI installed or is a laptop.

    So in essence they are banning all connections that have a source and a target ip adress at the same time.

    Wow. EPIC FAIL.

    • Re: (Score:3, Insightful)

      by vux984 (928602)

      So in essence they are banning all connections that have a source and a target ip adress at the same time.

      Or you could read the full article, and find out what they are really doing.

      Wow. EPIC FAIL

      So is a snap judgment based on a slashdot headline and reading the first few knee jerk responses.

      Is it a good move by congress? No, not really. But did they really just ban connecting to the office network printer? No.

      • Only if you interpret things in the same completely wrong and retarded way as those idiots.

        But I bet you also took the units of information from your TV host, and now talk in “libraries of congress” and clogging tubes, while referring to a lone display as “the computer”, because you got no fucking spine to stand by what you know (because you are the expert) is right, right?

  • doesn't show the text in Opera. ( I'll assume it's a site problem, since Opera 10.51 scores perfect on all the acid tests).

    Here's a better one [loc.gov], and official, too.
  • Well unless they screwed up even more than usual, smb and ldap should be safe as they are server-to-client and not peer-to-peer... I can see this having some rather bad side effects on their network routing setups though.... No more netbios m-node etc.
  • It appears that this bill is extremely poorly written in how it defines peer-to-peer software:

    From the bill:

    (3) PEER-TO-PEER FILE SHARING SOFTWARE- The term ‘peer-to-peer file sharing software’--
    (A) means a program, application, or software that is commercially marketed or distributed to the public and that enables--
    (i) a file or files on the computer on which such program is installed to be designated as available for searching and copying to one or more other computers;
    (ii) the searching of files on the computer on which such program is installed and the copying of any such file to another computer-- (I) at the initiative of such other computer and without requiring any action by an owner or authorized user of the computer on which such program is installed; and (II) without requiring an owner or authorized user of the computer on which such program is installed to have selected or designated another computer as the recipient of any such file; and
    (iii) an owner or authorized user of the computer on which such program is installed to search files on one or more other computers using the same or a compatible program, application, or software, and copy such files to such owner or user’s computer; and

    (B) does not include a program, application, or software designed primarily--
    (i) to operate as a server that is accessible over the Internet using the Internet Domain Name system;
    (ii) to transmit or receive email messages, instant messaging, real-time audio or video communications, or real-time voice communications; or

    First off, wouldn't "the Internet Domain Name system" include reverse DNS? Secondly, "Peer-to-peer" software is nothing more than machines acting as both "clients" and "servers" and the broadness of what they believe "peer-to-peer" programs are could include public web servers.

  • Because BITS is a peer-to-peer protocol [microsoft.com]:

    Peer caching is a new feature of BITS 3.0 that allows peers (computers within the same subnet of a network that have the peer caching feature enabled) to share files. If peer caching is enabled on a computer, the Automatic Update agent instructs BITS to make downloaded files available to that computer's peers as well.

    This is actually a really, really useful feature for those of us operating networks (on behalf of the federal government) with significant bandwidth cons

    • by TheLink (130905)
      Windows Update could actually be intentionally turned off is many corporate environments.

      The updates would be downloaded from a central location, and hopefully tested (to see if Microsoft has done yet another screw up or not).

      And then they are pushed out to the clients via WSUS or whatever the company has decided to use for patch management.

      Once you get to a high enough machine:admin ratio, it's often better to not have the computers self update just because Microsoft thinks it's time.
      • BITS peer caching has its place even in environments that use WSUS [wordpress.com].

        Ultimately, what's ridiculous is the House's outlawing of a tool irrespective of intent. Sorry, no, it's worse than that. Because of their ignorance, they are attempting to outlaw an entire class of technologies that have great value to the federal government and its programs.

Blessed be those who initiate lively discussions with the hopelessly mute, for they shall be known as Dentists.

Working...