Networking

P2P laws vs. federal employees: Which is the biggest national security threat?


P2P and national securityKeep your eyes peeled for new legislation dealing with peer-to-peer (P2P) networking, as politicians are fearful of national security threats and are considering new laws to fix the problem. See the News.com story, "Congress: P2P networks harm national security."

What's new:

Politicians call peer-to-peer networks a "national security threat" because they enable federal employees to accidentally share sensitive or classified documents.

Bottom line:

The chairman of the House Government Reform Committee said he is considering new laws aimed at addressing the problem.

For more information about P2P security risks, check out these news sources:

Do you agree with Government Reform Committee Chairman Henry Waxman (D-Calif.) that new laws are needed for P2P networking so that federal employees don't accidentally share sensitive or classified documents from their computers? Or are you of the mind-set that the current P2P laws are sufficient, and that federal employees are the national security threat?

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

About

Sonja Thompson has worked for TechRepublic since October of 1999. She is currently a Senior Editor and the host of the Smartphones and Tablets blogs.

41 comments
rwb1959
rwb1959

All this has to do with is the movie and music industry lobbies. They been spreading so much money around congress that it was only a matter of time before politicians could figure out a new way to present this old issue. Hey, let's call it a "threat to national security", yeah, that's how we'll sell this BS. Don't buy it folks!

eM DuBYaH
eM DuBYaH

You hit it right on the head. With a story like that, how can legit home users complain, right? P2P has no business on Fed computers. That's why our taxes are so high, instead of working, they're too busy playing around on company/taxpayer's money.

MPG187
MPG187

Well, I hope this doesnt affect me, I am sick of hearing people b**** about copyright laws!

Pingthis
Pingthis

Oh no! What if they load the data on a CD and DRIVE home! Cars are a National Security THREAT! Ban cars immediately! Motorcycles are the only answer, everyone knows there is nowhere to put a CD on a bike. Government employees can not be held accountable for their own actions... They work for the government, duh...

oromis
oromis

I frankly feel that the government and thieves like the RIAA and MPAA have already illegally tampered too much with P2P, and that the last decade of attempts to 'regulate' peer-to-peer networks should be unilaterally scrapped. Waxman is a loon and the RIAA have been a gang of scam artists since the payola racket back in the middle of last century. I'd establish usage guidelines for Congressmen to prevent sharing restricted documents, but otherwise let P2P run free and replace the corrupt RIAA as a music distribution medium, including coinslotting for 'high resolution' versions of music so musicians get paid more than they did by the RIAA for their work on an average.

Dr_Zinj
Dr_Zinj

It's a Bait & Switch Tactic The government itself is causing the problem and Congressman "Waxhead" is trying to blame ordinary citizens for the problem. I'd venture an educated guess that the government workers are using P2P software on government systems either without authorization, or without going through proper procedures for installation and use. If so, they should be either fired, or convicted and sent to spend time in the crowbar hotel. The more our government pushes for secrecy and restrictions on freedom of communication, the more I'm tempted to just chuck the whole deal out the window and start over. Maybe I should run for office on a platform of rescinding all legislation that restricts speech and freedom? (not to mention outdated laws that are still on the books and used for general harassment by the executive branch)

johnson12
johnson12

Is it that users still have admin priv. to even install any software? It makes my head hurt that we still have to protect people from themselves. It security 101 ! Bottom line National security = new legislation

ginkep
ginkep

"Do you agree ..." Yes. Forbid E-mule, forbid E-Donkey, DCC - all P2P. Forbid ICQ, Skype, MSN ... Wait a minute ... forbid Windows and any OS! Give a pencil and piece of paper. NO - thats not good to. Somebady can take writings inadvertently. Moral: Even a use of toster can be hard nut for lamas. :)

ninja
ninja

I think all of our lovely government employees need to be more carefully screened and supervised. Unfortunately , the old , graying , too fat around the waste , arrogant , I'm getting too close to my fat government retirement to give a crap , people that run these areas , don't know a damn thing and don't care. We can't vote them out , so how do you fix that?

DanLM
DanLM

Like Tony said, ftp, fstp, and what ever else goes with it can do the same thing. Freaken hard drives are cheap enough any more, 100 dollars for a bloody 250 gig external. Make it a rule that work material reside on usb external and must be unplugged after every work secession. Crap, make it an encrypted hard drive in case mom lose's it taking susie to dance class. Hardware encryption, mom can't turn it off. When susie initially set up the p2p, that drive would not have been connected. So, p2p shouldn't know about it. Dan

wmlundine
wmlundine

...from IT/reporting to manufacturing. 'Cause that's what you are trying to do to the news.

serrin
serrin

Sounds like DRM legislation. Attack everything but the root cause. Federal Employees should be working in a fairly locked down environment. It's impractical to think that P2P networks are responsible for "irresponsible" federal employee activities. If the government will allow and employee to remove sensitive files from a secure location to work on them in an "un-secured" location... Hello? Now.. can P2P networks make it easier for those documents to get into the wrong hands? I think the answer to that question is yes, but legislating the technology has never worked. The original Napster was taken down(changed).. P2P changed and lived on. Even if P2P networks were deemed illegal, AND were magically made to disappear, something would take it's place to make the same issue come up again. Bottom line: Enforce the rules on the employees that need the rules enforced upon them. Making laws that have no teeth is like remaking Jaws with Nemo, it's funny, but pointless.

wmlundine
wmlundine

All this bluster about Henry Waxman and nary a peep about AT&T planning to block P2P packets. There will be no public hearing at AT&T and no venting on ZD net.

wmlundine
wmlundine

If so...which gives the clearer, more informed coverage; AT or Ou and company?

wmlundine
wmlundine

...I read that piece before I posted and that kind of obfuscation has not been seen since my cat visited the litter box. So bite me. Both stories were covered by both organizations. The coverage is as different as night and day. AT makes sense...ZD makes headlines. The reader pays the price.

DanLM
DanLM

Because there was a complete thread on it. And they were in agreement with you. http://blogs.techrepublic.com.com/tech-news/?p=642 Your winning because you have to use multiple sources for your information? What a twit. You should use multiple source's, no single source for information will always give you the truth. Unlike you, left wing liberal. I do read multiple sources. Unlike you, left wing liberal. I read both conservative and liberal opinions on subjects. Unlike you, left wing liberal. I think that its very intelligent to have multiple source's on any topic. Unlike you, left wing liberal. I understand no matter WHAT I read, and no matter WHAT the source. I know that it will be tilted in it's opinion anyway. I only dig for the truth, and not what I just want to hear. You moron, there are more blogs posted here where the bloggers raise privacy concerns then you give them credit for. This is why I think left wing liberals are fkn morons. Even when they have a source where most postings are in their favor, you still cry like the babies they are. Dan

wmlundine
wmlundine

...go to Ars Technica to find out the real story? There is information and dis-information. If ZD is your only source then you have no idea.

DanLM
DanLM

You telling them what to do with their property now? Don't use it if you don't like it. You telling them what to do with their property is like telling a bar owner he can't throw out drunks or people that sell drugs inside his bar. Same chit.... His property, he is protecting it. AT&T's property, they have a right to protect it. Protect the infrastructure that they built, not you. Protecting possible law suits against them by the RIAA. Consider this... Wonder how many business's that ATT owns that sell music. Wonder if they are looking at their own bottom line that is being marginalized by p2p? What, they don't have a right to protect that also. Look, RIAA started all this crap. Take it up with them. They are the real criminal here, not AT&T. Or, are you of the mindset that nobody should infringe on your rights. But its ok for you to infringe on theirs. Simple question, got an answer? Are you so important that you can tell others what to do with their property? But they can't tell you? What about stock holders in AT&T, you better them also? Have any retirement funds? Sure none of them are invested in AT&T? You making money off them? Are you biting the hand that feeds you? Dan

Tony Hopkinson
Tony Hopkinson

What about Windows file sharing FTP HttP NFS Gopher PcAnywhere etc, etc etc It's just as easy to accidentally share in them as it is in P2P. P2P is dangerous, what a set of nippleheads !

mad tabby
mad tabby

Why does there have to be a law about P2P? I see this more as a work around to enact laws for the RIAA than a security risk. Private Sector has been dealing with this ever since P2P was invented. How? By having and enforcing rules on what can/cannot be done with corporate equipment. So why can't the government do the same thing?

paul.berra
paul.berra

A machine that has P2P access would not have access to the documents they are worried about

gshollingsworth
gshollingsworth

A machine that has P2P access SHOULD not have access to the documents they are worried about. Is the statement that reflects the current state of affairs. But that shows the problem is actually allowing documents to be on machines without appropriate security. The lawmakers need to be consistent. When the VA had a computer stolen with personal information they should have responded by passing a law against stealing computers, especially a government computer. (I'm being sarcastic)

Gary272
Gary272

I think the employee is the risk. They are work computers and not there for personal use as P2P PC's. Notify the employees, Warn them once, and fire them the next. My tax dollars are not for their personal use, do it at home.

Jordon
Jordon

At first I thought this was laughable. What government agency would allow employees to run a P2P program on a government computer? But then I read the referenced news.com article and saw this... "Earlier this year, the Department of Transportation experienced an incident in which an employee's daughter installed LimeWire on the home computer that her mother occasionally uses for telework--and misconfigured it in such a way that documents from the department and the National Archives were open to others using the network--including a Fox News reporter." A law regulating P2P networks? How about a law regulating how government employees use their computer instead? Why are the children of government employees being allowed access to sensitive information at all? If the children of government employees are allowed access then it's not much of a jump to think that the friends of the children of government employees also have access to sensitive to information. At that point who cares if it's Limewire or removable media?

Sonja Thompson
Sonja Thompson

Do you think new laws are needed for P2P networking so that federal employees don't accidentally share sensitive or classified documents from their computers? Or are you of the mind-set that the current P2P laws are sufficient, and that federal employees are the national security threat?

wmorriss
wmorriss

Obviously, this is an HR problem, not a problem with P2P technology. However, when choosing between exercising oversight over whatever inadequate training and retention policies are being used and pandering to the RIAA, it seems clear that Waxman would rather engage in the latter than the former. Disappointing but unsurprising. I discuss in more detail here: http://ephemerallaw.blogspot.com/2007/07/priorities.html.

steve
steve

Hi - I suppose that P2P distribution can be controlled if some agency is empowered to sieze the domains of the P2P distributors and shut them down. But (and thankfully) the Bush administration has relented on its attempt to take over Internet governance, so this would be difficult to do (arguments of lawlessness aside). But the real beast behind regulating P2P is not national security - we all know this. It's the content owners, who hate to see any leakage to their revenue streams. But now, the content owners themselves are demonstrating an increasing level of trust in P2P. Proof is in new IP video services like Joost, Zattoo, Azureus, and others. They are all P2P and they are all television. This trend will probably take the wind out of any attempt to regulate P2P because the content owners will become increasingly ambivalent about it, as they themselves participate in it. Just my ?0.01 (2 cents)

Dr Dij
Dr Dij

state govt offices and major law firms among others are places that due to lax enforcement of P2P sofware on end user's PCs have whole internal network shared drives available over the internet to anyone using P2P software. Plus kazaa included spyware, and others may have trojans added, they are untested unknown software, and the act of installing them can give strangers total control of your PC and access to your network if they do have trojans or if you install the defaults which can be to share all drives. And you call yourself an IT consultant? Maybe you'd be recommending biz have users install P2P to clog up their networks? You sound like a school kid who is more concerned about your God Given Right to share stolen music and videos rather than actually getting some work done. I don't personally CARE if people share music via P2P, they're just bad security and cr*p up the network. However if they are doing this to share music and videos on the slow end (shared broadband) of my ISP this is particularly STUPID use of bandwidth. Any large files for downloading should be placed on servers with high speed direct conx such as in hosting data centers. Of course they don't because a) they are lazy , b) cheap, c) more likely because they are sharing copyrighted materials illegally that are NOT ALLOWED on hosting sites. I have over 44 gigs of (legal) material shared directly via web pages hosted in a high speed data center and it costs me a total of $90/yr for unlimited data storage and $14/yr domain registration. So in the end while P2P has a few limited uses that make sense, unless used by biz should not be on biz nets, and definitely not on govt nets unless directly used for job reasons, which is mostly is not. Just junk clogging up the network. And same goes for home networks.

stan
stan

Obviously, all thats needed is an administrative rule forgovernment workers. And enforcement.

TechinMN
TechinMN

I can't believe they are considering laws for this! Well, yeah, I guess I can - but it sounds like someone in the pocket of the entertainment lobbyists to me. Federal employees have to follow regulations--ESPECIALLY in regards to the handling of classified and sensitive information. Frequently those regulations are more stringent than laws, as they directly impact national security and the functioning of our government. All they need to do is create regulations governing the use of P2P for their own people that's appropriate for their environment. There is NO LAW necessary! Not only will it cost the taxpayers a ton of money to implement and oversee, but it's not properly in the scope of a law in the first place. In the end, they need to assume responsibility for what's apparently a problem in their arena. They need to police THEIR OWN people, not ALL the people. And won't it be a proper mess trying to create and implement a one-size-fits-all P2P law, when they can't even make an effective, enforceable policy for their own employees... Nope - sounds like Waxman is on the take. Did anyone notice what state he's from?

TheGooch1
TheGooch1

So, lets outlaw all types of communication protocols since sensitive data may be transferred over them. In fact, I could make a phone call and read classified information to someone over the phone. So lets make phones and even talking illegal. *OR* We could make it illegal to transmit classified data over any unsecure medium, and then use audits and other programs to ensure compliance. Sometimes you have to wonder what illegal substances politicians are on when they write these laws, assuming they even wrote them. Often lobby groups or business consortiums will write the law and then hand it to a politician to endorse.

apotheon
apotheon

Forget the high-level stuff. Let's stop the security problems at the source, and outlaw the protocols that make all this sort of thing possible! We'll start with transport-layer protocols, like TCP, UDP, and NetBIOS!

wolfshades
wolfshades

In every workplace I've ever been in, it's been the same: IT has been asked to do the job that managers should be doing. The government proposing laws to attack P2P creates the same dynamic: it's not an issue of law, but of management.

blarman
blarman

Why are users with access to classified documents being allowed to download said documents onto their home PC's? This sounds like a huge breach of security that could be solved by using a decent remote access program like Citrix. It sounds to me like the problem isn't the networks, but the users and lack of security protocols instituted by the government. More laws are not going to solve the problem. And by the way - how are they going to STOP/prosecute P2P networks? What utter nonsense.

segravesrc
segravesrc

Yes, the threat is valid. The internet was designed to be open, it is and that is a threat to security, whether it be national, corporate, or personal. The are technologies available in the marketplace to manage security of P2P connections. There are technologies that can lock down data and/or alert users to the potential for compromise. It gets down to users knowing what needs to be secure and actively safeguarding the information. The politicians are posturing. No new laws will fix the problem, sound user education, strong threat monitoring, and tough protection and where necessary prosecution of individual who compromise secure data are more appropriate.

bob
bob

Current P2P laws are sufficient. Eliminate the threat. Block all P2P applications using your firewall settings. It sure works for my network!

Gary272
Gary272

Most Federal employees do not work in an IT structure that is not firewall and locked down. Of the several sites I have been too I do not see how anyone could use a P2P on their work PC and not get fired. But if there are places that are not locked down then like you said block it at the fire and be done with it. There is no need ever for such software on a goverment owned PC, or network. After all they are work to work right?

Jordon
Jordon

If a government employee with sensitive documents on a home computer allows their child to install a P2P program on that computer, can you even expect that they have a firewall?

brian.mills
brian.mills

Government employees typically aren't allowed to work with sensitive documents on a home computer. That in itself is a breach of security, with or without a P2P program installed on the home computer. The rules are pretty strict about government-owned notebook computers that are taken from site to site as well. So keeping P2P software off of computers used by government employees to process sensitive information seems more like an IT issue than something that needs to be legislated. If we keep legislating anything and everything, pretty soon we'll lose all of the freedoms our forefathers fought and died for. Prosecute those that use P2P software to breach national security. Don't take the rights to use it away from everyone else.

Endoscopy
Endoscopy

Making laws that are virtually unenforceable is really stupid. How would this be enforced? Too many people are involved to do anything about this. Laws are only for this country as well.

wolfshades
wolfshades

It's important to have an awareness of the relative ignorance of so many non-techies regarding technology. You can't take the chance that a user is going to know when he's opening up sensitive files to the public at large. If a law is to be the answer, it cannot and SHOULD NOT be pointed at P2P networks however - it must be pointed internally, at government offices and agencies. The law should stipulate that the IT departments are responsible to impede the installation of P2P software, and make it a crime for government employees to attempt to use it on their work computers. How hard is that, really?

Editor's Picks