RSSCongress puts the head of LimeWire back in the hot seat
By Scott M. Fulton, III | Published April 22, 2009, 7:20 PM
During Congressional hearings back in July 2007, legislators were astounded by high-profile testimony from former NATO Supreme Commander Gen. Wesley Clark, revealing that federal employees who had installed the P2P software LimeWire on their computers inadvertently shared classified government materials with other LimeWire users, in many cases without those users even requesting the material.
But sidestepping the entire question of why P2P file-sharing software was installed on government computers in the first place, Rep. Darrell Issa (R - Calif.), the ranking member of the House Oversight and Government Reform Committee, quizzed Lime Group Chairman Mark Gorton about his personal responsibility for the security breaches. Calling him the "elephant in the room," Rep. Issa asked, "Are you prepared here today to say you're going to make significant changes in the software to help prevent this in the future?" Gorton responded, "Absolutely, and we have some in the works right now."
In light of reports since last July, some on local TV newscasts, about newly alleged security breaches believed to involve P2P software, Issa and Rep. Edolphus Towns (D - N.Y.), who now chairs the Committee, sent Gorton a questionnaire on Monday (PDF available here) asking whether LimeWire was involved in these latest incidents, and if so, when and why.
"It appears that nearly two years after your commitment to make significant changes in the software, LimeWire and other P2P providers have not taken adequate steps to address this critical problem," the Congressmen wrote. "A recent string of press reports indicates the continued availability of highly sensitive private and government information on P2P networks like LimeWire."
A check of the LimeWire changelog lists literally dozens of feature improvements and version updates for the open source P2P software since the July 2007 hearings. Last January, the team's first betas for version 5.0 began public distribution, with features that appear to improve the user interface and change the way users are shown how to manage shared folders. Version 5.1 entered beta just last month. Many of the improvements listed here could be said to address the original problem that Gen. Clark noted in his testimony: that users who didn't know what they were doing could share sensitive government files with people who didn't know they were being shared with them.
But the security breaches Reps. Towns and Issa listed center around intentional malicious use, which any number of improvements to LimeWire may not be able to fix. Nevertheless, the Congressmen pre-empted any possible response from Gorton, by sending letters to the Chairman of the Federal Trade Commission (PDF available here) and the Attorney-General (PDF available here) on the very same day, citing the same news reports and advising him that the Committee is formally reopening its investigation into LimeWire's activities.
As an aside, however, the Congressmen did think to ask the FTC Chairman, "What has the FTC done to minimize the risk of inadvertent P2P file sharing?" just in case it may have made some progress there also.
Limewire & Kazaa is so low rent.
Score: 0
|Eh?
So because a couple of employees are fat-fingered enough to have selected every bloody drive on their computer to share it is suddenly the fault of the guy making the software.
What the **** is he supposed to do about it exactly?
"Are you sure you meant to do that?"
"Are you sure?"
"Are you really ****ing sure?"
"Absolutely, positively sure?"
Score: 0
|As usual, Paul, you miss the fundamental point which was stated with "But sidestepping the entire question of why P2P file-sharing software was installed on government computers in the first place", as such 3rd party software installation is prhibited by policy...
How they configured it utterly misses the point - as did the idiot legislators.
Score: -4
|@foxfyre: I didn't miss the point at all. Perhaps you should look at how many people have voted down your comment to see how pointless your comment was.
I'm amused by them not only ignoring security policy of not installing Limewire (or other 3rd party apps) but then having the barefaced cheek to say it's Limewire's fault.
Score: 0
|Why was the response to a security breach, that P2P providers didn't fix the problem. Why are we sharing government documents on a third-party client anyways? I wish I knew the department in question because I am looking for a job, looks like a position is going to open up soon.
Score: 0
|Is stupidity a necessary qualification for election to congress?
Score: 0
|