Feeds

back to article US Congress probes accidental top secret file sharing

US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing. A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security. At issue …

COMMENTS

This topic is closed for new posts.

Lack of user responsibility?

Is it just me or are the users who install the software not personally responsible for the files and folderd they share? Install fire sharing software = files will be shared, you have to configure it for your own use not bloody default.

idiots.

0
0
WTF?

simples

If this hinges on whether a default installation shares files by default or not, surely it's pretty damn easy to prove whether it does or doesn't by, you know, simply installing it and seeing what happens.

The respected members of congress / the senate / whoever are surely too old for this pantomime "yes it does", "oh no it doesn't" malarkey.

0
0

yes, a software problem

did he forget email? people emailing sensitive documents is also a software problem not a user problem

don't require systems be set up securely, instead ban p2p software because it's all the p2p softwares fault when people go and change settings and mess with computers to make them insecure - i wonder how much bribery money he got paid to sprout that bullshit? and i really can't guess which company it was that bought him off...

sorry i forgot it's not bribery if you pay government officials to bullshit for you, it's just "creative accounting"

0
0
FAIL

Privileges?

I hope I'm not the only person who thinks that something must be amiss, if government workers with access to sensitive files are even allowed to install any software on their desktops!

0
0
Silver badge
Flame

It's raining Nannies

Does a sane world _really_ need politicians & career lawyers discussing software design and implementation and threatening to "step in" with some regulation?

If you want to be on the secure side, just don't use the damn thing, or find find an implementation on the (remaining) free market that is well-designed and fulfills your security evaluation criteria. How hard can it be?

"The file-sharing software industry has shown it is unwilling..."

There is a regulation-worthy "industry" in every nice, isn't there, Mr. I-make-work-for-myself?

0
0
WTF?

Let me get this straight

Some civil servant (or whatever the yanks call them) installs a p2p program on a computer holding secret documents.

And it's the fault of the p2p software that the files were shared?

Sack the idiot who installed it, job done.

0
0
Anonymous Coward

People are responsible for their actions

Anyone handling sensitive data needs to be comptetent enough to look after the data in their care. This isn't about Limewire or other P2P apps but encompasses much wider considerations like the use of email (including private accounts e.g. Palin), USB sticks, notebooks, PDAs, mobile phones, cameras, etc. People who can't grasp the importance of the issues involved probably should not have access to sensitive data, at least, not in a form which they can copy or otherwise disseminate.

What I don't understand is how IT policies and auditing in the organisations concerned allow users to install and run applications like Limewire on systems which can access sensitive data. Are US government systems containing classified documents really allowed to connect with the Internet and/or do they allow files to be copied to other systems or media?

0
0
FAIL

What a load of B*****ks

If they are installing P2P software against policy on the machine. SACK the F**KING staff. If company policy allows people to install P2P software, then sack the moron in charge.

DO NOT blame the software for a complete lack of management.

End Of.

0
0
Terminator

No brainer really

The folk using a computer containing sensitive information for file sharing should be fired and or prosecuted. You should have a work machine and a personal machine seperately. If people are using their work machines for file sharing its not the fault of the software vendor but the idiot behind the keyboard thats at fault.

I'm pretty sure they don't need a new law for this. They could have them terminated under the anti terror laws.

0
0
Boffin

Can we engineer for stoopid people

DoH.

If these people are too stoopid to control the security on there machines then maybe they shouldn't be trusted with admin access, or a job......

0
0
Bronze badge

Wha....

Um.

What sort of an admin allows users full control to a point where they can install a P2P program? I've never allowed users admin access on a network i've been administering, why is the US government doing differently? If it's this much of a problem you could always prevent it from running via group policy instead of forcing the manufacturer(!) to change the default settings.

I mean seriously. Accidentally sharing a Top Secret document? Oh. Everything suddenly makes sense. This was done by a politician, or political appointee wasn't it? Anybody else they'd (quite rightly!) have crucified for negligence.

0
0
Silver badge
FAIL

So it goes poo-tee-weet

I am sure that good Mr. Edolphus Towns committee chair is only worried about our security (think of the children) and has never taken any money from the entertainment/media industry. Yep P2P much like commie linux and the Satanical internet and its evil gambling will surely bring down western civ. I got an idea why don't they quit hiring worthless clueless employees instead. Oh wait thats right the politicans buddies and familys need jobs too.

0
0
Stop

Security?

Perhaps they'd like to consider some simple system and network security first, before trying to legislate against a piece of software.

0
0
Unhappy

It's always extra funny

.. when governments use their own incompetence as an argument for more control over the internet. But it's also extra sad. Especially when that control would end up in the hands of the very people who have just demonstrated they're not very good with computers. But of course it's all the software's fault. Bad software! Haha. Wonderful. :) .. :(

0
0
WTF?

Selinux?

.... a little tweaking of the permissions maybe? Easily solved.

Maybe this new law should be specific to " cough" certain OS'ses?

0
0
g e
Silver badge

Another part of the problem

Is that 'normal' people shouldn't be allowed to use computers anyway. Have you seen what 'normal' people are like out there!!!???

0
1
Silver badge
FAIL

"The file-sharing software industry...

... has shown it is unwilling or unable to ensure user safety,"

No, the file-sharing software industry expects users or admins to use their *BRAINS* and not install (or allow to be installed) their software in ways or in places that allow access to confidential information!

Whatever happened to *responsibility*???

0
0
FAIL

Ban on P2P???

Uh Duh, there are already regs out there banning P2P on Gov puters... The problem is that admins are not locking down there machines tight enough! The problem lies in that the "tech saavy" (LoL) gov employees want way more privs than they can actually handle. Just lockem down and that will prevehttp://www.theregister.co.uk/Design/graphics/icons/comment/stop_32.pngnt most of the P2P worries but not all....

0
0

nuff said

"According to the committee chairman, this is a problem with the software rather than user."

Isnt there a law or something that could be used to sentence him to tech support for a couple of months?

0
0
Stop

Needs admin rights to install? Maybe not

My experience of users is that they will try to install anything.. whether they have admin rights or not.

Unfortunately users not having admin rights on a Windows machine is not enough because apps such as Google Chrome/Earth and Skype install themselves in the users application data profile folder which of course unsurprisingly has full access rights for the user. I know nothing of p2p software but I suspect this type of software does the same. All we can do as sysadmins in these cases is add a 'software restriction policy' to Domain group policy when we discover a breach like this.

Who's fault is it? Microsoft's? The software creators? The users?

Can someone from Microsoft tell me what good reason there is for allowing a corporate user without administration rights to be able to install un-sanctioned software to the %appdata% folder and also can a programmer from Google or Skype tell me why they think it's a good idea to create an installer that exploits this security hole and installs files to the %appdata% folder if the user (for valid reasons) doesn't have admin rights?

0
0
Anonymous Coward

Old tune, new guitar.

You can make it foolproof but you can't make it idiot proof. But hey, the world is full of idiots and some of them get paid to shovel shit into the public record. What's new in town this week?

0
0
Grenade

What a joke

Software can partially solve the problem (block installation/block network traffic), but its nothing compared to a well enforced user agreement. I work for a company that handles patient data and although the traffic would be blocked, if we caught someone doing this they'd be shitcanned. No questions.

We couldn't do that in the goverment though! These are special people and they have to be treated as such! It wasn't his fault he installed some file sharing software and shared your social security details, it was the softwares fault! Yes yes its the 5th time hes done it, but we cant fire him over something that small! That would mean my department would get fewer tax dollars!!!!

I cant wait until we start handing them over our healthcare records.

0
0
Silver badge
FAIL

Such an obvious solution.

Left some secret documents on a train - ban trains.

Dropped a USB key in a pub car park - ban pubs

Got out of a car waving secret plans in front of photographers - ban photographers.

0
0

Education not regulation

We need user education on file-sharing pros and cons, not regulation.

File-sharing does not kill people, people kill people.

www.techloid.com

0
0
Boffin

Stoopid

Who would want to put Limewire on a Gov't computer: A) they monitor everything and B) since computers are supplied by the lowest bidder, there's not enough RAM or CPU power to run even the basic applications, let alone user installed stuff.

0
0
This topic is closed for new posts.