House Passes Ban On File Sharing Use By Government Employees

from the sharing-is-bad,-you-see dept

For a few years now, one of the tactics of the entertainment industry to get another foot in the legislative door towards outlawing file sharing programs, is to push ridiculous stories about how secret gov't documents were showing up on file sharing networks. Of course, there's a reason why that's happening: clueless gov't staffers not being careful. But, in typical Congressional fashion, the response is to overreact, very much at the urging (and legislative guidance) of the entertainment industry. After trying for a few years, it looks like the industry has been marginally successful this time. Slashdot points out that the House has passed legislation that would bar government employees from using file sharing, but notes that the language of the bill is so broad that it likely forbids all sorts of useful applications.

Of course, this was only passed in the House, and it looks like the Senate is going in a different direction -- instead preferring an equally pointless bill that would require any file sharing software (again, so broadly worded that it would include browsers, FTP software, backup software, etc.) to pop up an alert that you would have to click every time you opened the software.

Hey Congress, here's a better idea: instead of passing dumb laws with serious unintended consequences, why not have a bit of basic computer security training for your staffers so they don't do idiotic things like putting top secret plans in a shared folder?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    sinsi (profile), Mar 30th, 2010 @ 9:54pm

    Without reading the whole thing, only your story, I can't see why a government employee on a government computer would actually need that sort of software.
    Sort of like people losing their jobs for surfing porn - it's not their computer, the rules are there, so they only have themselves to blame.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike C. (profile), Mar 31st, 2010 @ 4:45am

      Re:

      The article doesn't give a lot of information, so we'd have to read the actual bill to be sure. That being said, given that I deal with end-users on a regular basis, a PARTIAL ban may be the only viable solution.

      While some users do actually pay attention in training, a lot do what they can to breeze through so they can get back to their desks. I believe a reliance on training for all users to allow all users to have access to P2P software is just as problematic as banning the software for all users.

      I think a ban is acceptable with one caveat - exceptions can be requested and easily granted. Where I work, our machines are regularly scanned for unapproved software. If it's detected, you get an email saying "XX app was detected. If there is a valid reason for using this software, please submit an exemption request via {link}". Requests go to your manager and if approved, on to IT.

      Most people won't bother. The ones that need it, will. It works for us (30,000+ employees worldwide), they should be able to make it work for the government.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      bugmenot (profile), Mar 31st, 2010 @ 4:52am

      Re:

      "I can't see why a government employee on a government computer would actually need that sort of software." I think that depends on the particular government employee. Say you're in the IT department (as I am, though I'm non-government) and you need a copy of the newest Linux distro to install a new server toot-sweet because you're on a deadline. Bittorrent is the perfect way to get those .iso files. Unfortunately, because you're a government employee, you can no longer use Bittorrent. So, now you're going to have to download the .iso files via another source, at a much slower rate and miss your deadline. Now, in this scenario, should you be running the Bittorrent software on one of your other, active, servers? Hell no! But you could run it on a clean laptop that's located outside the hardware firewall (but with a software firewall in place on the laptop), burn the .iso files to disc, and then reimage the laptop to make sure nothing has been compromised during it's time outside the firewall. I've done something similar quite often in my company, and it works very well. As long as some common-sense safety rules are followed, there's no harm. The harm is in these "zero-tolerance" situations. They're so worried about P2P that they don't realize that the real threats are often from downloading things from standard web pages. Sure, block P2P traffic from the receptionist and Finance and departments that really have no need to access it, but don't ban it from the people that can actually use it and know the precautions to take. The issue is about security. If you (or Congress) think that P2P is the root of the security problems, they you and they are fools.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Andy, Mar 31st, 2010 @ 6:16am

      Re:

      What if a governement employee needs to share a large file with another government employee? Say a large PPT presentation which is too big to email? They can't use a thumb drive - as the usb ports should not be enabled for this on govt computers. They have to use file sharing - sharepoint server or ftp server. This bill will effect all of those - not just things like kazaa or others used publicly.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 30th, 2010 @ 10:05pm

    Perhaps you know something not generally know to your readers, but I could not find anything suggesting that content industries were associated with the legislation.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 30th, 2010 @ 10:20pm

      Re:

      Yes, because it's the public who are clamoring to stamp out file sharing. The content industries have never had a problem with file sharing.

      Govenrments shouldn't share files because some files might be top secret. They should also stop sharing documents too. And information.

      The public gets what the public wants, after all.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 30th, 2010 @ 10:43pm

        Re: Re:

        The public is unimportant, the only thing we're good for is paying taxes.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 31st, 2010 @ 1:24am

        Re: Re:

        "...it's the public who are clamoring to stamp out file sharing. The content industries have never had a problem with file sharing."

        This is a nice reminder that the content industries monitor news sites and respond anonymously with ridiculous lies to any story that makes them look bad.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Mar 30th, 2010 @ 10:38pm

      Re:

      Perhaps you know something not generally know to your readers, but I could not find anything suggesting that content industries were associated with the legislation.

      The various entertainment industry lobbyists have been pushing bills like this for five years now... In this case, the lobbyists for Arts+Labs pushed the story of P2P leaking helicopter secrets to the press relentlessly, and entertainment industry folks spoke out in favor of this bill.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Steve R. (profile), Mar 31st, 2010 @ 5:40am

      Self Incrimination

      It common sense that the content industry would "hide" its involvement. For purposes of public consumption the legislation has to be "hidden" behind some lofty motherhood goal such as "national security".

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Matthew Cruse (profile), Mar 30th, 2010 @ 10:45pm

    Government Training

    As a government employee that uses government furnished computers and networks, I am required to complete annual training on computer security. Prior to 2009, the training was pretty pointless "click-thru" type where you just kept hitting next until you wee done. In 2009 and 2010, a much more annoying "interactive" training was developed, in which you have to interact with and and answer questions about different scenarios. The "file-sharing or P2P" portion pretty much pushes the same agenda, word for word, that the entertainment lobby puts out: that you can "leak" classified information, you can get viruses, you can lose sensitive information.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      sinsi (profile), Mar 30th, 2010 @ 11:07pm

      Re: Government Training

      "that you can "leak" classified information, you can get viruses, you can lose sensitive information."
      Well, you can. Once again, I say that using a government computer (or not your own) you shouldn't be using p2p software.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Matthew Cruse (profile), Mar 30th, 2010 @ 11:21pm

        Re: Re: Government Training

        Yes, but you can do all of those things using e-mail, thumb drives, cd-roms, Blackberrys, cell phones, landlines, or hard copy documents (well, except for viruses on some of them) also. And there is no outcry to ban the use of MS Outlook on gov't computers or to not use phones anymore either.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          sinsi (profile), Mar 30th, 2010 @ 11:55pm

          Re: Re: Re: Government Training

          Yes, and most government places have rules against using usb sticks etc. When I worked for the "gov't" (gee I hate that Mike) there were rules about taking those sort of things to work and using them on your work computer.
          Sometimes you need actual rules/laws to stop stupid people (speaking as a sysadmin here - users are *brainless*).

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Haywood (profile), Mar 31st, 2010 @ 4:07am

            Re: Re: Re: Re: Government Training

            The smart phones must drive security folks batshit. Now the average Joe has the ability to snap a photo & email it elsewhere. Cold war spies must be jealous.

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            DH's love child, Mar 31st, 2010 @ 5:06am

            Re: Re: Re: Re: Government Training

            You, and other admins like you are the reason I HATE IT departments. You think that just because users don't work in your batcave, we are all stupid. At my company, there are MUCH smarter people working outside the hallowed IT room who know a SHITLOAD more about their systems. You admins know our network, you know how to keep it safe (which is VERY important, don't think I don't know that), but you sure as hell don't know EVERYTHING, and you are not the only one's who know how to keep shit safe.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              itchyfish, Apr 1st, 2010 @ 5:27am

              Re: Re: Re: Re: Re: Government Training

              My comment was related to users in a general sense. Of course there are very smart users, I don't deny that. But here's the thing. It only takes one stupid user to open the entire network to the outside. And even smart people make mistakes. This is why the black hats almost always win. When you're managing a network with a population of users in the 10s of thousands, you can be sure at least one of them is stupid. Basically one bad apple spoils the barrel. Admins/security people don't necessarily like this types of 'all or nothing' decisions, but they do have different priorities than general users.

              Your comment and general attitude is typical of many users who think they know more than the admins. it's probably why your admins/security people don't like you.

               

              reply to this | link to this | view in chronology ]

        •  
          identicon
          itchyfish, Mar 31st, 2010 @ 4:50am

          Re: Re: Re: Government Training

          Yes, all of those things can cause those results, that's why most of them have been banned from sensitive/classified systems and areas. I have little to no confidence that "security training" will keep these incidents from happening. Users, as a general rule, just don't care. There is already security training, it's all click through, and people do just that, click through. They don't understand the broader implications, becuase mostly, they don't really understand or care about computers or how they work. All they want to do is complete their training checklist so the boss doesn't yell at them for not having their checkbox ticked off.

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      senshikaze (profile), Mar 31st, 2010 @ 4:50am

      Re: Government Training

      The problem is that you can "leak" classified documents," get viri(?) and lose information. Have you ever searched for documents on p2p? I have seen bank statements(with account number) and other things best kept off the interwebs. What makes you think your fellow gov't employees are any smarter than the rest of the country?

      I, for one, think this is a good idea only because i know people are generally idiots, and they will share top secret information on p2p networks.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 30th, 2010 @ 11:06pm

    I was reading about this story for a while now and something never quite added up:

    They claimed that government documents were on P2P networks, but I could never find a claim that that's how they originally leaked. They could have come out a million different ways, and simply ended up posted on a tracker by an amateur snoop.

    This makes their bill seem even more pointless.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Blatant Coward (profile), Mar 30th, 2010 @ 11:24pm

    Re: Government Training

    A lot of users rather than making a FTP server, or other posting arrangement use the file sharing system to pass large blocks of data to many users at once, like if your entire office needs a piece of information that is several megs/gigs in size such as a updated proposal package with timelines and software updates.

    This is the legal use for filesharing, not the omgwtfpirateeeeeessss!!!! use that congress has been shown in a picture paper clipped to a big check.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    RangerZ, Mar 31st, 2010 @ 12:10am

    Perhaps a whiteliest instead of blacklist = *

    perhaps they shouldn't just ban ALL file sharing applications, but instead appoint a 'committee' or person (who already exists, no reason to hire one JUST for this) the task of reviewing which software is acceptable, and which is not, and then telling employees that if they use other software they will be fired(and/or fines and/or jail time)... I know having non-IT,etc people making decisions isn't ideal by any means, but it would at least be a middle of the road approach.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    georgied, Mar 31st, 2010 @ 12:24am

    Seperation between personal and work

    Surely it would be much simpler to stop all personal activities on work computers. Besides why aren't government computers locked down? That staffers have sufficient privileges to install software at will is a huge security breach.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Steve R. (profile), Mar 31st, 2010 @ 5:50am

    Fundamentally Flawed

    It seems that the proposed legislation is the "WRONG" solution.

    According to the article: "We can no longer ignore the threat to sensitive government information, businesses, and consumers that insecure peer-to-peer networks pose," Towns said in the statement. "Securing federal computer files is critical to our national security."

    If the real concern is security, then the obvious solution would be to have your IT department develop a secure computer. Passing a law that criminalizes certain behavior fundamentally does not actually improve security.

    I guess this is a case of putting lipstick on a pig and hoping that nobody will notice.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Tony, Mar 31st, 2010 @ 6:23am

    Actually, if the Top Secret data is residing on a computer that has internet access period, that person is committing a serious violation. It should go without saying that the computer being used to store classified material shouldn't have any P2P software on it let alone even have access to the internet.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Idobek (profile), Mar 31st, 2010 @ 6:57am

      Re: Tony

      "Actually, if the Top Secret data is residing on a computer that has internet access period, that person is committing a serious violation. It should go without saying that the computer being used to store classified material shouldn't have any P2P software on it let alone even have access to the internet."

      I think we can safely substitute "politically embarrassing" for "Top Secret" in terms of the data in the minds of the members of Congress who voted for this bill.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Michael, Mar 31st, 2010 @ 8:05am

    Great

    This will spawn a new industry for application development to automatically click the stupid button on the dialog when it appears.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 31st, 2010 @ 1:51pm

    No Big Deal At all

    As a government worker I know the user policy and abide by it. No file sharing with third party software. Further, the PC are lock down and nobody except SysAds can install anything. Turns out, this is no big deal. There are several collaborative environments where large work files can be uploaded and shared via the web to all concerned, to include other agencies, contractors and team members. The difference is these are official and you are accountable for what is uploaded. Key work accountable.

    There is nothing that P2P can offer that I can't accomplish by the provided web sites available to me. Except, to share the latest "new movie" not available on DVD yet!

    For those who feel that a work provided computer and access should be used however you feel, there are plenty (Not as many lately) of other jobs out there with much more lax rules.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    fairuse (profile), Apr 3rd, 2010 @ 9:33am

    Quite easy to find what the house is up to.
    H.R.4098 Secure Federal File Sharing Act via
    http://theweekincongress.com/member/MAR10_FULL/HR4098SECUREhMAR26.htm

    About users. Yes, some are clueless and should not have a computer but on
    average most users get blindsided at least once. Security lives and dies by
    keeping that locked down.

    P2P software: My experience in a federal position taught me that P2P should
    only be used by or under control of IT and or Software Engineering
    personnel. There is little need at the user level for configuring client
    software. If the correctly configured client cannot be modified then the P2P
    network is secure. May be more secure than older methods like "secure FTP".

    It is not the technology that is bad it is the misuse of or the lack of skill by
    the installer that is bad. Both are governed by existing law and regulations.

    Done.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This