Mixing Business With Gov't Stupidity: General Clark Tells Congress Why It Should Regulate P2P (And Make Him Richer)
from the all-about-the-money dept
Remember the ridiculous story last month about how some clueless politicians were blaming the fact that some government employees were breaking rules and too stupid to understand how P2P software worked that P2P software needed to be regulated for the good of national security? It turns out that there’s even more to this story. Congress called in a “star witness,” in former presidential candidate General Wesley Clark, who took the position that P2P must be regulated: “If you saw the scope of the risk, I think you’d agree that it’s just totally unacceptable. The American people would be outraged if they were aware of what’s inadvertently shared by government agencies on P2P networks. They would demand solutions.” And what kind of solutions would those be? Apparently, the kind whereby the gov’t regulates P2P providers and requires they build in security. And what kind of security would that be? Why, perhaps the kind of security supplied by a company advised by the very same General Wesley Clark. We won’t even bother to name the company here, because it doesn’t need any additional free publicity, but its website is full of scary statements about how P2P software is threatening national security.
Filed Under: congress, file sharing, national security, p2p, wesley clark
Comments on “Mixing Business With Gov't Stupidity: General Clark Tells Congress Why It Should Regulate P2P (And Make Him Richer)”
Have we as a society become so shallow that stuff like this just happens without the uproar it deserves?
How about this: Corporate policy the forbids P2P activity. Block the P2P ports on the firewall you are using (you are using a firewall, right? right? RIGHT?) and if anyone is found trying to circumvent and use P2P software, they are terminated.
That might be a bit extreme, but this is nothing that needs regulatory oversight.
Re: not to mention something that wouldn't work
BT Gamer: “block p2p ports”
I sincerely hope that is satire. However in the wonderfulness of the internet lets try to add some assumptions that its not.
How is that going to work when any bit torrent program can be assigned to any port. Also if you just go around only allowing certain ports (without same lack of knowledge), you’d be amazed at the legitimate things you’d block and/or can’t.
Also you can’t just “block encryption” since torrent programs use encryption as does VPN.
It is easy to find a high amount of upstream/downstream coming to 1 pc. But it’s equally unlikely anyone torrents for work other than for legitimate reason (universities sharing lectures for one). You’re not going to see it visually (minimize the program).
And when it all comes down to it, someone can bring a program on a USB drive to get by all the blocking. So it’s kinda hard to secure stuff like that.
Re: Re: not to mention something that wouldn't work
You make a valid point. P2P programs are too hard to block so this regulation must be passed. Unless you take into account that firewalls can block or allow specific programs. In a military installation I’d expect to see those firewalls in effect. but then I’d also expect to see some personal restraint on the part of the employees.
“you’d be amazed at the legitimate things you’d block and/or can’t. Also you can’t just “block encryption” since torrent programs use encryption as does VPN.”
Again this is a military installation. Please tell me how many places these people need to be other than other military computers that probably already have a dedicated VPN set up in the routers or even a hard line.
“Have we as a society become so shallow that stuff like this just happens without the uproar it deserves?”
Well considering a guy can be fired (and sued) if a woman hears him tell a dirty joke (which is not directed at her but she just happens to be in earshot of it) I don’t think instant termination for trying to install any restricted software is too extreme. In fact I’ll go as far as to say that is one of the few rules that I would support at any company.
But here’s the trick. If a simple rule like that were to be passed and enforced then that means that there’s no big corporation getting paid to do a job that they created themselves and we cannot have that.
This is such a no-brainer I am sure the gov’t will screw it up somehow. I am the network administrator on several dozen networks, you know how easy it is to not allow P2P traffic and monitor for people trying to circumvent? Now, spelling that ain’t my fortay. But, stopping P2P (which at the gov’t level, I have no clue why this isn’t done already) is simple.
a HUGE problem is that the good folks in congress don’t understand technology – but of course they are qualified to regulate it…
Flag level officers chase dollars
Clark is no different than others with high military rank – or high GS ratings – who find ways to “milk” the enlisted people or the public who they are supposed to “lead”.
Look at any military installation for any service. The “civilian” dry cleaners, tailors, restaurants and bars and on and on are owned by senior enlisted or officers – sometimes retired but often not. These guys pass the regulations and then get wealthy providing the goods and services required by those very regulations.
Clark has just found a technical twist to a very old game.
I respect General Clark, but I think he’s gone the shill. Sad, very sad.
A BOFH can handle P2P. A private corp, with a multi-million dollar solution that’ll be circumvented quicker than you can google “pr0n”, can’t.
Clark was transparent about the affiliation
It should be noted that Wesley Clark was up front with the committee about his interest in this security company. His statement isn’t on the committee website (odd because everyone else’s is), but the print handout at the press table noted his affiliation, on the first page if I remember correctly. You can watch the archived video yourself at the Oversight Committee site.
not a tech geek, but — if you don’t allow people to install software on their own machines at gov’t installations, which seems prudent, then no p2p software should get on the machines. That, along with other reasonable care, including the threat of discipline if personnel are caught using p2p software would seem to make sense.
I’ve been at companies with tight security around software installation connecting to anything outside the LAN and use of company computers. The funny thing is, people actually wind up working instead of shopping EBAY, tracking their fantsy foot ball teams or building their music collections.
Or reading TechDirt
The way to block p2p programs is to block installations. Not every idiot in an organization requires rights to install. So restrict those rights and anyone who circumvents the system gets one warning. Second warning = fired
If you can’t respect the rules of your organization you shouldn’t be in it.
Wow, and I thought that guy was actually reasonably intelligent.
You know, nothing’s constant in the universe except for one thing – politicians are unerringly stupid about regulating technology, and should not be trusted to do so without a HUGE amount of help from smart people. Like that’s ever going to happen.
They’d screw it up even if they weren’t listening to lobbyists with an ax to grind.
As plenty of people have stated, blocking p2p traffic, especially in a military institution (shouldn’t security be their top priority?) is not that difficult. I’ve worked in corporate environments where we enforced policies that are apparently 10x more strict than the government/military. Even if someone managed to get a p2p app installed (why oh why can a user install ANYTHING), they wouldn’t get through the perimeter defenses.
Unfortunately I am not surprised by this. Attempting to regulate an ‘industry’ that’s impossible to regulate since anyone with some decent programming knowledge can write and release a p2p app just gives a false sense of security and completely ignores the core issue. Hire some competent infosec admins, listen to their advice and enforce the policies they create. That includes the people at the top of the food chain.
I have yet to hear of one single government employee ever being terminated because of a data breach no matter how stupid or avoidable it was.
You don’t penalize everyone because one person does something wrong. You punish that person. If we go down that road, cars should be outlawed tomorrow.
Maybe someone can explain it better, but I’m confused about why people in government offices, and who deal with secure data, need p2p software installed on their computers?
Like one of the posters already said, don’t they have a VPN set up? And even if they really, really do need a p2p software program, who installed the program and allowed it share everything on the computer?
But, it’s better to put in government regulations instead of holding the IT people and the government worker accountable for their actions.
(Yes, that was sarcasm)
Clark is a moron....
P2P a threat to national security???
Wouldn’t it be cheaper and easier to either A) Train the incompetent government staff in setting up P2P properly, or B) simply block the ports used by P2P software on the Government Servers???
Why should the entire free world be penalised because of some incompetent government employees? GET REAL!!!!! Teach them how to use it properly, or block them from being able to use the P2P software on Government Computers. SIMPLE SOLUTION, that does not encroach on the rights and civil liberties of everyone else on the planet! Dead set these wankers in Government and politics seem to think that everything is an opportunity for them to bullshit their way in to making more money for themselves, whilst telling us all that “This is for your own good and for national security”. What a crock.
If you notice, the security breach examples provided are all from contractors… maybe they should be looking at that.
Communication is the threat
Stories of p2p, unsecured ftp sites, etc, being a threat to National Security blind the public to the underlying problem: Communication is the threat.
To prevent any potential enemy from finding out things all we have to do is make any form of communication illegal. Muzzle mouths, bind up hands, etc.
With no communication possible, no information can be stolen.