Lobbyists Get Congress To Investigate P2P Software… Rather Than Bad Security And Employee Carelessness
from the well,-look-at-that dept
Just a couple weeks ago, I received a ridiculous PR pitch from the entertainment industry lobbying group Arts+Labs, suggesting that a story that “hasn’t really gotten the attention it deserves” is the “threat” from P2P software being used to “expose private documents to the world.” The PR guy offered to help walk me through the process of downloading Limewire and finding such “exposed documents.” Of course, what the PR guy left out is the reason this story hasn’t received that much attention: because it’s a bogus story that’s been debunked for years — but it’s a favorite of the entertainment industry and its lobbyists in trying to come up with any reason to get Congress to issue laws against file sharing software.
However, it was obvious that this PR campaign was a setup: something bigger was underway… and, indeed, now we find out that these entertainment industry lobbyists have had a chance to bubble up yet again this silly idea to Congress, leading to yet another investigation of file sharing services, with a specific focus on Limewire. Of course, we did this already. Two years ago, there was a bunch of grandstanding in Congress against Limewire because some gov’t officials had leaked documents possibly (though, not definitely) via Limewire. But, of course, the target was wrong. It wasn’t Limewire that was the problem, it was government employees being stupid and setting up private government documents in their shared folders and poor government computer security systems that allowed this to happen. But rather than blame bad gov’t computer security or clueless users, the government set upon Limewire as the problem (encouraged, of course, by the entertainment industry’s lobbyists).
The PR campaign and the Congressional investigation didn’t happen in the same month by accident. You can pretty much assume that the whole effort was orchestrated by these lobbyists as yet another misguided attack on file sharing software, playing up the ridiculous idea that it’s the software that’s responsible for people leaking documents, rather than user stupidity and bad security.
It’s nice to see some in the mainstream press not fall for this bogus story. The LA Times notes how pointless this effort is, pointing out how the whole thing is misguided, and accurately noting:
Perhaps the real motive here is to find grounds to ban the software outright, which would please Hollywood but wouldn’t solve the problem.
Of course, not all mainstream publications bothered to figure that out. Five days after Arts+Labs pitched me on the “Limewire-is-a-security-leak-problem” story, the WSJ published exactly that story, including (of course!) a quote from Arts+Labs, and no quotes from anyone who would point out what a made up story it is, and how it’s been planted by the entertainment industry in an effort to create a moral panic against P2P software. I thought the mainstream press was supposed to be where real journalists did their homework rather than just parroting the story lobbyists hand them?
Filed Under: congress, file sharing, lobbying
Companies: arts+labs, congress, limewire
Comments on “Lobbyists Get Congress To Investigate P2P Software… Rather Than Bad Security And Employee Carelessness”
Rubric
Guns don’t kill people, people do.
People don’t fileshare, software does.
I find it ironic
Aren’t these paper people saying that with out news papers their would be no investigative journalism? Doesn’t sound like that is happening anyways, so it sounds like they can go away now.
C'mon Mike
“I thought the mainstream press was supposed to be where real journalists did their homework rather than just parroting the story lobbyists hand them? “
Hey, Mike, maybe it’s their new business model. If you can’t sell newspapers anymore, take payouts from mega-rich industries trying to get their message out.
Re: C'mon Mike
I think your are closer to the truth than you think.
Re: C'mon Mike
“Hey, Mike, maybe it’s their new business model. If you can’t sell newspapers anymore, take payouts from mega-rich industries trying to get their message out.’
Um…
That *is* their BusMod, and *has been* for, like… ever.
I mean, sure, there are some altruistic endeavors on the part of the media from time to time, but even those are simply allowed because they don’t irritate the media owners. All in all, the media is pretty much a tool of the powerful, and has been for a long time.
CBMHB
WSJ story hardly registers on the FUD-o-meter
Reading over the quick blurb on the WSJ, it actually contains a quote from the “head of a P2P trade organization” which tells people to keep their software up to date for security features. The quote by Arts+Labs guy includes “But if you insist, he says to take the time to understand how the software you downloaded works.”
I definitely agree with the general idea of this post, but I don’t think the WSJ article is really that big a piece of FUD. It seems more to be saying “P2P could be used to share things you don’t want to share if you aren’t careful.” I have a hard time not agreeing with that stance.
who still uses limewire?
and who runs any p2p software on a machine that you use for work?
and how come the government doesn’t have requirements for regulating outbound traffic on its firewalls?
no wonder the chinese are able to steal all of our secrets.
Re: who still uses limewire?
Its not as easy as you would think stopping p2p traffic. I work as a consultant and contractor in the federal and dod sectors, and while many of the p2p programs are easy to block in their default modes, when you enable encrypted tunnels, and tunnel over ports that cannot be blocked, even using deep packet inspection IDS/IPS devices, p2p traffic can still get through.
As for preventing the install of software, that is easily done through technical and policy means, but thats not going to stop people in positions of power (or IT admins who traditionally can be the biggest offenders in an orginisation) from getting local admin rights to install software.
And as for the chinese comment, well, lets just say they are not using p2p in any way what so ever to steal information, they use covert channels (technical, not a CIA spy movie reference) to exfiltrate data using well designed trojans and exploits (not the general ones you can find on random hacker sites).
Huh?
The LA Time’s got facts correct & the WSJ was spin? Did I just slip into Bizzaro world?
This is great
From a political perspective this is great.
1)Politicians get to grandstand and chest thump (a favorite in DC and state capitals everywhere).
2)Politicians get to pay back the people who pay them bribes thinly disguised as campaign contributions and speaking engagements.
3)They get to distract people from what the real problem is, because fixing the real problem might cost money that would not go to their corporate sponsors.
The rules may be changing on this a bit. The Pirate Bay decisions and related issues have apparently gotten European youth of voting age stirred up. The last election showed that young people are willing to be involved in the political process if they see issues affecting them, P2P is the kind of generational issue that could come back to bite some of the traditional politicians.
Why single out P2P?
Sure, if I’m dumb enough to share my sensitive files folders in my Limewire config, thus providing the world with access to those files, then hey – it’s my own damned fault.
The thing is, I can just as easily make a similar boneheaded move with Live Messenger’s shared folders, (though it only shares with people in my contact list) or even a poorly configured FTP server.
To use an analogy here, if I leave my briefcase in my car, and leave the window open, anyone can have what’s in it. Is that the car manufacturer’s fault? No. Should there be laws in place to prevent me from leaving my windows open? Hell no.
Man, grasping at straws, these folks are…
I can see why they would do this. There isn’t a feasible way to punish stupid people, en masse.
“The PR guy offered to help walk me through the process of downloading Limewire and finding such “exposed documents.” “
Is that entrapment?
Lobbyists as a whole..
For the life of me I cannot think of a single thing that lobbyists are good for, nor of any good they’ve done, either. However, I have absolutely no trouble at all thinking of good things they have destroyed. Quite honestly, I think it’s high-time they are done away with.., by hook or by crook. Makes no difference to me for, the more I read and see going on today, the more militant I become.
More than one over-simplification
This is a much more complicated situation than you make out. While it is probably true that this most recent go-around is being pushed by the record industry and similar players, and anything in the political realm has a publicity aspect to it, that doesn’t mean there isn’t, or at least wasn’t, a real problem here.
Go back and read the original reports on this subject. It’s quite clear that the software was deliberately designed to lead people to share more than they would have. The best of it was essentially “opt out”: The default configurations shared folders that most people would not have wanted shared had they known (e.g., their Documents folders). The documentation describing how to change this was typically atrocious, the UI’s hard to understand. If there were disclosures, they were hidden in tons of irrelevant verbiage. Some of the software went way beyond that, outright lying to you. The UI would tell you that you had “disabled sharing”, but it would still be enabled.
When pushed on these kinds of issues, the vendors would say these were bugs and promise fixes. Fixes would take forever to appear, even as new releases with tons of new features appeared. When the fixes appeared, they would simply move things around and not actually solve the problem. There was a voluntary standard that most vendors said they followed, but somehow the software never quite managed to actually work the way the standard said it was supposed to.
If you go back to some of the earliest work on P2P systems, before this stuff became commercialized, you can find papers that discussed dealing with “freeloaders”. Very early on, it became clear that given a choice, many people would download but not upload. So you can find quite honest and open papers talking about how to organize the software to make it difficult for people to freeload. Even some of this early material indicated a willingness to fool people. As the software became commercial, and a major selling point was the number of items available for downloading, the same ideas came to be applied in more nefarious ways.
We’re not talking guns with triggers that require substantial pressure and working safeties here. We’re talking guns with safeties that look and feel like every other safety – but which only work if, after setting them, you point the muzzle at the ground, shake the gun three times, then jump at least 6 inches in the air. Otherwise, the safety remains off and the trigger is very sensitive. (Not that this is documented anywhere, mind you.) With a gun like that, laying all the blame on the shooter is missing the point.
What the current state of this software is, I don’t know. History isn’t encouraging, but perhaps things have changed. Is it worth re-investigating? Absolutely – though a Congressional hearing is hardly the right place.
@Jerry Leichter
“This is a much more complicated situation than you make out.”
No, it isn’t complicated at all, it’s very, VERY simple. And it is EXACTLY as he makes out. Don’t install file-sharing programs on computers storing sensitive data. Especially if you’re a government official. Even more especially if you’re clueless and don’t know what you’re doing, which is actually what you are implicitly stating by listing how ‘complicated’ the software is to secure.
And a Congressional hearing is exactly the right place… to find out what these idiots were doing installing that software on their computers in the first place. The incompetent fools should be made to answer for their idiocy.
I have to agree with the above comments. I mean..Limewire? Really!? I do agree with sentiment of the article, however. Users are typically the weakest link in the chain, and even the best security software out there will have a hard time defending a company from internal threats.