Can't believe Congress blames P2P for security problems? Neither can tech bloggers
Technology bloggers livid, incredulous, disdainful. Oh wait, that's not news.
CNET News.com writers Anne Broache and Declan McCullagh Wednesday produced a piece of Capitol Hill reporting whose central subject is a recent legislative gambit regarding peer-to-peer file-sharing applications.
"Politicians call peer-to-peer networks a 'national security threat' because they enable federal employees to accidentally share sensitive or classified documents."
The subject has been burning up blogwaves and comments sections all over the Web.
The general consensus among network geeks, security pundits and other observers seems to be that the U.S. Government should be way more cautious in their internal security practices and not try to pin the blame on software which makes sharing information possible. A lot of bloggers liken a P2P ban to a telephone ban, or a pen-and-paper ban. Since when does a single communication tool get the blame for an epidemic of information leakage?
Another class of commentary runs along these lines: This legislative move is more-or-less obviously a ploy by the RIAA and MPAA to stifle file-sharing, Waxman (Los Angeles), Cooper (Nashville), et al. must really like their film- and music-industry sponsors if they're willing to act the fool on this one, and they're only making themselves out to be ignoramuses to do someone a favor.
Blog community response:
"Politicians blame P2P software for not stopping gov't employee stupidity--
Would you elect as your Congressional representative someone who blamed automakers because a bad driver crashed a car through his or her own negligence? Would you elect as your Congressional representative someone who claimed that e-mail was a threat to national security because it can (and has) been used by spies to transmit confidential data? Probably not. Why? Because that's clearly misplaced blame.
--Mike Masnick, Techdirt
"(Previous) legislation (Government Network Security Act, October 2003) was enacted to require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing. The committee is not getting to the root of the problem, nor will they. The P2P networks are a tool, and--for those unwilling to educate and protect themselves re. the risks associated with file sharing--a dangerous one. Without a small amount of care they can be VERY easily exploited."
--LiveJournal user saltzmaj
"I know explaining firewalls and port blocking would go over the heads of the ones in charge of regulating technology, of which they are the least competent body of people to carry out such a task. I thought my mother's bridge club would be less competent, until I read this article of course.
So I will do my best to make this as simple as possible for someone like a US Senator or a congressman.
The government should not hire people that install file sharing on the same machines that they have classified information on. This would be equivalent of having someone taking home a bunch of classified documents they printed out and stuffed in a backpack with a broken zipper.
Congress, would this mean that backpacks with broken zippers are a threat to national security?
--CNET News.com Talkback user wewereright1054
"If the law allows an internet-capable computer to store information that could compromise national security, then the problem is Congress."
--CNET News.com Talkback user dvthex
"You can't blame P2P as much as the network administrators. If a computer has sensitive information on it, it should be locked down so that only approved software can be installed on it. The problem I have seen in many places is that too many so-called Admins have no clue about network security. If a laptop is used for company business, then it needs to be locked down so that no unapproved software can be installed on it."
--CNET Talkback user DragonSlayer69_1999