Reader Comments

Subscribe: RSS

View by: Time | Thread

• 

  sinsi (profile), 30 Mar 2010 @ 9:54pm

  
  

  Without reading the whole thing, only your story, I can't see why a government employee on a government computer would actually need that sort of software.
  Sort of like people losing their jobs for surfing porn - it's not their computer, the rules are there, so they only have themselves to blame.

  [ link to this | view in chronology ]

  • 

    Mike C. (profile), 31 Mar 2010 @ 4:45am

    
    

    Re:

    The article doesn't give a lot of information, so we'd have to read the actual bill to be sure. That being said, given that I deal with end-users on a regular basis, a PARTIAL ban may be the only viable solution.
    
    While some users do actually pay attention in training, a lot do what they can to breeze through so they can get back to their desks. I believe a reliance on training for all users to allow all users to have access to P2P software is just as problematic as banning the software for all users.
    
    I think a ban is acceptable with one caveat - exceptions can be requested and easily granted. Where I work, our machines are regularly scanned for unapproved software. If it's detected, you get an email saying "XX app was detected. If there is a valid reason for using this software, please submit an exemption request via {link}". Requests go to your manager and if approved, on to IT.
    
    Most people won't bother. The ones that need it, will. It works for us (30,000+ employees worldwide), they should be able to make it work for the government.

    [ link to this | view in chronology ]

  • 

    bugmenot (profile), 31 Mar 2010 @ 4:52am

    
    

    Re:

    "I can't see why a government employee on a government computer would actually need that sort of software." I think that depends on the particular government employee. Say you're in the IT department (as I am, though I'm non-government) and you need a copy of the newest Linux distro to install a new server toot-sweet because you're on a deadline. Bittorrent is the perfect way to get those .iso files. Unfortunately, because you're a government employee, you can no longer use Bittorrent. So, now you're going to have to download the .iso files via another source, at a much slower rate and miss your deadline. Now, in this scenario, should you be running the Bittorrent software on one of your other, active, servers? Hell no! But you could run it on a clean laptop that's located outside the hardware firewall (but with a software firewall in place on the laptop), burn the .iso files to disc, and then reimage the laptop to make sure nothing has been compromised during it's time outside the firewall. I've done something similar quite often in my company, and it works very well. As long as some common-sense safety rules are followed, there's no harm. The harm is in these "zero-tolerance" situations. They're so worried about P2P that they don't realize that the real threats are often from downloading things from standard web pages. Sure, block P2P traffic from the receptionist and Finance and departments that really have no need to access it, but don't ban it from the people that can actually use it and know the precautions to take. The issue is about security. If you (or Congress) think that P2P is the root of the security problems, they you and they are fools.

    [ link to this | view in chronology ]

  • 

    Andy, 31 Mar 2010 @ 6:16am

    
    

    Re:

    What if a governement employee needs to share a large file with another government employee? Say a large PPT presentation which is too big to email? They can't use a thumb drive - as the usb ports should not be enabled for this on govt computers. They have to use file sharing - sharepoint server or ftp server. This bill will effect all of those - not just things like kazaa or others used publicly.

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 30 Mar 2010 @ 10:05pm

  
  

  Perhaps you know something not generally know to your readers, but I could not find anything suggesting that content industries were associated with the legislation.

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 30 Mar 2010 @ 10:20pm

    
    

    Re:

    Yes, because it's the public who are clamoring to stamp out file sharing. The content industries have never had a problem with file sharing.
    
    Govenrments shouldn't share files because some files might be top secret. They should also stop sharing documents too. And information.
    
    The public gets what the public wants, after all.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 30 Mar 2010 @ 10:43pm

      
      

      Re: Re:

      The public is unimportant, the only thing we're good for is paying taxes.

      [ link to this | view in chronology ]

    • 

      Anonymous Coward, 31 Mar 2010 @ 1:24am

      
      

      Re: Re:

      "...it's the public who are clamoring to stamp out file sharing. The content industries have never had a problem with file sharing."
      
      This is a nice reminder that the content industries monitor news sites and respond anonymously with ridiculous lies to any story that makes them look bad.

      [ link to this | view in chronology ]

  • 

    Mike Masnick (profile), 30 Mar 2010 @ 10:38pm

    
    

    Re:

    Perhaps you know something not generally know to your readers, but I could not find anything suggesting that content industries were associated with the legislation.
    
    The various entertainment industry lobbyists have been pushing bills like this for five years now... In this case, the lobbyists for Arts+Labs pushed the story of P2P leaking helicopter secrets to the press relentlessly, and entertainment industry folks spoke out in favor of this bill.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 30 Mar 2010 @ 10:48pm

      
      

      Re: Re:

      Psshhh. Everybody knows that lobbyists have very little power over the government!

      [ link to this | view in chronology ]

  • 

    Steve R. (profile), 31 Mar 2010 @ 5:40am

    
    

    Self Incrimination

    It common sense that the content industry would "hide" its involvement. For purposes of public consumption the legislation has to be "hidden" behind some lofty motherhood goal such as "national security".

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 31 Mar 2010 @ 6:52am

      
      

      Re: Self Incrimination

      ACTA says what?

      [ link to this | view in chronology ]

      • 

        Steve R. (profile), 31 Mar 2010 @ 7:24am

        
        

        Re: Re: Self Incrimination

        ????????? "The purpose of ACTA is to establish international standards to combat counterfeiting and piracy. All the negotiation sessions are conducted in secrecy and the details are not revealed by any of the participating nations at all. Initially, public didn’t even know who the participating nations are exactly! I wonder why negotiations which involve intellectual property laws should be kept secret!" TechDirt has published numerous similar articles concerning the lack of transparency.

        [ link to this | view in chronology ]

• 

  Matthew Cruse (profile), 30 Mar 2010 @ 10:45pm

  
  

  Government Training

  As a government employee that uses government furnished computers and networks, I am required to complete annual training on computer security. Prior to 2009, the training was pretty pointless "click-thru" type where you just kept hitting next until you wee done. In 2009 and 2010, a much more annoying "interactive" training was developed, in which you have to interact with and and answer questions about different scenarios. The "file-sharing or P2P" portion pretty much pushes the same agenda, word for word, that the entertainment lobby puts out: that you can "leak" classified information, you can get viruses, you can lose sensitive information.

  [ link to this | view in chronology ]

  • 

    sinsi (profile), 30 Mar 2010 @ 11:07pm

    
    

    Re: Government Training

    "that you can "leak" classified information, you can get viruses, you can lose sensitive information."
    Well, you can. Once again, I say that using a government computer (or not your own) you shouldn't be using p2p software.

    [ link to this | view in chronology ]

    • 

      Matthew Cruse (profile), 30 Mar 2010 @ 11:21pm

      
      

      Re: Re: Government Training

      Yes, but you can do all of those things using e-mail, thumb drives, cd-roms, Blackberrys, cell phones, landlines, or hard copy documents (well, except for viruses on some of them) also. And there is no outcry to ban the use of MS Outlook on gov't computers or to not use phones anymore either.

      [ link to this | view in chronology ]

      • 

        sinsi (profile), 30 Mar 2010 @ 11:55pm

        
        

        Re: Re: Re: Government Training

        Yes, and most government places have rules against using usb sticks etc. When I worked for the "gov't" (gee I hate that Mike) there were rules about taking those sort of things to work and using them on your work computer.
        Sometimes you need actual rules/laws to stop stupid people (speaking as a sysadmin here - users are *brainless*).

        [ link to this | view in chronology ]

        • 

          Haywood (profile), 31 Mar 2010 @ 4:07am

          
          

          Re: Re: Re: Re: Government Training

          The smart phones must drive security folks batshit. Now the average Joe has the ability to snap a photo & email it elsewhere. Cold war spies must be jealous.

          [ link to this | view in chronology ]

        • 

          DH's love child, 31 Mar 2010 @ 5:06am

          
          

          Re: Re: Re: Re: Government Training

          You, and other admins like you are the reason I HATE IT departments. You think that just because users don't work in your batcave, we are all stupid. At my company, there are MUCH smarter people working outside the hallowed IT room who know a SHITLOAD more about their systems. You admins know our network, you know how to keep it safe (which is VERY important, don't think I don't know that), but you sure as hell don't know EVERYTHING, and you are not the only one's who know how to keep shit safe.

          [ link to this | view in chronology ]

          • 

            itchyfish, 1 Apr 2010 @ 5:27am

            
            

            Re: Re: Re: Re: Re: Government Training

            My comment was related to users in a general sense. Of course there are very smart users, I don't deny that. But here's the thing. It only takes one stupid user to open the entire network to the outside. And even smart people make mistakes. This is why the black hats almost always win. When you're managing a network with a population of users in the 10s of thousands, you can be sure at least one of them is stupid. Basically one bad apple spoils the barrel. Admins/security people don't necessarily like this types of 'all or nothing' decisions, but they do have different priorities than general users.
            
            Your comment and general attitude is typical of many users who think they know more than the admins. it's probably why your admins/security people don't like you.

            [ link to this | view in chronology ]

      • 

        itchyfish, 31 Mar 2010 @ 4:50am

        
        

        Re: Re: Re: Government Training

        Yes, all of those things can cause those results, that's why most of them have been banned from sensitive/classified systems and areas. I have little to no confidence that "security training" will keep these incidents from happening. Users, as a general rule, just don't care. There is already security training, it's all click through, and people do just that, click through. They don't understand the broader implications, becuase mostly, they don't really understand or care about computers or how they work. All they want to do is complete their training checklist so the boss doesn't yell at them for not having their checkbox ticked off.

        [ link to this | view in chronology ]

  • 

    senshikaze (profile), 31 Mar 2010 @ 4:50am

    
    

    Re: Government Training

    The problem is that you can "leak" classified documents," get viri(?) and lose information. Have you ever searched for documents on p2p? I have seen bank statements(with account number) and other things best kept off the interwebs. What makes you think your fellow gov't employees are any smarter than the rest of the country?
    
    I, for one, think this is a good idea only because i know people are generally idiots, and they will share top secret information on p2p networks.

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 30 Mar 2010 @ 11:06pm

  
  

  I was reading about this story for a while now and something never quite added up:
  
  They claimed that government documents were on P2P networks, but I could never find a claim that that's how they originally leaked. They could have come out a million different ways, and simply ended up posted on a tracker by an amateur snoop.
  
  This makes their bill seem even more pointless.

  [ link to this | view in chronology ]

• 

  Blatant Coward (profile), 30 Mar 2010 @ 11:24pm

  
  

  Re: Government Training

  A lot of users rather than making a FTP server, or other posting arrangement use the file sharing system to pass large blocks of data to many users at once, like if your entire office needs a piece of information that is several megs/gigs in size such as a updated proposal package with timelines and software updates.
  
  This is the legal use for filesharing, not the omgwtfpirateeeeeessss!!!! use that congress has been shown in a picture paper clipped to a big check.

  [ link to this | view in chronology ]

• 

  RangerZ, 31 Mar 2010 @ 12:10am

  
  

  Perhaps a whiteliest instead of blacklist = *

  perhaps they shouldn't just ban ALL file sharing applications, but instead appoint a 'committee' or person (who already exists, no reason to hire one JUST for this) the task of reviewing which software is acceptable, and which is not, and then telling employees that if they use other software they will be fired(and/or fines and/or jail time)... I know having non-IT,etc people making decisions isn't ideal by any means, but it would at least be a middle of the road approach.

  [ link to this | view in chronology ]

• 

  georgied, 31 Mar 2010 @ 12:24am

  
  

  Seperation between personal and work

  Surely it would be much simpler to stop all personal activities on work computers. Besides why aren't government computers locked down? That staffers have sufficient privileges to install software at will is a huge security breach.

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 31 Mar 2010 @ 2:07am

    
    

    Re: Seperation between personal and work

    Some versions of Windows were virtually useless when fully locked down.

    [ link to this | view in chronology ]

    • 

      senshikaze (profile), 31 Mar 2010 @ 4:52am

      
      

      Re: Re: Seperation between personal and work

      "All versions of Windows were virtually useless."
      
      TFTFY

      [ link to this | view in chronology ]

• 

  Steve R. (profile), 31 Mar 2010 @ 5:50am

  
  

  Fundamentally Flawed

  It seems that the proposed legislation is the "WRONG" solution.
  
  According to the article: "We can no longer ignore the threat to sensitive government information, businesses, and consumers that insecure peer-to-peer networks pose," Towns said in the statement. "Securing federal computer files is critical to our national security."
  
  If the real concern is security, then the obvious solution would be to have your IT department develop a secure computer. Passing a law that criminalizes certain behavior fundamentally does not actually improve security.
  
  I guess this is a case of putting lipstick on a pig and hoping that nobody will notice.

  [ link to this | view in chronology ]

• 

  Tony, 31 Mar 2010 @ 6:23am

  
  

  Actually, if the Top Secret data is residing on a computer that has internet access period, that person is committing a serious violation. It should go without saying that the computer being used to store classified material shouldn't have any P2P software on it let alone even have access to the internet.

  [ link to this | view in chronology ]

  • 

    Idobek (profile), 31 Mar 2010 @ 6:57am

    
    

    Re: Tony

    "Actually, if the Top Secret data is residing on a computer that has internet access period, that person is committing a serious violation. It should go without saying that the computer being used to store classified material shouldn't have any P2P software on it let alone even have access to the internet."
    
    I think we can safely substitute "politically embarrassing" for "Top Secret" in terms of the data in the minds of the members of Congress who voted for this bill.

    [ link to this | view in chronology ]

• 

  Michael, 31 Mar 2010 @ 8:05am

  
  

  Great

  This will spawn a new industry for application development to automatically click the stupid button on the dialog when it appears.

  [ link to this | view in chronology ]

  • 

    Steve R. (profile), 31 Mar 2010 @ 8:14am

    
    

    Re: Great

    Patent infringement lawsuits will explode.

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 31 Mar 2010 @ 1:51pm

  
  

  No Big Deal At all

  As a government worker I know the user policy and abide by it. No file sharing with third party software. Further, the PC are lock down and nobody except SysAds can install anything. Turns out, this is no big deal. There are several collaborative environments where large work files can be uploaded and shared via the web to all concerned, to include other agencies, contractors and team members. The difference is these are official and you are accountable for what is uploaded. Key work accountable.
  
  There is nothing that P2P can offer that I can't accomplish by the provided web sites available to me. Except, to share the latest "new movie" not available on DVD yet!
  
  For those who feel that a work provided computer and access should be used however you feel, there are plenty (Not as many lately) of other jobs out there with much more lax rules.

  [ link to this | view in chronology ]

• 

  fairuse (profile), 3 Apr 2010 @ 9:33am

  
  

  Quite easy to find what the house is up to.
  H.R.4098 Secure Federal File Sharing Act via
  http://theweekincongress.com/member/MAR10_FULL/HR4098SECUREhMAR26.htm
  
  About users. Yes, some are clueless and should not have a computer but on
  average most users get blindsided at least once. Security lives and dies by
  keeping that locked down.
  
  P2P software: My experience in a federal position taught me that P2P should
  only be used by or under control of IT and or Software Engineering
  personnel. There is little need at the user level for configuring client
  software. If the correctly configured client cannot be modified then the P2P
  network is secure. May be more secure than older methods like "secure FTP".
  
  It is not the technology that is bad it is the misuse of or the lack of skill by
  the installer that is bad. Both are governed by existing law and regulations.
  
  Done.

  [ link to this | view in chronology ]