House Passes Ban On File Sharing Use By Government Employees

from the sharing-is-bad,-you-see dept

Tue, Mar 30th 2010 9:43pm — Mike Masnick

For a few years now, one of the tactics of the entertainment industry to get another foot in the legislative door towards outlawing file sharing programs, is to push ridiculous stories about how secret gov't documents were showing up on file sharing networks. Of course, there's a reason why that's happening: clueless gov't staffers not being careful. But, in typical Congressional fashion, the response is to overreact, very much at the urging (and legislative guidance) of the entertainment industry. After trying for a few years, it looks like the industry has been marginally successful this time. Slashdot points out that the House has passed legislation that would bar government employees from using file sharing, but notes that the language of the bill is so broad that it likely forbids all sorts of useful applications.

Of course, this was only passed in the House, and it looks like the Senate is going in a different direction -- instead preferring an equally pointless bill that would require any file sharing software (again, so broadly worded that it would include browsers, FTP software, backup software, etc.) to pop up an alert that you would have to click every time you opened the software.

Hey Congress, here's a better idea: instead of passing dumb laws with serious unintended consequences, why not have a bit of basic computer security training for your staffers so they don't do idiotic things like putting top secret plans in a shared folder?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: congress, file sharing

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

sinsi (profile), 30 Mar 2010 @ 9:54pm

Without reading the whole thing, only your story, I can't see why a government employee on a government computer would actually need that sort of software.
Sort of like people losing their jobs for surfing porn - it's not their computer, the rules are there, so they only have themselves to blame.
[ link to this | view in thread ]
Anonymous Coward, 30 Mar 2010 @ 10:05pm

Perhaps you know something not generally know to your readers, but I could not find anything suggesting that content industries were associated with the legislation.
[ link to this | view in thread ]
Anonymous Coward, 30 Mar 2010 @ 10:20pm

Re:
Yes, because it's the public who are clamoring to stamp out file sharing. The content industries have never had a problem with file sharing.

Govenrments shouldn't share files because some files might be top secret. They should also stop sharing documents too. And information.

The public gets what the public wants, after all.
[ link to this | view in thread ]
Mike Masnick (profile), 30 Mar 2010 @ 10:38pm

Re:
Perhaps you know something not generally know to your readers, but I could not find anything suggesting that content industries were associated with the legislation.

The various entertainment industry lobbyists have been pushing bills like this for five years now... In this case, the lobbyists for Arts+Labs pushed the story of P2P leaking helicopter secrets to the press relentlessly, and entertainment industry folks spoke out in favor of this bill.
[ link to this | view in thread ]
Anonymous Coward, 30 Mar 2010 @ 10:43pm

Re: Re:
The public is unimportant, the only thing we're good for is paying taxes.
[ link to this | view in thread ]
Matthew Cruse (profile), 30 Mar 2010 @ 10:45pm

Government Training
As a government employee that uses government furnished computers and networks, I am required to complete annual training on computer security. Prior to 2009, the training was pretty pointless "click-thru" type where you just kept hitting next until you wee done. In 2009 and 2010, a much more annoying "interactive" training was developed, in which you have to interact with and and answer questions about different scenarios. The "file-sharing or P2P" portion pretty much pushes the same agenda, word for word, that the entertainment lobby puts out: that you can "leak" classified information, you can get viruses, you can lose sensitive information.
[ link to this | view in thread ]
Anonymous Coward, 30 Mar 2010 @ 10:48pm

Re: Re:
Psshhh. Everybody knows that lobbyists have very little power over the government!
[ link to this | view in thread ]
Anonymous Coward, 30 Mar 2010 @ 11:06pm

I was reading about this story for a while now and something never quite added up:

They claimed that government documents were on P2P networks, but I could never find a claim that that's how they originally leaked. They could have come out a million different ways, and simply ended up posted on a tracker by an amateur snoop.

This makes their bill seem even more pointless.
[ link to this | view in thread ]
sinsi (profile), 30 Mar 2010 @ 11:07pm

Re: Government Training
"that you can "leak" classified information, you can get viruses, you can lose sensitive information."
Well, you can. Once again, I say that using a government computer (or not your own) you shouldn't be using p2p software.
[ link to this | view in thread ]
Matthew Cruse (profile), 30 Mar 2010 @ 11:21pm

Re: Re: Government Training
Yes, but you can do all of those things using e-mail, thumb drives, cd-roms, Blackberrys, cell phones, landlines, or hard copy documents (well, except for viruses on some of them) also. And there is no outcry to ban the use of MS Outlook on gov't computers or to not use phones anymore either.
[ link to this | view in thread ]
Blatant Coward (profile), 30 Mar 2010 @ 11:24pm

Re: Government Training
A lot of users rather than making a FTP server, or other posting arrangement use the file sharing system to pass large blocks of data to many users at once, like if your entire office needs a piece of information that is several megs/gigs in size such as a updated proposal package with timelines and software updates.

This is the legal use for filesharing, not the omgwtfpirateeeeeessss!!!! use that congress has been shown in a picture paper clipped to a big check.
[ link to this | view in thread ]
sinsi (profile), 30 Mar 2010 @ 11:55pm

Re: Re: Re: Government Training
Yes, and most government places have rules against using usb sticks etc. When I worked for the "gov't" (gee I hate that Mike) there were rules about taking those sort of things to work and using them on your work computer.
Sometimes you need actual rules/laws to stop stupid people (speaking as a sysadmin here - users are *brainless*).
[ link to this | view in thread ]
RangerZ, 31 Mar 2010 @ 12:10am

Perhaps a whiteliest instead of blacklist = *
perhaps they shouldn't just ban ALL file sharing applications, but instead appoint a 'committee' or person (who already exists, no reason to hire one JUST for this) the task of reviewing which software is acceptable, and which is not, and then telling employees that if they use other software they will be fired(and/or fines and/or jail time)... I know having non-IT,etc people making decisions isn't ideal by any means, but it would at least be a middle of the road approach.
[ link to this | view in thread ]
georgied, 31 Mar 2010 @ 12:24am

Seperation between personal and work
Surely it would be much simpler to stop all personal activities on work computers. Besides why aren't government computers locked down? That staffers have sufficient privileges to install software at will is a huge security breach.
[ link to this | view in thread ]
Anonymous Coward, 31 Mar 2010 @ 1:24am

Re: Re:
"...it's the public who are clamoring to stamp out file sharing. The content industries have never had a problem with file sharing."

This is a nice reminder that the content industries monitor news sites and respond anonymously with ridiculous lies to any story that makes them look bad.
[ link to this | view in thread ]
Anonymous Coward, 31 Mar 2010 @ 2:07am

Re: Seperation between personal and work
Some versions of Windows were virtually useless when fully locked down.
[ link to this | view in thread ]
Haywood (profile), 31 Mar 2010 @ 4:07am

Re: Re: Re: Re: Government Training
The smart phones must drive security folks batshit. Now the average Joe has the ability to snap a photo & email it elsewhere. Cold war spies must be jealous.
[ link to this | view in thread ]
Mike C. (profile), 31 Mar 2010 @ 4:45am

Re:
The article doesn't give a lot of information, so we'd have to read the actual bill to be sure. That being said, given that I deal with end-users on a regular basis, a PARTIAL ban may be the only viable solution.

While some users do actually pay attention in training, a lot do what they can to breeze through so they can get back to their desks. I believe a reliance on training for all users to allow all users to have access to P2P software is just as problematic as banning the software for all users.

I think a ban is acceptable with one caveat - exceptions can be requested and easily granted. Where I work, our machines are regularly scanned for unapproved software. If it's detected, you get an email saying "XX app was detected. If there is a valid reason for using this software, please submit an exemption request via {link}". Requests go to your manager and if approved, on to IT.

Most people won't bother. The ones that need it, will. It works for us (30,000+ employees worldwide), they should be able to make it work for the government.
[ link to this | view in thread ]
senshikaze (profile), 31 Mar 2010 @ 4:50am

Re: Government Training
The problem is that you can "leak" classified documents," get viri(?) and lose information. Have you ever searched for documents on p2p? I have seen bank statements(with account number) and other things best kept off the interwebs. What makes you think your fellow gov't employees are any smarter than the rest of the country?

I, for one, think this is a good idea only because i know people are generally idiots, and they will share top secret information on p2p networks.
[ link to this | view in thread ]
itchyfish, 31 Mar 2010 @ 4:50am

Re: Re: Re: Government Training
Yes, all of those things can cause those results, that's why most of them have been banned from sensitive/classified systems and areas. I have little to no confidence that "security training" will keep these incidents from happening. Users, as a general rule, just don't care. There is already security training, it's all click through, and people do just that, click through. They don't understand the broader implications, becuase mostly, they don't really understand or care about computers or how they work. All they want to do is complete their training checklist so the boss doesn't yell at them for not having their checkbox ticked off.
[ link to this | view in thread ]
senshikaze (profile), 31 Mar 2010 @ 4:52am

Re: Re: Seperation between personal and work
"All versions of Windows were virtually useless."

TFTFY
[ link to this | view in thread ]
bugmenot (profile), 31 Mar 2010 @ 4:52am

Re:
"I can't see why a government employee on a government computer would actually need that sort of software." I think that depends on the particular government employee. Say you're in the IT department (as I am, though I'm non-government) and you need a copy of the newest Linux distro to install a new server toot-sweet because you're on a deadline. Bittorrent is the perfect way to get those .iso files. Unfortunately, because you're a government employee, you can no longer use Bittorrent. So, now you're going to have to download the .iso files via another source, at a much slower rate and miss your deadline. Now, in this scenario, should you be running the Bittorrent software on one of your other, active, servers? Hell no! But you could run it on a clean laptop that's located outside the hardware firewall (but with a software firewall in place on the laptop), burn the .iso files to disc, and then reimage the laptop to make sure nothing has been compromised during it's time outside the firewall. I've done something similar quite often in my company, and it works very well. As long as some common-sense safety rules are followed, there's no harm. The harm is in these "zero-tolerance" situations. They're so worried about P2P that they don't realize that the real threats are often from downloading things from standard web pages. Sure, block P2P traffic from the receptionist and Finance and departments that really have no need to access it, but don't ban it from the people that can actually use it and know the precautions to take. The issue is about security. If you (or Congress) think that P2P is the root of the security problems, they you and they are fools.
[ link to this | view in thread ]
DH's love child, 31 Mar 2010 @ 5:06am

Re: Re: Re: Re: Government Training
You, and other admins like you are the reason I HATE IT departments. You think that just because users don't work in your batcave, we are all stupid. At my company, there are MUCH smarter people working outside the hallowed IT room who know a SHITLOAD more about their systems. You admins know our network, you know how to keep it safe (which is VERY important, don't think I don't know that), but you sure as hell don't know EVERYTHING, and you are not the only one's who know how to keep shit safe.
[ link to this | view in thread ]
Steve R. (profile), 31 Mar 2010 @ 5:40am

Self Incrimination
It common sense that the content industry would "hide" its involvement. For purposes of public consumption the legislation has to be "hidden" behind some lofty motherhood goal such as "national security".
[ link to this | view in thread ]
Steve R. (profile), 31 Mar 2010 @ 5:50am

Fundamentally Flawed
It seems that the proposed legislation is the "WRONG" solution.

According to the article: "We can no longer ignore the threat to sensitive government information, businesses, and consumers that insecure peer-to-peer networks pose," Towns said in the statement. "Securing federal computer files is critical to our national security."

If the real concern is security, then the obvious solution would be to have your IT department develop a secure computer. Passing a law that criminalizes certain behavior fundamentally does not actually improve security.

I guess this is a case of putting lipstick on a pig and hoping that nobody will notice.
[ link to this | view in thread ]
Andy, 31 Mar 2010 @ 6:16am

Re:
What if a governement employee needs to share a large file with another government employee? Say a large PPT presentation which is too big to email? They can't use a thumb drive - as the usb ports should not be enabled for this on govt computers. They have to use file sharing - sharepoint server or ftp server. This bill will effect all of those - not just things like kazaa or others used publicly.
[ link to this | view in thread ]
Tony, 31 Mar 2010 @ 6:23am

Actually, if the Top Secret data is residing on a computer that has internet access period, that person is committing a serious violation. It should go without saying that the computer being used to store classified material shouldn't have any P2P software on it let alone even have access to the internet.
[ link to this | view in thread ]
Anonymous Coward, 31 Mar 2010 @ 6:52am

Re: Self Incrimination
ACTA says what?
[ link to this | view in thread ]
Idobek (profile), 31 Mar 2010 @ 6:57am

Re: Tony
"Actually, if the Top Secret data is residing on a computer that has internet access period, that person is committing a serious violation. It should go without saying that the computer being used to store classified material shouldn't have any P2P software on it let alone even have access to the internet."

I think we can safely substitute "politically embarrassing" for "Top Secret" in terms of the data in the minds of the members of Congress who voted for this bill.
[ link to this | view in thread ]
Steve R. (profile), 31 Mar 2010 @ 7:24am

Re: Re: Self Incrimination
????????? "The purpose of ACTA is to establish international standards to combat counterfeiting and piracy. All the negotiation sessions are conducted in secrecy and the details are not revealed by any of the participating nations at all. Initially, public didn’t even know who the participating nations are exactly! I wonder why negotiations which involve intellectual property laws should be kept secret!" TechDirt has published numerous similar articles concerning the lack of transparency.
[ link to this | view in thread ]
Michael, 31 Mar 2010 @ 8:05am

Great
This will spawn a new industry for application development to automatically click the stupid button on the dialog when it appears.
[ link to this | view in thread ]
Steve R. (profile), 31 Mar 2010 @ 8:14am

Re: Great
Patent infringement lawsuits will explode.
[ link to this | view in thread ]
Anonymous Coward, 31 Mar 2010 @ 1:51pm

No Big Deal At all
As a government worker I know the user policy and abide by it. No file sharing with third party software. Further, the PC are lock down and nobody except SysAds can install anything. Turns out, this is no big deal. There are several collaborative environments where large work files can be uploaded and shared via the web to all concerned, to include other agencies, contractors and team members. The difference is these are official and you are accountable for what is uploaded. Key work accountable.

There is nothing that P2P can offer that I can't accomplish by the provided web sites available to me. Except, to share the latest "new movie" not available on DVD yet!

For those who feel that a work provided computer and access should be used however you feel, there are plenty (Not as many lately) of other jobs out there with much more lax rules.
[ link to this | view in thread ]
itchyfish, 1 Apr 2010 @ 5:27am

Re: Re: Re: Re: Re: Government Training
My comment was related to users in a general sense. Of course there are very smart users, I don't deny that. But here's the thing. It only takes one stupid user to open the entire network to the outside. And even smart people make mistakes. This is why the black hats almost always win. When you're managing a network with a population of users in the 10s of thousands, you can be sure at least one of them is stupid. Basically one bad apple spoils the barrel. Admins/security people don't necessarily like this types of 'all or nothing' decisions, but they do have different priorities than general users.

Your comment and general attitude is typical of many users who think they know more than the admins. it's probably why your admins/security people don't like you.
[ link to this | view in thread ]
fairuse (profile), 3 Apr 2010 @ 9:33am

Quite easy to find what the house is up to.
H.R.4098 Secure Federal File Sharing Act via
http://theweekincongress.com/member/MAR10_FULL/HR4098SECUREhMAR26.htm

About users. Yes, some are clueless and should not have a computer but on
average most users get blindsided at least once. Security lives and dies by
keeping that locked down.

P2P software: My experience in a federal position taught me that P2P should
only be used by or under control of IT and or Software Engineering
personnel. There is little need at the user level for configuring client
software. If the correctly configured client cannot be modified then the P2P
network is secure. May be more secure than older methods like "secure FTP".

It is not the technology that is bad it is the misuse of or the lack of skill by
the installer that is bad. Both are governed by existing law and regulations.

Done.
[ link to this | view in thread ]