×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FTC To Take a Second Look at P2P

ScuttleMonkey posted more than 6 years ago | from the any-excuse-to-cause-trouble dept.

The Internet 132

BlueMerle writes to mention that the House Committee on Oversight and Government Reform has asked the FTC to take another look into the world of peer-to-peer file sharing. This time around however the inquiry has nothing to do with copyright. "But a USPTO report earlier this year stirred up the issue again by claiming that P2P installs could adversely affect national security when they made confidential government information available. This has already happened several times, as the Oversight Committee learned in July when it held hearings on the USPTO report and its findings. At that hearing, representatives were also shown real-time P2P search data. While most of the searches were for porn, movies, and music, the committee noted a surprisingly number of searches for private financial information."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

132 comments

Just wonderful. (3, Funny)

adolf (21054) | more than 6 years ago | (#21081637)

Now, instead of RIAA, I have to worry about the Secret Service and the NSA when I'm browsing pirate bay looking for some mus

*bright flash of concussion grenade*

$#(FRe2%DEK#NO CARRIER

Re:Just wonderful. (4, Interesting)

Technician (215283) | more than 6 years ago | (#21081785)

Now, instead of RIAA, I have to worry about the Secret Service and the NSA when I'm browsing pirate bay looking for some mus

Your search for muscle building is probably not going to raise any eyebrows. The fact you are sharing your entire My Documents folder with your Turbo Tax records is of a bigger concern. Go to any P-P site and do a search for common applications extensions. .doc, .xls, .ppt, are just the tip of the iceberg. Try searching for .pwl.. enjoy.

Many people just don't get the fact they shouldn't use their home directory as a place to download their goodies. It is what they share without even knowing is what is dangerous.

Here is a WSJ article detailing the problem..
http://online.wsj.com/public/article/SB118134946950829716-QWDmBwH_qAgisaepbCCMoT_4cPA_20070710.html?mod=fpa_editors_picks [wsj.com]
Compuerworld article;
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9012961 [computerworld.com]
and an article regarding an ID theft and arrest
http://www.smh.com.au/news/security/man-used-filesharing-program-to-steal-data-money/2007/09/07/1188783469524.html [smh.com.au]

They are not interested in your searches for marginal photos. They are interested in the security leaks.

So just where are you pointing your downloads? Just what are you making available?

Re:Just wonderful. (2, Funny)

Ash Vince (602485) | more than 6 years ago | (#21082015)

Many people just don't get the fact they shouldn't use their home directory as a place to download their goodies. It is what they share without even knowing is what is dangerous.
Then when they lose all their money to identity theft and starve it can be treated as clear cut case of Darwin Laws in action and we post it slashdot as positive confirmation of the theory of evolution.

Anyone that stupid should not be using the internet.

Re:Just wonderful. (2, Funny)

Technician (215283) | more than 6 years ago | (#21082047)

Anyone that stupid should not be using the internet.

True, but they do. As an example of a large collection of these people, visit My Space.

Re:Just wonderful. (0)

Anonymous Coward | more than 6 years ago | (#21083019)

visit My Space

It might be a nice place to visit, but... on second thought, no, it's not a nice place to visit.

Re:Just wonderful. (0)

Anonymous Coward | more than 6 years ago | (#21083025)

Or Anonymous Cowards on /. ... *grin*

Re:Just wonderful. (1)

AvyTech (942143) | more than 6 years ago | (#21084435)

Duly noted and seconded, but scratch "internet" for "p2p" in general. It's so simple to just pop in a 4gig flash drive.

Re:Just wonderful. (1)

Xichekolas (908635) | more than 6 years ago | (#21085133)

Anyone that stupid should not be using the internet.

Maybe you missed out on the 90s, so I'll recap it in three letters for you:

AOL

Re:Just wonderful. (2, Funny)

MrNiceguy_KS (800771) | more than 6 years ago | (#21085485)

Old method for getting free music via the internet:
1. Download and install LimeWire
2. Search for desired artist/song.
3. Download songs that others are sharing.

New method for getting free music via the internet:
1. Download and install LimeWire
2. Search for Quicken and TurboTax files that others are sharing.
3. Transfer their assets to bank account in Cayman Islands.
4. Use money in said account to buy CDs.

Just one extra step, and no angry settlement letters from the RIAA!

Re:Just wonderful. (1)

hyades1 (1149581) | more than 6 years ago | (#21082183)

"They are not interested in your searches for marginal photos. They are interested in the security leaks."

How do you know what "they" are interested in? Hoover spent years amassing files on people who might one day reach positions of power. Then he blackmailed them. With virtually unlimited storage capacity, increasingly effective database management and an ethically-challenged government, I wouldn't make too many definitive statements about what is or isn't a matter of interest.

Re:Just wonderful. (0)

Anonymous Coward | more than 6 years ago | (#21082307)

I am them and we're just not interested. Yeeesh.

Re:Just wonderful. (3, Interesting)

bombastinator (812664) | more than 6 years ago | (#21082415)

While Technician makes a very valid point, I suspect a major impetus for this is going to turn out to be RIAA lobbying. After all it's OK to be a bastard as long as it's a matter of national security.

IMHO the P2P developer groups are going to have to get off their butts right fast and do some kind of patch to fix this hole, Such as an auto folder creation, or major pop warnings or something, or they are going to find themselves legislated out of existence.

And I do mean really really fast. There is a major attitude about foreign military and industrial espionage. This is the kind of legislation that has legs. It's got both fear and money on it.

Re:Just wonderful. (1)

lib3rtarian (1050840) | more than 6 years ago | (#21084209)

It's hard to blame developers for this. Every p2p programs has the ability to change the folder you share. And frankly, the legally legitimate ones, like torrent, don't share a big folder. Rather, they individually track single files that must be selected purposefully.

Re:Just wonderful. (2, Interesting)

bombastinator (812664) | more than 6 years ago | (#21084773)

True, but there's truth and then there is marketing. Remember there are well funded organizations who want to end file sharing. It doesn't have to actually be true it merely has to be a truthy excuse.

Off hand I would ignorantly guess that it at least needs to be made clear that anyone who manages to get their stuff shared unintentionally is a giant idiot. Traditional liability requires a gate lock equivelant, which in this case would be a default setting that did not allow main directory sharing, with a warning labeled confirm window to change it.

This will possibly damage a lot of the sharing depth of lime/frost wire and eDonkey, but I'm not sure there's any help for it. I'm not a lawyer, a programmer, or a political analyst however. Your milage may vary.

Re:Just wonderful. (2, Informative)

cayenne8 (626475) | more than 6 years ago | (#21085035)

"While Technician makes a very valid point, I suspect a major impetus for this is going to turn out to be RIAA lobbying. After all it's OK to be a bastard as long as it's a matter of national security.

There is a major attitude about foreign military and industrial espionage. This is the kind of legislation that has legs. It's got both fear and money on it."

Yup...if copyright won't get rid of P2P or other potentially corporate threatening technology, lets use the good old standby of 'national security'.

I heard someone say it before...'national security' and 'child porn' are the keys to the constitution. Just throw one or both of those in your argument for legislating more rights and privliges away, and you're golden.

Re:Just wonderful. (1)

beckerist (985855) | more than 6 years ago | (#21084273)

I learned the simple act of "monitoring what you share" early on when my first experience with someone downloading from me was the casual result of the misspelling of a picture/filename on my computer. It was supposed to say "Prom 2002" but the guy found it because I instead typed an N instead of an M.

I've been careful ever since.

I may not be a bureaucrat ... (4, Insightful)

Arabani (1127547) | more than 6 years ago | (#21081645)

But wouldn't the real solution be to train government employees in the arcane art of not installing P2P applications on government computers in the first place? Or does that just make too much sense to be effective?

Re:I may not be a bureaucrat ... (3, Interesting)

adolf (21054) | more than 6 years ago | (#21081669)

A better answer would be to stop giving everyone personal computers if they're not supposed to be, well, personalizing them.

Not to be too fucking obvious, here.

Re:I may not be a bureaucrat ... (1)

R2.0 (532027) | more than 6 years ago | (#21083311)

So, if the moniker "desktop" computer was more prevalent, you would complain that management should allow you to flatten yours so you can place paper on top?

"Personal" is a marketing apellation. Don't read more into it tan is there.

Re:I may not be a bureaucrat ... (2, Insightful)

speaker of the truth (1112181) | more than 6 years ago | (#21083337)

There are alternatives to what are commonly known as PCs. One alternative is to have a dumb terminal (I'm sure they've got a much more flashier name these days, but they're the same thing). You can't install your own software on those.

Re:I may not be a bureaucrat ... (2)

hackstraw (262471) | more than 6 years ago | (#21083763)

A better answer would be to stop giving everyone personal computers if they're not supposed to be, well, personalizing them.

Not to be too fucking obvious, here.


How about using deductive reasoning instead of putting the finger in the dike?

I mean, its already illegal to share illegal stuff illegally. Why focus on p2p? This kind of information could be spread via email, snail mail, http, ftp, newsgroups, pencil and paper, smoke signals, telephone, telegraph, stenography, steganography, etc, etc, etc.

I can't wait until these technology ignorant people that are in power retire and die off. I guess it will be another 10-20 years of this crap, but then again, as the Who says "meet the new boss same as the old boss". So odds are, some other ignorant but powerful crap will continue.

Re:I may not be a bureaucrat ... (1)

Tikkun (992269) | more than 6 years ago | (#21085193)

We don't have personal computers at work, we have workstations and test machines. If you are using a personal computer at work, then you are doing it wrong.

Re:I may not be a bureaucrat ... (4, Insightful)

MoonFog (586818) | more than 6 years ago | (#21081685)

And teach them that, even at home, sharing the entire "My Documents" folder when you keep your private and work related stuff there is a bad idea. I mean, most P2P programs I know of don't just make your entire harddrive available, you actually have to put these documents up for grabs.

Re:I may not be a bureaucrat ... (1)

cayenne8 (626475) | more than 6 years ago | (#21085349)

"And teach them that, even at home, sharing the entire "My Documents" folder when you keep your private and work related stuff there is a bad idea. I mean, most P2P programs I know of don't just make your entire harddrive available, you actually have to put these documents up for grabs."

What is this "My Documents" folder you speak of......I have no such folder on my systems...

:-)

Re:I may not be a bureaucrat ... (3, Funny)

cybereal (621599) | more than 6 years ago | (#21082029)

But wouldn't the real solution be to train government employees in the arcane art of not installing P2P applications on government computers in the first place? Or does that just make too much sense to be effective?
I'm sorry. You forgot to file form 23-B "Request for request to criticize" and amendment form 27-B-A2 "Amendment to criticism for system specific criticisms involving apes, lepers, or government employees," and submit it the resulting form along with a notarized copy of your mother's birth certificate request form, so I have the unfortunate duty to file a form to request the manual to instruct my assistant on how to file the request to have your bureaucrat grade demoted.

Remember to file the acceptance forms or risk a lengthy repeat of this entire process!

Stamp stamp stamp stamp stamp

Re:I may not be a bureaucrat ... (1)

me at werk (836328) | more than 6 years ago | (#21082109)

If only so many apps the gov bought weren't so crappy and didn't require the user to be administrator for them to run I speak from experience too :(

Re:I may not be a bureaucrat ... (1)

Techman83 (949264) | more than 6 years ago | (#21082203)

But wouldn't the real solution be to train government employees in the arcane art of not installing P2P applications on government computers in the first place? Or does that just make too much sense to be effective?


Wouldn't the real solution be better control of government systems, specially ones containing sensitive material. Staff are never going to fully understand the risks, they have been conditioned to the no thinking click next, next, next way of doing things. They are never going to be fully aware that they just shared the entire governments sensitive data to the rest of the world.

Unfortunately you just can't trust and end user.

Encryption (1)

elucido (870205) | more than 6 years ago | (#21082357)

Shouldn't that information be encrypted? If it isn't readable, downloading it from p2p wont help much unless hackers have a super computer built up of zombie machines to crack it.

Re:Encryption (1)

smilindog2000 (907665) | more than 6 years ago | (#21082643)

Generally, sensitive government information is already physically shielded from the Internet - they simply don't connect their computers to it. I have some friends who don't even feel comfortable telling me what their wives' jobs are, and I doubt it's anything really cool that deserves to be secret. As far as I can tell, government security is working quite well. Heck, I can't even find anyone who wants to talk about that secret hypersonic plane I'm pretty sure we built. You'd think there'd be be nothing more fun to speculate about around the water cooler... not so. I just want to see the damned thing. It seems that the government realizes the basic truth of information security: the weakness is individuals, not technology (gee, how advanced is not connecting to the net?). I'm quite impressed at how universally government employees have been trained who access even potentially sensitive information. However, the vast majority of government employees I deal with are really smart... the stupid ones most be out there.

No, P2P file sharing is less of a threat than Google. Post something on your blog, and within a month, the whole world knows. A stupid government employee with access to both valuable secrets and Myspace could be quite dangerous. Anyway, I feel we currently err on the side of paranoia. 9/11, the Iraq war, and Bush's general preference for lack of oversight [guardian.co.uk] have to a silly explosion in classified government secrets.

Re:I may not be a bureaucrat ... (1)

root-a-begger (854073) | more than 6 years ago | (#21082617)

It may be effective to step back further and help people understand that the Internet is, by design, a P2P network. What we call P2P apps are simply higher levels tools and protocols on top of this existing P2P structure.

Combine this information with the general understanding that it is perhaps impossible to un-share information after it has been shared. This principal of not being able to un-share is without regard to the technology used.

After that, you may get people to change their behavior. Or maybe not.

Re:I may not be a bureaucrat ... (1)

spamking (967666) | more than 6 years ago | (#21083335)

Most government IT departments have blocked p2p sites and issued policies against installing p2p programs and improper use of federal computer systems and resources. However, some offices still allow users to perform their own software installations which sometimes can lead to a p2p program getting installed.

Sometimes people just don't know any better, or don't pay attention to policy.

Re:I may not be a bureaucrat ... (1)

Midnight Thunder (17205) | more than 6 years ago | (#21084397)

But wouldn't the real solution be to train government employees in the arcane art of not installing P2P applications on government computers in the first place? Or does that just make too much sense to be effective?

The argument they are using is pure hockus. They say P2P is an issue because a number of the searches are for private and confidential information. This sort of argument can also be applied to search engines such as Google or anything else on the internet. There is also a big difference between searching for something and actually getting matching results back. If there is private and confidential information around, then the issue is not so much the P2P networks, but the person who shared it in this first place. If there is a leak in the government, or any agency handling private and confidential data, then maybe they should check out their own networks first.

Why is P2P always to blame? (4, Insightful)

MoonFog (586818) | more than 6 years ago | (#21081657)

But a USPTO report earlier this year stirred up the issue again by claiming that P2P installs could adversely affect national security when they made confidential government information available.

How is this even remotely related to any P2P protocol? That's an issue no matter what protocol used. Hell, in Norway there have been lots of screaming because some soldiers have put information and pictures that were confidential in one way or the other up on Facebook. Making confidential information available is a breach of security no matter what protocol you use to distribute it. Perhaps things get distributed more with P2P, but you still have to look for information and download before (while) you distribute it yourself.

Re:Why is P2P always to blame? (5, Interesting)

iminplaya (723125) | more than 6 years ago | (#21081765)

It's about changing the internet from its present P2P nature where anybody can run a server into centrally controlled repository of "authorized" servers where uploading, like present day broadcasting, will require a license. Chances are the public will fall for it and go along. And the ISPs are already doing their part by restricting upload speeds and volume.

Re:Why is P2P always to blame? (1)

Storlek (860226) | more than 6 years ago | (#21081835)

And then, we will see the rise of pirate websites, just like how there are pirate radio stations now.

You could go a step further and conceive a world in which not only servers, but even things we take for granted, such as a hard drive or DVD-R disc, would be regulated. Admittedly, this is a highly extreme case, but considering there's already a trend toward making web applications for everything, it wouldn't be too difficult to convince the less technically apt people that they don't need a "real" computer -- that a thin-client system is exactly the same, except much cheaper. It'd essentially destroy peer-to-peer sharing as we know it. And perhaps this would lead to black-market hard drive sales, and a vast underground sneakernet [wikipedia.org], because history is destined to repeat itself.

Unacceptable! (1)

twitter (104583) | more than 6 years ago | (#21083577)

And then, we will see the rise of pirate websites, just like how there are pirate radio stations now

We should never, ever get there. Unlike radio, there's no public interest that should keep you from running servers. Any laws forbidding publication are an obvious violation of the First Amendment. You should be able to use the bits you purchase in any way you chose.

Re:Why is P2P always to blame? (1)

jamstar7 (694492) | more than 6 years ago | (#21083683)

They already license tvs and radios in Europe, from what I've been told.

Licensing a car, I can see. You're driving it on the road and could possibly run over somebody, so it's in the public interest you have some minimal level of skill to drive it, say, eyesight. But licensing a tv, radio, or computer? How many times they want you to pay for it?

Re:Why is P2P always to blame? (1)

Agripa (139780) | more than 6 years ago | (#21083989)

You could go a step further and conceive a world in which not only servers, but even things we take for granted, such as a hard drive or DVD-R disc, would be regulated.

Mike said, "First thing you need is Social Security and driver's license."
Gordon looked puzzled. "Driver license? For what, mass driver? Disk drive?"


http://www.baen.com/library/067172052X/067172052X.htm [baen.com]

I'd go further than that... (2, Interesting)

Cheesey (70139) | more than 6 years ago | (#21082747)

...and suggest that to even connect to the Internet as a client in the future, you'll need a licence and an approved software stack. The licence will be in the form of an officially endorsed key pair, and your OS will (1) sign all your outgoing packets with this key pair, and (2) respond to remote attestation requests about the software running on your machine. You'll be able to opt out of this, of course, but if you do, you can't connect to the Internet, because routers at your ISP will refuse to carry traffic lacking a valid signature from the central authority.

One consequence of this is that you will lose anonymity, because everything you send will be traceable to your licence. It will also enable censorship and the destruction of information, because when licences are revoked, information sent using them will simply disappear. That's perfect for any organisation that wishes to control the movement of information, from Fascist governments to record companies.

The expense of this will be justified in the usual ways ("think of the children"/"the poor starving musicians"/"the dying film industry"/"OMG TERRORISTS!1!!!!1!"), and the technology that will be used to implement it already exists. It's funny to think that possession of an unlicensed computer might be a crime in the future, since an unlicensed computer might enable someone to copy information without restriction, and obviously only a criminal would want to do that. Will possession of Linux land you in jail?

Truly the present day is the best time to be alive, because we have all this advanced technology and it is not restricted yet.

Re:Why is P2P always to blame? (2, Informative)

Technician (215283) | more than 6 years ago | (#21081823)

Making confidential information available is a breach of security no matter what protocol you use to distribute it.

Many people simply don't read the manual. They go "Oh, goody, freebies" and point the software at their My Documents folder. Later they wonder why someone else is using their credit card info. Have you ever saved a confirmation screenshot for an online purchase? Does it include your shipping info, full name and credit card details? This oops in security is the focus of the article.

The I didn't upload my credit card details to face book is not the issue. The issue is you were stupid (lots who don't read the manual) and pointed the software to the My Documents folder along with tax returns, credit card and banking info.

Why is P2P always to blame? Answer: (2, Interesting)

bombastinator (812664) | more than 6 years ago | (#21082629)

P2P is always to blame because there is a group with money ready to blame it. The finger prints are all over this.

How could a legislative committee discover, discuss and decide to take action on a problem like this before the leading edge of the community, which is to say here, has even heard about it? Remember these guys don't even type themselves, they have people to do that. That intertube guy genuinely thought he was being insightful at the time.

There may be other evidence. Where an when did these guys hear about the problem? That one could say a whole lot

Groups like the senate oversight commitee are cherry appointments. They go to senators that have been in office more or less forever. That means these guys are OLD.
OLD legislators don't go online that often but the do generally make a point to read their district's local paper. Is there a suspicious cluster of spontaneous articles that have appeared there more than other equivalent publications that are not home town news for pertinent legislators?

There may also be a few various motivating factors for making an argument over this.

Is there unequal use of P2P for political purposes? I have not been following the Obama campaign but I understand he is leveraging the internet pretty heavily. If P2P is being heavily used by on party more than another, it behooves the other party to kill the medium.
The solution for this one is for supporters of both P2P and the legislator in question need to start making use of it to prove the personal need.

Espionage has recently become a hot issue. The beauty of this particular subject is it's at least superficially non-partisan, it appears, truthfully or not, to address a major news subject making them look like heroes, and of course there's the money from the RIAA to make it all tastier.

How convenient... (3, Funny)

jamstar7 (694492) | more than 6 years ago | (#21081659)

So, since the MafIAA couldn't stop all those 'illegal filesharing piratical thieves' it's now going to be a national security issue like personal encryption was back in the 90's.

How much pr0n does the government have laying around, and why isn't it on Limewire yet?????????

Re:How convenient... Maybe it is... (1)

PetriBORG (518266) | more than 6 years ago | (#21083749)

How much pr0n does the government have laying around, and why isn't it on Limewire yet?????????

Maybe it is and you just didn't notice - its probably hiding somewhere in the mature section. ;-)

Re:How convenient... (1)

dkf (304284) | more than 6 years ago | (#21084187)

How much pr0n does the government have laying around, and why isn't it on Limewire yet?????????
You want pictures of Larry Craig?

Great! (3, Insightful)

LordPhantom (763327) | more than 6 years ago | (#21081673)

Brilliant! Bribery didn't work, so let's make it about national security. Why, precisely, is this any more dangerous than "ssh encrypted file transfers" (aka sftp), or this newfangled thing called FedEx and "paper"? Sure, because it's an information-sharing protocol you can (drum roll) share information. That, in of itself is not a heinous thing.

Re:Great! (0)

Anonymous Coward | more than 6 years ago | (#21082179)

You didn't read the article, did you?

It's dangerous because file sharing applications (what they really mean) generally cause people to make information available that they didn't mean to. People don't think, and just share as much as they can for whatever reason they have.

Since people aren't thinking "oh, my electronic W2s are in My Documents and I just shared that to the world" that makes P2P dangerous. I remember searching the Windows Network at college and discovering a surprising number of people with their entire computer shared, giving everyone free read access to all their files. This is the same type of problem.

SFTP, by contrast, is secure in that it requires authentication. If you managed to set up an SFTP server that didn't require any authentication and simply provided complete access to your entire file system (something I don't think most SSH daemons allow), it would be as bad as general file sharing applications.

That being said there are also valid concerns about P2P applications and network reliability and security. A BitTorrent swarm and a worm attack look surprisingly similar in basic traffic analysis - there are worries that P2P applications could mask actual attacks. (I'm not sure how much I believe that, but you can Google up some papers on it.)

Re:Great! (1)

speaker of the truth (1112181) | more than 6 years ago | (#21082331)

It's dangerous because file sharing applications (what they really mean) generally cause people to make information available that they didn't mean to. People don't think, and just share as much as they can for whatever reason they have.
Just how fucking stupid do you have to be to upload your entire My Documents contents? I was using p2p apps when I was a kid (the only time I ever used them) and I still didn't manage to accidentally upload stuff. Oh wait, I forgot, these are government employees. Nevermind.

Your honor... (4, Funny)

Romicron (1005939) | more than 6 years ago | (#21081677)

Financial information is more important data. All those numbers take up lots of tube space. Soon we'll have all those tubes clogged up with dollars and cents* unless we can cut off the P2P box from trying to get this data! *Dollars and cents are number figures, not actual coins. Please don't go digging around and cutting open the tubes for money.

they know better than this surely (1)

wizardforce (1005805) | more than 6 years ago | (#21081687)

"But a USPTO report earlier this year stirred up the issue again by claiming that P2P installs could adversely affect national security when they made confidential government information available. This has already happened several times
There are a lot of other ways information gets around, it isn't all P2P and even if it was, that isn't their problem. The idea that you can stop information flow any more is in the realm of the insane.

It's definitely financial information... (1)

Professr3 (670356) | more than 6 years ago | (#21081715)

Definitely. It's not government secrets, or embarrassing facts about the war on terror...

A surprising number of searches? (3, Insightful)

Romicron (1005939) | more than 6 years ago | (#21081735)

I love it when qualitiative terms are applied to quantitative data. Out of 100% of searches made, there'll be A% for porn, B% for music, C% for movies... and D% for "sensitive financial information?" What was that number? "A surprising amount." (Skimmed the article too). What number were you expecting? 0%? 0.001%? 1%? I'd like to know a) exactly what the numbers are, b) what constitutes a search for "sensitive financial information". Searching for a credit report on someone is a lot different than searching for how much money some celebrity makes.

Re:A surprising number of searches? (1)

Technician (215283) | more than 6 years ago | (#21082833)

What number were you expecting? 0%? 0.001%? 1%? I'd like to know a) exactly what the numbers are, b) what constitutes a search for "sensitive financial information".

Most P-P stuff is copyright violations of photos (porn) movies (Hollywood & Porn) and sound (RIAA stuff which is mostly audio soft porn and cursing with parental advisory stull the parents won't let the kids buy) Most P-P stuff does not involve theft (unless you ask **AA who will tell you copyright violations is theft) and when ID is stolen and used for a shopping spree, then the search for those responsible gets cranked up a notch. When money leaves someone else's account, they take notice.

http://www.smh.com.au/news/security/man-used-filesharing-program-to-steal-data-money/2007/09/07/1188783469524.html [smh.com.au]

Taking a copy of your MP3 is not the same as taking your bank account. You still have your MP3 unlike the money that was in your account.

Obligatory Simpsons (1)

Ambiguous Puzuma (1134017) | more than 6 years ago | (#21083005)

"What percentage is that?"
"Zero. Zero is a percent, isn't it?"

(0% certainly would be "a surprising amount", at least to me!)

I have to ask this... (4, Insightful)

Storlek (860226) | more than 6 years ago | (#21081793)

Why are classified documents even on a computer that's connected to the internet in the first place? The government has their own separate [wikipedia.org] networks [wikipedia.org] for that stuff.

Re:I have to ask this... (1)

MoonFog (586818) | more than 6 years ago | (#21081863)

Every classified document is not "Top Secret" or intelligence related. I don't know about the US, but at least in Norway, a form that is filled with personal information is called "Classified", and the article specifically mentions confidential information being used for identity theft. If you work for a company that participates in bid wars, the bidding documents will be classified, and sales persons may bring that around on their laptops as they travel. They definitely should be careful, but this isn't about the most secret documents, that's why they're on a computer that is connected to the internet. It doesn't mean that them falling into the wrong hands do not do damage though.

Re:I have to ask this... (1)

Storlek (860226) | more than 6 years ago | (#21081937)

Ah yes, but by the official US government definition, anything that "does damage" or is otherwise "prejudicial to state security" should be classified at a minimum of Confidential, and precautions are supposed to be taken to ensure those documents are handled completely on separate networks which don't even touch internet-connected computers at all.

(Full disclosure warranted, I do have a clearance, and knowing about this kind of stuff is a part of my job.)

Re:I have to ask this... (1)

MoonFog (586818) | more than 6 years ago | (#21081965)

So people are taking documents that should be on a separate server, places it on a machine that is connected to the internet (which isn't supposed to happen) and then proceeds to share this information over a P2P network? Why is the FTC going after P2P again? Seems to me they need to evaluate the people cleared to handle these documents and the procedures and processes involved.

Re:I have to ask this... (1)

erlenic (95003) | more than 6 years ago | (#21083531)

So people are taking documents that should be on a separate server, places it on a machine that is connected to the internet (which isn't supposed to happen)...

You'd think people would know better. Unfortunately...

...and then proceeds to share this information over a P2P network?

I've seen exactly the situation this article talks about, on a military computer. Luckily the only thing shared was pamphlets about military health benefits.

Re:I have to ask this... (1)

IBBoard (1128019) | more than 6 years ago | (#21082181)

That always depends on what the article means by "confidential". I'm in the same situation - I've got clearance and have worked with the information, and when working with commercial companies it annoys people no end that they insist on the footer "private and confidential" when what they mean is "private and in confidence because it is [insert company name] proprietary".

It's even worse when you've got an outbound mail filter that then trips over it and blocks it. It's a lower case "confidential" in the article so it could very easily be the civilian rather than military/government meaning.

As for not being connected to the Internet, that depends. Standard procedure in the UK is to not connect them but I know of a trial recently where they had an accredited (and therefore approved as safe) connection from Secret to an Unclassified/Internet network. That was just a trial, though, so I can't see anything happening from that any time soon.

Re:I have to ask this... (0)

Anonymous Coward | more than 6 years ago | (#21081885)

because it's easier to bring the whole database with you than specific piece of information, because they want to play their favorite mmorpg. who knows

Re:I have to ask this... (1)

TeraCo (410407) | more than 6 years ago | (#21082397)

Those networks are for Secret and Top-Secret. I don't think you realise how much information out there is classified but isn't Secret+. The administrative overhead with a Secret+ document can be horrifying, you don't just want to slap it onto every document the government touches.

Re:I have to ask this... (1)

MobileTatsu-NJG (946591) | more than 6 years ago | (#21082533)

"Why are classified documents even on a computer that's connected to the internet in the first place?"

For the field. Not every place gov't workers with clearance go to has a connection to their seperate networks.

p2p is too democratic, a danger to the US (5, Interesting)

br00tus (528477) | more than 6 years ago | (#21081847)

I've done various work with p2p for a while, including writing my own Gnutella application. Peer to peer technology is much too democratic and egalitarian to be allowed free reign. For example, currently if I wanted to publish a 30 minute video online, I would have to pay a lot of money to host it. Nowadays, I could send it to sites like Youtube if I was willing to accept it being surrounded by advertising (or possibly banned if running afoul of their rules). With peer-to-peer, anyone can publish, and if it's popular enough, the "cost" is really paid for by the consumer. For a society like the US, with most of the media in the hands of a few conglomerates, this is far too much freedom and equality, and I knew it was just a matter of time before they attempted to get their claws on peer-to-peer, at the behest of those conglomerates.

Last year Javed Iqbal, a satellite installer, was thrown in jail. His crime? He allowed people in the US to watch Al-Manar, the television station of Hezbollah. Of course Hezbollah is legally considered to be a terrorist group - if you're a country that is or formerly was a British colony. Or, for some reason, Holland. Outside of Holland and current/former British Dominions, the rest of the world considers Hezbollah to be what it is, a representative of Palestinians pushed into southern Lebanon by the Israelis from 1948 on. But anyhow, the US and UK are at odds with the rest of the world on this as so often they are, Iqbal was thrown in the slammer, and nary a word is heard about it or the supposed First Amendment. Meanwhile, narcissistic attention-seekers like Salman Rushdie are feted and praised year after year. In fact, this is done by the same corporate media propaganda machine which is working to dismantle things like peer-to-peer, all the while of course never reporting on what they are in fact doing, or about many things that are going on in the country of interest but that we'll never know about.

Re:p2p is too democratic, a danger to the US (1)

adminstring (608310) | more than 6 years ago | (#21082151)

Wait a second... Salman Rushdie? Don't you mean Britney Spears? Or are you stuck in a parallel universe where highbrow authors rule the airwaves and pop tarts grovel for table scraps of media attention while dodging reactionary assassination attempts?

If so, are there any vacancies?

Re:p2p is too democratic, a danger to the US (0)

Anonymous Coward | more than 6 years ago | (#21082447)

The Lebanese Hezbollah is not a representative of Palestinians (who are predominantly Sunni) - it is a representative of the South Lebanese Shia, though it is not exclusively Shia and has Christian members in South Lebanon.

Re:p2p is too democratic, a danger to the US (1)

foniksonik (573572) | more than 6 years ago | (#21084833)


I'll take the bait. Once a group has been classified as a terror group, due to active hostile activities, they get the treatment warranted by that classification, regardless of any other activities they may want to pursue. If Hezbollah wants to be a political group that gets respect by other political entities, they need to act as one and stop funding violence, stop passing out munitions to their members.

If their goals were to raise up their people and gain them the respect from the world they deserve, they would do so by treaty and negotiation not violence.

What they prove through the use of violence is that they are not interested in peaceful resolutions but in maintaining a culture of violence and strife. In the minds of the western world at least, they are nothing but a gang. We hear nothing of their ideology, their philosophy or their goals because all we can see are explosions, gunfire and chanting while waving guns in the air. We wouldn't accept this kind of behavior in our own countries from any group of people and that is the litmus test for any group around the world.

If we can't invite you to our house for dinner and trust you to behave yourself, then you don't get any respect.

Not violence (1)

Tony (765) | more than 6 years ago | (#21084881)

If their goals were to raise up their people and gain them the respect from the world they deserve, they would do so by treaty and negotiation not violence.

Jeez. If only the US would do that.

Re:Not violence (1)

foniksonik (573572) | more than 6 years ago | (#21085385)

The US does do that, we're doing it right now with Turkey, the Kurdish group and Iraq. We're doing it with North Korea. We've been doing it with Russia, China the whole European Union, with Canada with Mexico, with the entire rest of the world.... for the last 50 years. Imagine if the US didn't use treaty and negotiation. The entire world would be a freakin warzone.

Chasing the wrong goat (4, Insightful)

Camael (1048726) | more than 6 years ago | (#21081897)

From the original article:

The committee has a bee in its collective bonnet about the issue of data security, and believes that P2P users across the country are inadvertently leaking private information and financial records into the tubes. Such information could be used for identity theft (and also has national security implications in some cases), and the Oversight Committee wants the FTC to do something.
So why is the committee going after the medium (p2p) instead of the users leaking the secrets? Going by their logic, other methods of communication like email, msn, icq, snail mail etc. are also potentially capable of leaking national secrets. Isn't it simpler, cheaper and more importantly, less inconvenient to the general public to just issue a directive to all government officials not to use any p2p at their work computers or at all?

Re:Chasing the wrong goat (1)

aeschenkarnos (517917) | more than 6 years ago | (#21081947)

Because it works like this.

Rep Dumbass(RIAA-R): Hey, Bogknock, check this bill out. It's for "Banning All P2P For Any Reason Totalitarian". Heh, I love the acronym, a real work of the Congressional art there. Do you know what a P2P is?

Rep Bogknock(Tobacco-R): *blushes* Er, no, but I sure don't like the sound of it!

Dumbass: So, it's fair to say that banning it wouldn't inconvenience you or anyone you care about?

Bogknock: Nope, not a bit.

Dumbass: Me neither, so who the hell cares? Ban it!

Re:Chasing the wrong goat (1)

ScaryMonkey (886119) | more than 6 years ago | (#21082075)

other methods of communication like email, msn, icq, snail mail etc. are also potentially capable of leaking national secrets.


I agree completely, and I think its high time we limit government bureaucrats' access to these potentially damaging technologies. To this end, we should isolate them in in a sealed room without any outside access. Futhermore, since communication is possible via sound waves that travel across air, we should take the precaution of pumping all the air out of these rooms, thus ensuring our national secrets are inviolably safe.

Also ban HTTP, email and touch-tone, pls. (1)

xigxag (167441) | more than 6 years ago | (#21082039)

the committee noted a surprisingly number of searches for private financial information.

Looks like the "X is bad, X ON TEH INTERNETS is worse!11!!" meme is mutating into "X ON P2P is worserer!11!!"

The protocol, not the application usage? (1)

Jugalator (259273) | more than 6 years ago | (#21082069)

So it's again about a dangerous protocol, not a dangerous use of an application, or company policies allowing dangerous program use?

Well, e-mail has proven to be a pretty bad thing too. With e-mail, many things that shouldn't have leaked out to the public has.

I think things have even leaked out via HTTP. :-(

Re:The protocol, not the application usage? (1)

marcosdumay (620877) | more than 6 years ago | (#21083081)

Please, don't stop there. We should lobby to the abolishment of paper and pencils.

Remote Access (1)

speaker of the truth (1112181) | more than 6 years ago | (#21082375)

Don't all Windows and Linux distros by default allow offsite users remote access to a computer (with some sort of authentication needed of course) in order to help with tech support questions? If so shouldn't the government stop using Windows (and can't move to Linux for the same reason) in case someone accidentally gives someone remote access? Do Macs have this feature as well? If so they might need to resort to typewriters or at least remove access to the internet.

Re:Remote Access (1)

dave420 (699308) | more than 6 years ago | (#21083119)

Windows machines can have that disabled by the active directory in a couple of clicks. As for Macs and Linuxesesses I don't know.

Re:Remote Access (1)

MyDixieWrecked (548719) | more than 6 years ago | (#21084139)

Don't all Windows and Linux distros by default allow offsite users remote access to a computer (with some sort of authentication needed of course) in order to help with tech support questions?

AFAIK, with windows, the user has to specifically request a help session. If you want to be able to connect remotely to a windows box without the request, you've got to check the box enabling RDP (the Remote Desktop Protocol).

The mac has all remote services turned off by default except for Bonjour (automatic service discovery and name protocol) which doesn't have an obvious way of disabling. You can enable ssh (root login is disabled by default) or Apple Remote Desktop/VNC in the System Prefs.

With linux, it depends on the distribution. I'm not aware of any that installs with VNC enabled by default, but depending on the distro, SSH may or may not be on. Many distros have root login disabled by default. Most desktop linux distros have ssh disabled by default.

All of the above services are useless if the machine is behind a properly configured firewall. The firewall could block outgoing requests for remote help on windows and block incomming ssh/rdp/vnc connections. Hell, a properly configured firewall/content filter would prevent the majority of P2P apps as well.

I'm surprised that no content filter vendors that I'm aware of offer P2P content filtering (ie: block any files that aren't .mp3 or .mpg for example).

Is it going to ban P2P video games too? (1)

CrazyJim1 (809850) | more than 6 years ago | (#21082387)

P2P has been used in video games for a long time. In fact serverless P2P MMORPGS are feasable with enough anti-hack code. The only problem stopping true P2P from becoming big is the NATS on routers everyone uses. I think once IPV6 becomes popular, there will be a whole new generation of P2P. There are two reasons IPV6 will be a boon to P2P. The first is obvious: With everyone having a unique IP, you don't need a server to get a list of IPs, you can just ping IPs yourself as if it was a phone book. The second is the NAT issue mentioned earlier.

One thing that P2P brings to stuff like FPS is that it halves the latency. Another thing P2P does is that it doesn't need expensive servers to run constantly. I was writing an interesting MMORPG fighter:www.roamingdragon.com and I was able to write server/client code and play over the net with two machines that had no NAT, but I abandoned the project because everyone uses a router. Very few people will disconnect their router to play a video game and everyone needs high speed internet(low latency) to play. Other than those problems, the game played nicely multi-player.

That's a mighty big phonebook (1)

Nursie (632944) | more than 6 years ago | (#21083513)

It's 128 bit address space. That means there are 2x10^38 addresses. You might be pinging for a while before you find anything.

Just ignore the rabid crowds. (0)

Anonymous Coward | more than 6 years ago | (#21082419)

If P2P networks were widely known to be used by neo-nazis exchanging information on targets, or on exchanging information on how to dodge tax, you know that the "privacy" and "right to freedom" arguments would have disappeared overnight and be replaced by their opposites. Hence they are simply not the result of any principles in general, just a desire to defend and preserve this specific type of file sharing (films, porn) and can be safely ignored.

Re:Just ignore the rabid crowds. (1, Insightful)

speaker of the truth (1112181) | more than 6 years ago | (#21082499)

Newsflash: Nazis used trains and trucks to transport jews to their death. I haven't heard of a nationwide ban on trains or trucks. I don't believe people would support such a ban either.

Just because the Nazis used something doesn't mean its evil.

Sigh (1)

setrops (101212) | more than 6 years ago | (#21082881)

Yea look at the P2P software but what ever you do, don;t look ay go2mypc or google desktop. No those are far safer.

ok, it is surely a problem, but why the USPTO? (1)

someone1234 (830754) | more than 6 years ago | (#21082921)

Please enlighten me, why is this a concern of the patent office?
They should rather care about fixing their patent approval process.

How you use the data... (1)

Chapter80 (926879) | more than 6 years ago | (#21083363)

Interesting that this is a USPTO issue (Patent Office).

I think more frightening is how one can use the data, once it's "discovered" on a P2P network.

Imagine if there were a company with a collection of what people are searching for, generally, plus patent-specific searches. [google.com] And imagine that company, while professing that they will do no evil, notices that there's a whole lot of patent searches coming from a certain domain or IP-address (say a competitor like Microsoft) for some technology key words.

What a great tip-off to search the P2P networks (and the web) for hints which are actually shared.

Will somebody please (1)

Rob T Firefly (844560) | more than 6 years ago | (#21083831)

think of the children^H^H^H child-like civil servants?

On a slightly related and marginally entertaining note, in 2002 I lashed together an experimental poem made up of nothing but bits of personal data people were sharing over Kazaa. It's still available near the bottom of this lovable old zine issue. [phonelosers.net]

ARGH. (1)

glindsey (73730) | more than 6 years ago | (#21083939)

That does it. Let's outlaw conversation. Seriously. It's basically the original "peer to peer" method of communication, right?

From now on, nobody is allowed to communicate with anybody except for specially designated "servers". These "servers" must relay all messages from one person to another, vetting the communication to make sure there is nothing illegal, immoral, obscene, libelous, traitorous, unpatriotic, or just plain questionable about it.

It's for our own safety, dammit.

Just another angle... (1)

moxley (895517) | more than 6 years ago | (#21084313)

So there's a small minority of users on P2P searching for financial information (private or otherwise). How does this make P2P any different from Google or the rest of the internet?

I am suspicious of this; it seems to me like part of the this ongoing decentralized campaign: "The Internet is a DANGEROUS place." (Dangerous for children; dangerous for you and your banking/personal information, dangerous to the entertainment conglomerates)..
I have seen over the past few years; which has especially intensified lately. I suspect that the goal (and what the government really wants) is for anonymity online to be a thing of the past. They probably want people to have a virtual ID card...I think that thi would destroy a large part of what makes the net great if this is the case.

There are always going to be to people trying to get information that isn't theirs online. The best way for this to be dealt with is for people to learn the basics of protecting their personal information, and if the government is going to do anything (in a regulatory sense) it should be making it easier for people to protect their personal information.

Let's solve the REAL problem (1)

octaene (171858) | more than 6 years ago | (#21084365)

The problem here isn't that dumb Government users running their computers as Administrator/root have installed P2P software and indexed their entire unencrypted disks for searching.

The problem is that the Government can't get their shit together enough to enforce a security policy that won't let those users do this kind of thing.

Tech Support for a day (2, Interesting)

rambag (961763) | more than 6 years ago | (#21085007)

About two years ago a story came on the local news saying if you do a search in a program like Morpheus for w-4 that peoples taxes returns popped right up to download. Sure enough I tried it and it works. I felt so bad that I used the address on the form called the guy told him what I did and how I did it and that it was on the news for all to see. I then had to play tech support rep to step by step teach this guy how to change his settings so it no longer shared his My Documents folder. Just before I hung up I also told him to call one of the 3 credit agencies and flag his account for fraud. Somehow even after all that I still have bad karma on here.

If P2P is illegal. . . (1)

krunk7 (748055) | more than 6 years ago | (#21085079)

This is the old cart and horse problem their going after and should serve as some heavy food for thought for any of those that don't understand the importance of privacy and fall back onto the "if you don't have anything to hide" tripe.

If P2P is illegal, only criminals will use P2P. The line between criminal and law abiding citizen is only a congress away.

I think a little Thoreaux quote is rather apropos:

"Under a government which imprisons any unjustly, he true place for a just man is also a prison."
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...