Thursday, October 29, 2009

House Ethics Committee staffer used peer-to-peer software; 'shared' confidential document

The Washington Post just published a great scoop, getting its hands on a confidential internal memo compiled by the House Committee on Standards of Official Conduct (aka the Ethics Committee) that summarizes ongoing investigations into possible wrongdoing by 30 members and several staffers. And how did such a highly sensitive document become public? According to a statement released by the committee's chairwoman and ranking member:

Neither the Standards Committee's nor the House's information systems have been breached in any way. Our initial review suggests that this unlawful access to confidential information involved the use of peer-to-peer file sharing software on the personal computer of a junior staffer, who is no longer employed by the Committee, while working from home.

You heard that right: a staffer on the Ethics Committee was using "peer-to-peer file sharing software" at home. Of course, I'm sure this highly ethical staffer was simply "sharing" the King James Bible, the works of Shakespeare, and The Odyssey...

And can anyone explain why this staffer had placed the confidential work memo in his or her "shared" folder, where it was exposed to the world?

Update: Some background on inadvertent "sharing" via p2p from Tom Sydnor of the Progress & Freedom Foundation and Patrick Ross of the Copyright Alliance.

Posted by Ben Sheffner at 6:37 PM

Labels: copyright, politics

14 comments:

Some of these P2P systems share the whole machine by default.
http://www.theregister.co.uk/2009/07/30/house_committee_oversight_government_reform_p2p_security_hearing/

October 30, 2009 4:20 AM

Ditto overton. All kinds of private information and media files are shared over p2p unknowingly.

October 30, 2009 8:14 AM

Another P2P canard.

Really, Ben, if someone is stupid enough to leave their house or car unlocked, should we outlaw houses and cars?

You may as well outlaw stupidity itself. That would surely solve the a lot of problems in this world, right? ;-)

October 30, 2009 8:47 AM

Wow...that's a doozy.

October 30, 2009 3:36 PM

Ben I think your implied attack on the use of peer to peer technology being potentially unethical is completely unjustified. In fact the technology has many legitimate uses. Just look at Skype for example, a fine example of P2P.

Do you support technological freedom to innovate using P2P or not?

The actions of the staffer cannot be excused however, it is merely a case of a security breach which is all too commonplace in both government and the private sector.

October 30, 2009 7:13 PM

Thank goodness this was a pretty harmless leak unlike the leaks by US Antartica Program employees which resulting in the US banning those employees from using P2P. The USAP employees shared "data of the Obama presidential safe houses, the first family's motorcade routes and several leaked documents that contained detailed locations of all the US nuclear facilities."

@Anonymous
Do you really think this staffer was using the P2P for solely legal sharing? The strong odds are that the staffer was using it to download copyrighted media. Until most people use P2P for solely legal means, I think it's completely "justified" to assume it was for nefarious purposes.

Copyright in the Internet Age

October 30, 2009 10:23 PM

Do we even know yet if the computer is a shared computer or controlled strictly by the staffer?

Without such knowledge, it seems premature to make the broad assumptions articulated in Ben's post.

October 30, 2009 11:08 PM

The Washington Post's reporting makes clear that the staffer was indeed responsible:

http://www.washingtonpost.com/wp-dyn/content/article/2009/10/30/AR2009103003749.html?hpid=topnews

"The staff member was fired this week. She told committee leaders she had saved a copy of the investigation summary to her personal computer without realizing it, a congressional source said, speaking on the condition of anonymity because of the sensitivity of the matter. The file was stored in a part of her computer files where peer-to-peer file-sharing software could operate, but she told the leaders that she did not realize that it was actively running."

October 30, 2009 11:12 PM

"In fact the technology has many legitimate uses. "

The inconceivable amount of copyright infringement aside, what exactly would those uses be? Skype, WoW patches, and linux isos? I'd venture a guess that a miniscule percentage of P2P traffic qualifies as legitimate.

October 30, 2009 11:25 PM

"Some of these P2P systems share the whole machine by default"
No overton, no P2P application shares the root folder by default. I have some basic knowledge of Shareaza, LimeWire, Ares Galaxy, eMule, FrostWire and gtk-gnutella, and none of these applications does this. In fact many implement additional security features which prevent users from inadvertently sharing sensitive folders or file types. Feel free to prove me wrong by giving a simple P2P servent example that shares the root folder by default.

As for Sydnor (the behavior of this guy was already discussed here before), the URL you provided is crystal clear. He modified default permissions of a previous version of LimeWire, uninstalled it, then installed version 5 which is very restrictive about the files one can share by default, and since that version kept relying on the config file of the previous version (which is the normal thing to do) he pretended that LW was dangerous. Some may call this a lie from a paid attack dog, others tend to call it "legitimate, ethical" lobbying.

So talking about ethics, I think the choice is easy to make between the guy who shared files and some lobbyists. Besides I upload over one or two gigabytes per day (and I limit my upload bandwidth, otherwise it could well be much more than that), and only legal stuff, so indeed, P2P has purely legal uses. Finally, illegal doesn't necessarily mean unethical, but hey, this comment is already too long...

October 31, 2009 5:21 AM

Sometimes it's just easier to share the "C drive". You know how it is. -eyes rolled skyward-

October 31, 2009 11:28 AM

Trouble starts with T, and that rhymes with P, and that stands for P2P, right? That we allow articles like this to be framed as a debate on the evils of IP theft is as unsurprising as it is offensive. Some kid was sloppy and breached security; that's it. He could as easily have left his jump drive at a McDonald's.

American and Brit culture both exalt feigned super-morality and hyperbolic lobbying as "the way the world works." If something isn't profitable, it's okay to claim it's dangerous, or at least useless. Articles like this are perfect opportunities to take back rational debate from those who seek to control IP for profit. "Taking the high road" is nice, but sometimes we need to use their tools to get their attention. I promise you won't go to hell for the judicious use of condescension and derision. =)

But since we're on the topic, I like that the world offers checks on evil profit overlords. P2P:RIAA as bankruptcy:creditors, baby!

October 31, 2009 12:13 PM

I thought overton was being cynical.

October 31, 2009 12:19 PM

You're all missing the point.

The fact that P2P software was involved in this breach is completely irrelevant, and is only being brought up to spark interest in yet another stupid incident involving an intern, which would otherwise not be interesting at all. Its a consipracy by interns to become more important. You should protest by not ever mentioning this incident again. Also, you could just walk up to an intern at your office, and punch him in the face.