Congressmen Towns & Issa Blame LimeWire for Government Security Breaches

by on April 22, 2009 · 13 comments

Pentagon HackedGovernment officials have an uncanny knack for deflecting blame they deserve onto others.  The latest group on the receiving end of this blame game is The Lime Group, creators of the popular file-sharing service LimeWire.  Rather than the government taking responsibility for its own utter incompetence in managing its network security and internal IT protocols, it’s found a convenient scapegoat.

Salon.com reports today that the House Committee on Oversight and Government Reform is reopening its investigation of services like LimeWere that allow consumers to distribute files online.  Committee chairman Edolphus Towns (D-NY) and ranking Republican Darrell E. Issa have explained their renewed interest in LimeWire and other peer-to-peer (P2P) services, as Salon explains:

They cited press reports this year and last year of computer users making available the blueprints and avionics for Marine One, the president’s helicopter; more than 150,000 tax returns; 25,800 student loan applications; 626,000 credit reports and tens of thousands of medical files with names, addresses and Social Security numbers for patients with AIDS, cancer and mental illnesses.

Congressmen Towns and Issa don’t seem to realize that LimeWire is just one of hundreds of applications that allow end-users to share files with each other.  To say that we should investigate these software applications for working as they were designed just plain misses the point.

The Pentagon’s leak of Marine One plans was entirely preventable had the proper limitations been placed on individual users machines—in this case a private contractor—something a high-school student working as an IT admin could easily do.  Rather than looking at LimeWire as a place to lay blame, Congress should be asking for a full-scale investigation into the DoD and other agency IT managers, as they’re the dolts who allowed LimeWire to be installed on machines laden with sensitive data.  This sort of policing and investigation into government incompetence is what the Oversight and Government Reform Committee is supposed to do.

But instead, we’re left with the same tired playbook.  The letter sent to The Lime Group, asking for information about these kinds of breaches, was also sent to the Justice Department and the  Federal Trade Commission, presumably because these two agencies will be charged with investigating The Lime Group for LimeWire’s role in these breaches.

If the DoJ or the FTC chase this red herring far enough, they’ll likely place restrictions on file sharing programs—like mandating default settings about what files are shared—but this will do nothing to solve the very serious problems in the Pentagon and other agencies and will simply amount to another useless mandate.

Any mandate would be especially useless considering LimeWire has already made significant changes to their software as a reaction to Congress’s threats.  LimeWire 5.0, by default, does not share spreadsheets or word-processing documents and doesn’t share any file or directory without explicit user permission.

Still, Towns and Issa say The Lime Group hasn’t done enough.  As they say in their letter, “It appears that nearly two years after your commitment to make significant changes in the software, LimeWire and other P2P (peer-to-peer) providers have not taken adequate steps to address this critical problem.”

Not true Congressmen.  You have not done enough to address the real problem.

Congress can go after every P2P company in the world one by one and it wouldn’t do anything to correct the real problem.  The federal government needs to clean its own house and bring its security policies into the 21st century before it attacks companies that are making perfectly legal software.

Previous post:

Next post: