Committee: P2P a National Security Threat

Lawmakers labeled peer-to-peer (P2P) file sharing a "national security threat" yesterday, after hearing evidence of classified government information being inadvertently shared over P2P networks.

At a hearing on inadvertent file sharing yesterday, members of the House Oversight Committee heard testimony from experts regarding the proliferation of personal, corporate, and sensitive government documents that are available on P2P file sharing networks such as LimeWire LLC , Kazaa , or eDonkey.

Committee chairman Henry Waxman (D-Calif.) said, "The purpose of this hearing is not to shut down P2P networks or bash P2P technology. P2P networks have the potential to deliver innovative and lawful applications that will enhance business and academic endeavors, reduce transaction costs, and increase available bandwidth across the country."

However, Waxman said, "We must achieve a balance that protects sensitive government, personal, and corporate information and copyright laws."

This was the second hearing on P2P file sharing by the committee, which had last explored the topic in 2003. During the earlier hearing, the committee focused on the availability of child pornography and personal privacy and security risks associated with P2P networks.

But yesterday's hearing had a strong national security bent. Armed with material gathered by enterprise security firm Tiversa Inc. , General Wesley Clark cited more than 200 classified documents found on P2P networks in just a few hours.

In his statement, Clark said the issue was "critical to our national security and to the safety and privacy of our citizens."

Clark mentioned one example where a government contractor had disclosed more than 500 files that could be used to access the Pentagon's computer system. These files included the entire Pentagon secret backbone network infrastructure, including server and IP addresses; password change scripts for Pentagon network servers; and secure socket layer instructions and certificates allowing access to the disclosing contractor's IT systems.

Mark Gorton, CEO of Lime Wire, represented the P2P industry and drew most of the committee's ire. Rep. Jim Cooper (D-Tenn.) said Gorton was "one of the most naïve chairman or CEOs I've ever run across" and accused him of "making the laptop a dangerous weapon against the security of the United States."

While Gorton said that Lime Wire was working on "a new generation of user interfaces and tools designed with neophyte users in mind," he also urged for regulation and enforcement through regulation of ISPs.

In his opening statement, Gorton cited the example of universities that enforce their own networks. "ISPs are a unique point of control for every computer on the Internet. Universities frequently function as their own ISPs, and a handful of universities have implemented notice-based warning systems that result in the disconnection of users engaged in illegal behavior who ignore multiple warnings."

Gorton suggested that similar policies "could be mandated for all ISPs in the United States," adding that "these policies are unpopular with the telecom and cable companies, who would prefer not have an enforcement relationship with their paying customers."

But Tiversa CEO Robert Boback said enforcement at the ISP level was not practical due to the amount of traffic passing through ISP networks. "Putting a hardware device in the network would create a choke point" and slow down transfers, he said.

— Ryan Lawler, Reporter, Light Reading

acadad 12/5/2012 | 3:04:59 PM
re: Committee: P2P a National Security Threat rather than blaming the P2P vendor? Why is Limewire responsible for National Security? If the computers with these files are not controlled well enough to either stop P2P from being installed OR to restrict those files that can be accessed/shared, then the problem seems to be with the IT and network secrutity folks in charge.

Limewire is a tool. Why blame a hammer for hitting the wrong nail?
Pete Baldwin 12/5/2012 | 3:04:59 PM
re: Committee: P2P a National Security Threat Exactly. It's more likely that the problem comes from people using their laptops for unauthorized P2P downloading. Companies are able to forbid things like that; it's not rocket science.

Sign In