Congress puts the head of LimeWire back in the hot seat
During Congressional hearings back in July 2007, legislators were astounded by high-profile testimony from former NATO Supreme Commander Gen. Wesley Clark, revealing that federal employees who had installed the P2P software LimeWire on their computers inadvertently shared classified government materials with other LimeWire users, in many cases without those users even requesting the material.
But sidestepping the entire question of why P2P file-sharing software was installed on government computers in the first place, Rep. Darrell Issa (R - Calif.), the ranking member of the House Oversight and Government Reform Committee, quizzed Lime Group Chairman Mark Gorton about his personal responsibility for the security breaches. Calling him the "elephant in the room," Rep. Issa asked, "Are you prepared here today to say you're going to make significant changes in the software to help prevent this in the future?" Gorton responded, "Absolutely, and we have some in the works right now."
In light of reports since last July, some on local TV newscasts, about newly alleged security breaches believed to involve P2P software, Issa and Rep. Edolphus Towns (D - N.Y.), who now chairs the Committee, sent Gorton a questionnaire on Monday (PDF available here) asking whether LimeWire was involved in these latest incidents, and if so, when and why.
"It appears that nearly two years after your commitment to make significant changes in the software, LimeWire and other P2P providers have not taken adequate steps to address this critical problem," the Congressmen wrote. "A recent string of press reports indicates the continued availability of highly sensitive private and government information on P2P networks like LimeWire."
A check of the LimeWire changelog lists literally dozens of feature improvements and version updates for the open source P2P software since the July 2007 hearings. Last January, the team's first betas for version 5.0 began public distribution, with features that appear to improve the user interface and change the way users are shown how to manage shared folders. Version 5.1 entered beta just last month. Many of the improvements listed here could be said to address the original problem that Gen. Clark noted in his testimony: that users who didn't know what they were doing could share sensitive government files with people who didn't know they were being shared with them.
But the security breaches Reps. Towns and Issa listed center around intentional malicious use, which any number of improvements to LimeWire may not be able to fix. Nevertheless, the Congressmen pre-empted any possible response from Gorton, by sending letters to the Chairman of the Federal Trade Commission (PDF available here) and the Attorney-General (PDF available here) on the very same day, citing the same news reports and advising him that the Committee is formally reopening its investigation into LimeWire's activities.
As an aside, however, the Congressmen did think to ask the FTC Chairman, "What has the FTC done to minimize the risk of inadvertent P2P file sharing?" just in case it may have made some progress there also.