Gen. Clark: Sensitive Gov't. Documents Exposed by LimeWire

If you were in the business of producing P2P file sharing software, perhaps the least comfortable place in the world to be situated - outside of the Green Zone - would be the Committee hearing room. LimeWire Chairman Mark Gorton looked visibly flustered, though he diligently defended his product and his company, opening his testimony by listing the various safeguards and warnings LimeWire gives its users regarding securing files they don't want shared.

"At LimeWire we continue to be frustrated that despite our warnings and precautions," Gorton remarked, "a small fraction of users override the safe default setting that come with the program and end up inadvertently publishing information that they would prefer to keep private. However, despite all the work that we have done, inadvertent file sharing continues to be a problem, so LimeWire is working on a new generation of user interfaces and tools designed with neophyte users in mind. These interfaces will make it even easier for users to see which files they are sharing and to intuitively understand the controls that are available to them."

None of that defense swayed Rep. Darrell Issa (R - Calif.) from taking the opportunity to shift the entire burden of Gen. Clark's revelations onto one person. "There's an elephant in the room, and I figure we've all missed him," were Rep. Issa's words to introduce Gorton.

"Last year, we held hearing on steroids," Issa continued, "and we put Major League Baseball players where you all [witnesses] are...At the end of it all, professional baseball banned steroids, and made it very harsh to use them. We're here today talking about the defaults on your software -- essentially, just hit Enter, Enter, Enter -- making all these things happen, or be able to happen. Do you feel any obligation today that you should change your defaults to 'secure, secure, secure' as a result of what you're hearing here today?"

No more loaded a question may ever have emerged from that podium. Nonetheless, Gorton responded, "I think right now, the defaults are secure. So if you just go hit Enter, Enter, Enter using LimeWire, you don't share any files, and there's no information that would be on your computer that would be made public to anybody. Now, I think what you have here is a situation where people override the safe defaults, and end up disclosing things that they didn't mean to disclose. And clearly that happens more than it should, and I honestly had no idea there was the amount of classified information out there, or that there were people who were actively looking for that, and looking for credit card information."

"Well, now that you're aware of it," Rep. Issa interrupted, "are you prepared here today to say you're going to make significant changes in the software to help prevent this in the future?"

"Absolutely, and we have some in the works right now," responded Gorton. "It seems like, as far as I can see, there are two big categories of things that we can do: One of them addresses how people share directories and folders. I think probably a lot of the information that gets out there now is because people accidentally share directories that they wouldn't mean to share. We have warnings in the program that currently warn people when they try and share directories that they shouldn't be sharing. However, clearly those warnings are not enough."

Issa then asked Gorton if he would be surprised if LimeWire were sued by users who discovered their private files were pilfered, and if in at least a few hundred thousand venues nationwide, such cases may be substantial enough not to warrant dismissal.

"LimeWire...has...always...tried to make the program clear and easy to understand for users," Gorton carefully uttered, without virtue of a lawyer to help him weigh his remarks. "I think it works for the vast majority of users. There clearly are a minority who make mistakes using the program, and those mistakes can have consequences more serious than I ever imagined. So we want to work to fix that."