November 9, 2009
Volume XXVIII, Issue 7
BitTorrent Heralds New Age of Uncongested File Sharing
Excerpted from Download Squad Report by Sebastian Anthony
You probably know what BitTorrent is: it's the technology that powers a great many of the peer-to-peer (P2P) file-sharing tools currently in existence. Whether for multimedia file downloads, or for grabbing the latest distribution of Ubuntu, BitTorrent comes to our swift rescue on its mighty steed of share-and-share-alike virtuosity.
What you probably didn't know is that BitTorrent Inc., the company created by the technology's inventor Bram Cohen, spends considerable time extolling the virtues of its technology and campaigning all over the world for the relaxing of traffic restrictions by Internet service providers (ISPs).
The thing is, while BitTorrent really, really rocks for its users, it tends to clog networks and therefore costs ISPs - such as Verizon or Comcast - more than "normal" Internet usage.
But it's this disparity between what the ISPs consider to be "normal" Internet usage and what we the users consider "normal" that has driven the development of "BitTorrent 2.0" or uTP. BitTorrent firmly believes that P2P should be part of our every-day Internet lives.
It is our right to download and distribute files via BitTorrent. And if ISPs insist on limitations and traffic-shaping the bandwidth that we use, then BitTorrent is going to develop a new protocol that meets them at least half way.
uTP now automatically limits its own bandwidth use when it detects congestion on the network - uTP limits itself so that the ISP doesn't have to.
Genius, pure, simple genius. It's already being tested by thousands of users of the new version of uTorrent 2.0 - which you should probably download now!
QTRAX Announces Groundbreaking Partnership with Baidu
QTRAX announced this week that Baidu, China's leading Internet search engine, has agreed to direct music-related textual search inquiries from its Entertainment Portal and Qian Qian Music Online sites to QTRAX's independent, free-and-legal P2P music download service, wherever QTRAX has the queried artist or song in its catalog.
Baidu, which dwarfs Google's search-engine market-share in China, confirmed that it will initially link to QTRAX for "text-based information such as singer backgrounds."
Allan Klepfisz, President & CEO of QTRAX, commented, "We are very pleased with Baidu's decision. As the dominant search engine in China, Baidu will provide us with substantial traffic from its music and entertainment portals. We, in turn, will provide the visitors Baidu sends to our independent free-and-legal site, a superior music discovery and download experience."
"In the coming weeks, we will progressively launch in each of nine Asia-Pacific countries and begin to divert and monetize traffic - for the benefit of artists and copyright holders - that previously found its way to non-licensed sites. We believe our offering, including information about the artists, is vastly superior to unauthorized sites."
Jay Berman, Co-Chairman of the QTRAX Advisory Board and former Chairman of both the RIAA and IFPI, observed, "As someone involved in fighting music piracy in China for more than 20 years, I believe this represents an important first step. It is a very positive development in the longstanding fight against online music infringement in China."
Report from CEO Marty Lafferty
 The DCIA proudly announces our agenda and principal speakers for the upcoming P2P MEDIA SUMMIT at CES.
This third annual DCIA "Conference within CES" is scheduled for Wednesday January 6th in Las Vegas, NV in conjunction with the 2010 CES International trade show. The DCIA is an allied association of the Consumer Electronics Association (CEA).
DCIA Members now offer a panoply of solutions to help content delivery networks (CDNs), network operators, client applications, content providers, consumer electronics manufacturers, and other participants in the rapidly emerging P2P & cloud computing channel distribute material at astonishingly low costs and with astoundingly high quality of service (QoS) and security.
We are very pleased that our keynotes now include Jim Kott, Co-President, Abacast; Mitchell Edwards, CFO & General Counsel, BitTorrent; Christopher Hennebery, Director of Software Distribution, Yummy Interactive; Robert Levitan, CEO, Pando Networks; Scott Tilghman and Daniel Ernst, Principals, Hudson Square Research; Joe Porus and Milt Ellis, Vice Presidents, Harris Interactive; Sean Varah, CEO, Motion DSP; George Searle, CEO, LimeWire; Jin Li, Principal Researcher, Microsoft; Gilad Peleg, VP of Marketing & Business Development, Oversi; and Hemanshu Nigam, Chief Security Officer (CSO), MySpace.
P2P MEDIA SUMMIT at CES early registration rates, which save attendees up to $300, end December 1st.
The day-long Wednesday January 6, 2010 conference features keynotes from top P2P, peer-assisted, cloud computing, and social networking software distributors, panels of industry leaders, and valuable workshops. There will be a continental breakfast, conference luncheon, and VIP networking cocktail reception.
Policy Track panelists will include Derek Broes, Former SVP, Digital Entertainment, Paramount Pictures; Jim Burger, Partner, Dow Lohnes; Russell Frackman, Partner, Mitchell Silberberg & Knupp; David Johnson, Of Counsel, Jeffer, Mangels, Butler & Marmaro; Travis Kalanick, Founder, RedSwoosh; Steven Masur, Managing Partner, MasurLaw; Jon Potter, Executive Director, Digital Media Association (DiMA); and Eddie Schwartz, President, Songwriters Association of Canada (SAC).
Technology Track panelists will include Jonathan Anderson, CEO & Founder, Selfbank Mobile; Nathan Good, Chief Scientist, Good Research; David Hassoun, Founder, RealEyes Media; Norman Henderson, VP of Business Development, Asankya; Lawrence Low, VP of Product Management and Strategy, BayTSP; Doug Pasko, PMTS, Verizon Communications; Stuart Rosove, VP, Media & Entertainment, Digimarc; and Jonathan Zuck, President, Association for Competitive Technology (ACT).
Marketing Track panelists will include Frank Bernhard, Managing Principal, OMNI Consulting; Ted Cohen, Managing Partner, TAG Strategic; Stephen Condon, Director, Market Development, AT&T Digital Media Services; Devon Ferreira, Founder & CEO, SocialNotions; Murray Galbraith, President, Cavalier Digital Media Services and Gameboyz; Colin Sebastian, Senior Vice President, Lazard Capital Markets; and Seth Shapiro, Principal, New Amsterdam Media.
Content Distribution panelists will include Melike Amjarv, Independent Producer; Ethan Applen, Director, Technology & Business Strategy, Warner Bros.; Richard Conlon, VP, New Media & Strategic Development, Broadcast Music, Inc (BMI); Max Davis, Director, DataRevenue.org; Mark Friedlander, National Director, New Media, Screen Actors Guild (SAG); Larry Kenswil, Of Counsel, Loeb & Loeb; and Nicholas Longano, Founder & CEO, Music Mogul.
Solutions Development panelists will include Dan Coffing, Founder & CEO, Mingle360; Bob DeAnna, CTO, Recursion Software; Ian Donahue, President, RedThorne Media; Vincent Hsieh, CEO, Aleric; Ed Pimentel, Owner, Gluegle; Neerav Shah, VP, Business Development, Verimatrix; and Barry Tishgart, VP, Internet Services, Comcast.
Consumer Protection panelists will include Robert Boback, CEO, Tiversa; Hal Bringman, Founder & President, NVPR; Tom Chernaik, Principal, DigComm; Gary Greenstein, Of Counsel, Wilson Sonsini Goodrich & Rosati; Robert Hunter, Digital Rights Consultant, Entertainment Consumers Association (ECA); Arthur Pober, American Associate, European Advertising Standards Alliance (EASA); and Chris Ullrich, Writer / Producer, The Flickcast.
Registration can be done online here or by calling 410-476-7965. For sponsor packages and speaker information, please contact Karen Kaplowitz, DCIA Member Services, at 888-890-4240. Share wisely, and take care.
eBay Clears Way for Skype Change of Ownership
Excerpted from TechCrunch Report
eBay has reached a settlement with the founders of Skype, clearing the way for the sale of the Internet communication company to a consortium formed by private equity firm Silver Lake Partners, Andreessen Horowitz, and the Canada Pension Plan Investment Board. Index Ventures, a historical investor in Skype, is not going to be part of the buying party, and its partner Mike Volpi is out of the picture.
Marc Andreessen, Partner of Andreessen Horowitz, tells us, "Everything is settled - all lawsuits, all IP. The Joltid IP is now owned by Skype. The company is free-and-clear to execute to its full potential."
The original Skype founders, Niklas Zennstrom and Janus Friis, are now back in the game. The Scandinavian businessmen are getting 14% of Skype back for rights to the Global Index P2P technology their company Joltid controls, which is key to the Skype software.
In addition, Friis and Zennstrom gain representation on the board of the new entity. The two men are also putting in a "significant amount of capital" of their own in exchange for the stake in the new company, presumably through their Atomico Ventures fund.
Andreessen says that Skype is one of the most important companies on the Internet.
GigaOM first reported that a settlement might have been in the works earlier this month, a report that was later echoed by the NY Times. Thus ends the legal kerfuffle surrounding eBay's sale of Skype, which it acquired in September 2005 for $2.6 billion.
The newly structured buyout group is now on track to buy approximately 56% of Skype, with eBay continuing to own 30% and the original founders 14%, in a deal valuing Skype at $2.75 billion.
eBay is expected to receive approximately $1.9 billion in cash upon the completion of the sale and a note from the buyer in the principal amount of $125 million. The deal is still expected to close in the fourth quarter of 2009.
Unisys Introducing Software for Private Clouds
Excerpted from PC World Report by John Ribeiro
Unisys is preparing to provide software and services that will enable organizations to deploy and run their own internal private clouds, as part of its strategy to offer customers a variety of cloud-computing options.
"The private cloud offering addresses the requirement of organizations that prefer a private cloud for mission-critical applications that use sensitive data, so they can retain greater control over their own and their customers' information," Rich Marcello, President for Consulting and Integration Solutions at Unisys Technology, said.
In a poll of customers conducted in June by the company, 72% said security was their biggest concern about moving workloads to the cloud. Although there is no technical reason for this, some customers are still not convinced that an external cloud is reliable or robust, and are likely to move in stages, Marcello said.
The new Unisys Secure Private Cloud Solution, which will be available starting next month, follows the company's introduction earlier this year of technology and services for a managed cloud service on shared IT infrastructure that is hosted by Unisys. The company also plans to launch next year a hybrid cloud that combines private and public cloud capabilities.
Customers will be able to run many of their applications unchanged in a private cloud, and Unisys is also offering these companies services to help move their workload into the cloud, Marcello said. Customers can also use their own hardware, or buy hardware from Unisys, he added.
Organizations of any size can set up their private clouds with an up-front investment of $50,000 for the management server, software, and services, Marcello said. The software will include provisioning, virtualization, and management software that provides for features such as a self-service portal, he added. Ongoing maintenance will involve extra fees for hardware and software support and updates.
Unisys' Stealth technology, that cloaks data through multiple levels of authentication, encryption, and bit-splitting into multiple packets, is also available for private clouds though at an extra price, Marcello said. He did not however expect customers to deploy Stealth on private clouds, as they would have their own firewalls and other security mechanisms in place. Stealth is a key component of Unisys' managed cloud service.
Unisys has also announced that its managed cloud service will support new platforms including Microsoft's .Net, IBM Websphere, and Oracle software platforms beginning this month, so that customers can move their applications that were developed on these software stacks unchanged to the cloud. When the service was launched earlier this year it supported only Java, Marcello said.
The company has also added disaster recovery as a service for customers of its managed Secure Cloud Solution. This new service provides business continuity and disaster recovery services on a subscription basis, it added.
Cloud Computing Threatens Operating-System Business Models
Excerpted from EDL Consulting Report
The advance of cloud computing marks the end of an era for Microsoft, according to one technology website.
TechCentral wrote in a recent article that cloud computing threatens Microsoft's business model because it gives consumers access to free, instantly upgradable software over the web.
Instead of paying Microsoft for new operating systems like Windows 7 every few years, consumers can just use web-based tools like Google Apps.
"The more people turn to the web for their productivity tools, the less they come to rely on the operating system - and the easier it becomes for them to switch platforms," the website noted.
TechCentral predicted that Windows 7 would sell well in the short term, but wrote that there may be no Windows 8 if Microsoft decides to deliver online upgrades incrementally through the Windows Upgrade service.
Windows 7, the follow-up to the Windows Vista operating system, was released on October 22nd. The new operating system is more incremental than its predecessor, and focuses more on improving stability and speed than introducing new features.
New LimeWire 5 Software Review
Excerpted from Adiwebs Report
LimeWire is a P2P file-sharing software app for all types of files, including MP3, video, images, games, and others. Some of the cool features of LimeWire are dynamic querying, file previews while the file is being downloaded, advanced search for downloading rare files, and a clean, easy-to-use interface.
LimeWire comes with a new spam blocker that blocks fake results and files. The software also features automatic updates that will ensure that the users are always using the latest and greatest version. Using LimeWire you can also search for Creative Commons and Weedshare licensed files, and publish your own creative works under the Creative Commons licensing. LimeWire contains no adware or spyware or other malware. Additionally, it also comes with BitTorrent support.
LimeWire started as a post-Napster clone and has now become the quintessential Gnutella client. Today, LimeWire is considered by many as the highest-profile P2P application. Version 5 of LimeWire re-envisions for a Web 2.0 world, with more emphasis on sharing with friends, Web 2.0 style buttons, and a better and cleaner user interface.
LimeWire 5 comes with a redesigned interface, which comes with two search bars and sidebars. The uppermost search bar is the global search that scans the entire network, while the secondary one on the right searches your library. The sidebars are similar in a way. Both are located on the left side, with the outer one providing three choices: your library, the global P2P network, and your friends.
Clicking on "My Library" and your inner sidebar displays your collection of music, movies, and documents. The "P2P Network" option displays the files you are uploading and downloading, while the "Friends" option allows you to share your library specifically with your Google/Jabber contacts, which can be imported into the software. Search results are presented in both the new Web 2.0-style that surfaces just the most relevant information, with an "Information" button to dive deeper or the "classic" spreadsheet view.
The "Advanced Tools" feature is also new, which lets power users drill down and get highly specific information about who they're connected to, similar to what's available from torrent clients. This data includes IP addresses, bandwidth, the program being used and its version.
The new features and overall functionality make this by far the most mature version of LimeWire to date. Despite the typical performance flaws found in all file-sharing clients, this latest version continues to offer solid performance and good looks across the board.
PeerBlock Helps Consumers Surf the Web Safely
Excerpted from Washington Post Report by Ian Harac
Take your system off the grid - as far as the bad guys are concerned - with the free utility PeerBlock.
They're lurking out there - sleazy spyware companies, unscrupulous advertisers, and people you just don't want looking at what your computer is doing. PeerBlock, an open-source program, offers part of a solution - low level blocking of packets coming from, or going to, a long list of hosts.
While any decent firewall program will let you block hosts one-by-one, PeerBlock does a huge amount of the work for you, by providing several frequently-updated lists of host addresses. These are divided into spyware, advertising, education, and P2P.
The "Education" list is primarily aimed at those using college networks, who do not want their college monitoring their activity.
The "P2P" list is a collection of media companies, who regularly scan people on file-sharing networks to find out who is allegedly infringing movies and music.
While there are often legitimate reasons to want to have such protection, it should be noted that PeerBlock freely admits it doesn't provide total security - and if you are violating your college's or ISP's terms of Internet usage, or engaging in unauthorized activity, this program (or any similar tool) is not going to keep you safe.
Getting the most out of PeerBlock requires a little bit of technical savvy. Simply letting it run with everything cranked to the max caused me to have quite a few problems with websites; many downloads hung due to being unable to talk to multiple advertisers on a site. There is a convenient option to allow any communication on the HTTP ports through, however.
Depending on how your computer connects to the Internet and the settings of your firewall and ISP, you may need to tweak some things. Fortunately, PeerBlock has a clean and easy-to-understand interface, as well as a public forum.
It is easy to add new blocklists, or to unblock a particular range of addresses for a short period, or forever.
How much use PeerBlock is to you depends on your security needs. It is a useful first line-of-defense against sharing information with people you don't want to share information with, but it's not absolute, and the size and scope of the lists could cause some surprises or odd behavior, especially if you forget that it's running.
I would consider it generally worth trying, if only for the experience of seeing just how many sites are trying to talk to your computer during an average browsing session.
Number of Open File-Sharing Sites Up 300%
Excerpted from ZeroPaid Report
McAfee, the world's largest dedicated security technology company, just published its third quarter Threats Report, which claims the "Internet seas are awash with infringing content after The Pirate Bay (TPB) shutdown."
"Our researchers noticed 300% growth this quarter in websites that distribute unlicensed movies and software," reads the report. "Is this increase due to the economic downturn, or is technology at a point where it is easier to download feature-length movies on the day they become available in theaters?"
I'd have to say a little of both. The magic of BitTorrent and a decent broadband connection can deliver a 700MB XVID movie to your desktop in less than twenty minutes. It also doesn't help that ticket prices are well above ten dollars these days. Put the two together and you have a situation where people will go to the theater only when a movie is well worth the cost.
McAfee reports that the number of new file-sharing sites hosting unlicensed copyrighted material has skyrocketed over the last three months, in particular since a Swedish judge ordered ISP Black Internet to cut-off bandwidth service to BitTorrent tracker site TPB until it exhausts the remaining appeals of its conviction for copyright infringement (it suffered a mere 3 hours of partial downtime and found a new ISP).
The report continues: "In the days prior to the shutdown, anonymizers indexed and relayed the data to users who might be blocked. Open-source code was available to anyone who wanted to help with redistribution of the torrents."
"This was a true 'cloud-computing' effort, as the masses stepped up to make this database of torrents available to others. This poses certain vital questions regarding risk - as the TPB database of about two million torrents is freely redistributed across the web."
"What is being done to ensure the security and safety of the torrents that are available? How easy will it be to employ SEO to move a mirrored site with rogue torrents to the top of the results list?"
It notes that what happened with TPB proves just how difficult it is to remove copyrighted material from the Internet once it's already out there.
It didn't help that a week prior to its being forced to a find a new ISP that an anonymous BitTorrent user created a searchable back-up copy of the site using the OpenBitTorrent tracker.
So even if TPB magically closed this very second, its database of content would live on in perpetuity on the hard-drives of BitTorrent users around the globe.
"The Pirate Bay example shows how difficult it is to 'stop' data once it is on the web," adds the report. "Although a website can be shut down, anyone who has accessed the content (pictures, games, text, movies, etc.) may still have a copy and be able to redistribute it. Plus, once traffic was cut-off, the site quickly relocated and was operational again reportedly within 24 hours."
Exactly. Copyright holders are fighting a losing battle against file-sharing sites. For each that it painstakingly manages to shutdown two or more appear in its place. OiNK anyone?
If only they'd use all their resources to give consumers what they want. Stay tuned.
Unauthorized Downloaders Spend the Most on Music
Excerpted from The Independent Report by Rachel Shields
People who download unlicensed music from the Internet also spend more money on music than anyone else, according to a new study done in the UK. The survey, published this week, found that those who admit to unauthorized downloading spent an average of £77 a year on music - £33 more than those who claim that they never download unlicensed music.
The findings suggest that plans by the Secretary of State for Business, Peter Mandelson, to crack down on unauthorized downloaders by threatening to cut their Internet connections with a "three strikes and you're out" rule could harm the music industry by punishing its core customers.
An estimated seven million UK users download unauthorized files every year. The record industry's trade association, the British Phonographic Industry (BPI), believes this copyright infringement will cost the industry £200 million this year.
The poll, which surveyed 1,000 16-to-50 year-olds with Internet access, found that one in 10 people admit to downloading unlicensed music.
"The latest approach from the Government will not help prop up an ailing music industry. Politicians and music companies need to recognize that the nature of music consumption has changed, and consumers are demanding lower prices and easier access," said Peter Bradwell, from the think-tank Demos, which commissioned the new poll conducted by Ipsos Mori.
However, music industry experts insist the figures offer a skewed picture. The poll suggested the Government's plan to disconnect unauthorized downloaders if they ignore official warning letters could deter people from Internet infringement, with 61% of unauthorized downloaders surveyed admitting they would be put off downloading unlicensed music by the threat of having their Internet service cut off for a month.
"The people who file-share are the ones who are interested in music," said Mark Mulligan of Forrester Research. "They use file sharing as a discovery mechanism. We have a generation of young people who don't have any concept of music as a paid-for commodity," he continued. "You need to have it at a price point you won't notice."
The Digital Economy Bill, which will become law next April, sets forth new measures to crack down on Internet infringement. But these have generated criticism from Internet service providers (ISPs), who say they will be difficult to enforce.
Artists are also divided over the issue, with Lily Allen recently supporting the Government's stance, while the Latin pop star Shakira argues that unauthorized file sharing brings her closer to her fans.
This year Virgin Media and Universal Music plan to launch the first music subscription service allowing customers to download and keep unlimited tracks from Universal's catalog for a fee of around £15.
EU Countries Strengthen Internet Access Protections
Excerpted from TopNews Report by Justin Sorkin
A Thursday night compromise between the governments of European countries and consumer organizations resulted in the agreement of the European lawmakers on new protections for Internet users.
With the disagreement over Internet access finally resolved, European countries will be allowed to adopt "three-strikes" rules targeting online file sharers, based on the supposition of innocence, guarding of privacy, and permission for judicial appeal.
As per the compromise, the entertainment-industry sponsored disconnection of Internet access - to crack down on digital copying of music and movies - has been approved on the condition that the disconnection decision will be put through a legal review.
The recent agreement has been widely hailed by supporters who opine that the move will legally fortify the right to Internet access in Europe, alongside the check on extensive digital copyright infringement.
Commenting on the agreement, the amendment's sponsor, Catherine Trautmann - a Member of Parliament from Strasbourg, France - said, "This is a very fundamental step. It is the first time that we affirm that access to Internet is an essential tool to exercise fundamental rights and freedoms. It is progress for the rights of citizens."
Will "Three-Strikes" Come to the United States?
Excerpted from DSLreports Report by Karl Bode
The entertainment industry would really like Internet service providers (ISPs) to play content police, booting file sharers from their networks. But given ISPs don't want to take on the added expense and liability for an effort that might not work anyway, the entertainment industry will try to pass laws forcing them to do so.
While such "three-strikes" laws have seen more luck in France than elsewhere, it seems like only a matter of time before they take root in the US. Wired News points out how the MPAA wrote a letter to the FCC this week urging Congress to take action:
"Working in cooperation with ISPs, MPAA's member studios and other creators can utilize a variety of technological tools and policy approaches to address the threat of unlawful conduct online," reads the MPAA letter.
"These efforts, which include graduated response policies as well as technologies such as watermarking and filtering, have proven to be successful in various contexts," the group continues.
Which "various contexts" aren't cited but should be, given most instances of filtering have proven to be abject failures in stopping infringement.
As Wired notes, while the entertainment industry has pushed for Internet filters for some time, this is the first time that Hollywood has specifically started pushing for booting people off the Internet.
It's likely that if the RIAA and MPAA can't pay Congress enough to create the laws, they're likely slip them through via the behind-closed-doors ACTA international trade agreement.
This is assuming ISPs don't ultimately decide to employ "graduated response" systems voluntarily.
Cox Communications already employs a system whereby heavy file sharers are booted from the network, though Cox insists that they only terminate a tiny number of overall subscriber connections, and only after ample warning.
But such voluntary efforts certainly don't go as far as the entertainment industry would like, given that there's nothing stopping a Cox user from migrating to another ISP (assuming they have one to choose from).
Norwegian Court: ISP Telenor Need Not Block The Pirate Bay
Excerpted from Digital Media Wire Report by Mark Hefflinger
International record-label trade group IFPI has lost its court case that sought to compel Norwegian Internet service provider (ISP) Telenor to block its subscribers' access to file-sharing hub The Pirate Bay (TPB), TorrentFreak reported.
The Norwegian court found that Telenor is not contributing to any copyright infringement that may be committed by users of its Internet access service.
"It is important for us to emphasize that this case is not about being in favor of or opposed to copyright, but about whether or not it is reasonable to saddle IPSs with a censorship role in respect of content on the Internet," Telenor's Ragnar Karhus said.
"60 Minutes" Sparks Controversy over Movie Infringement
Excerpted from MediaPost Report
CBS's 60 Minutes report about online video infringement on November 1st has critics at TechDirt fuming, and calling it "laughable, factually incorrect propaganda."
They say the report covered only Hollywood's position, without any attempt to challenge the speakers or to include anyone who would present a counterpoint.
In the show, for instance, director Steven Soderbergh claims that online infringement "is costing Hollywood $6 billion a year at the box office," but fails to mention that Hollywood has been making more at the box office every year during the past few years.
"No one at '60 Minutes' thought to talk to anyone outside of the studio system to see if the claims made sense," says TechDirt.
"It didn't talk to the growing number of people who are making movies and embracing file sharing to help get those movies seen. It didn't talk to copyright experts or consumer advocates."
Banning Software Won't Keep Data Safe from Hackers
Excerpted from NextGov Report by Jill Aitoro
Stricter rules won't deter government employees from using file-sharing services that can provide access to sensitive documents, such as the inadvertent release of an internal Congressional report about House members' possible ethical violations, security professionals said.
House Speaker Nancy Pelosi (D-CA) and Minority Leader John Boehner (R-OH) announced on Friday plans for the Chief Administrative Officer's Information Security Department to perform "an immediate and comprehensive assessment of the policies and procedures for handling sensitive data," in response to a data breach that disclosed documents detailing the status of investigations into lawmakers' activities on subjects such as influence peddling and defense lobbying, according to the Washington Post.
The report's release was by means of file-sharing software, which allows computer users to exchange files, most commonly songs and video clips, directly from other computer users who have downloaded the same or compatible software. But the software gives users access to other files stored on the computer if the user does not configure the file-sharing software properly.
The House prohibits using file-sharing applications on computers, but Pelosi and Boehner said in the statement that they "are working diligently to provide the highest level of data security for the House in order to ensure that the operations of House offices are secure from unauthorized access."
But developing a tighter security policy will do little to reduce the risk that other files will be inadvertently released to the public, said Tom Kellermann, Vice President of Security Awareness at Core Security Technologies and former Senior Data Risk Management Specialist for the World Bank treasury security team.
"A ban does not ensure that file-sharing software is not being used in blatant violation of policy, or that there are not existing compromised computers that have remotely deployed file-sharing software," he said. "Policy compliance in the absence of a dynamic audit is impossible, and any assumption that only insiders can violate policies is false because so many electronic devices have been compromised."
Kellermann said tests that determine how well computer systems can withstand break-in attempts are essential to thwarting these types of breaches. He also suggested using the Consensus Audit Guidelines, which instruct agencies to first fix vulnerabilities in federal networks that hackers are known to exploit most frequently, to understand how vulnerable government organizations are to cyber infiltration and how frequently users violate security policies.
The House is aware of the risks associated with file-sharing software. In an April 20th letter to Attorney General Eric Holder, the Oversight and Government Reform Committee expressed concern about "the significant risk posed to American citizens and entities from the accessibility of sensitive private and government information on file-sharing networks," and pushed the Justice Department and Federal Trade Commission (FTC) to prosecute those who use file-sharing services to download sensitive information.
During one of several hearings on the topic in July, committee chairman Edolphus Towns (D-NY), announced plans to introduce a bill banning the software from all government and contractor computers. He has yet to introduce the bill.
"Open file sharing does not fit a business or government environment," said Alan Paller, Director of Research at the SANS Institute, a cyber-security research and education organization. Congress and federal agencies should identify and eliminate file-sharing software from network computers, he added.
Long before file-sharing software became popular for sharing music and videos, people used the application for convenience, adjusting permission settings on network directories to allow them to access files in certain directories from their own computers, according to Paller.
"They nearly always forgot they had done that and lots of pain ensued when confidential information leaked thanks to that convenience," he said. "It was a very bad idea then, practiced only by people who were incapable of setting up more rigorously controlled sharing between specific people for specific projects, and it's an even worse idea now, when malicious outsiders are actively looking for those holes."
Dale Meyerrose, Vice President for Cyber and Information Assurance at Harris Corp., cautioned against an all-out ban of the file-sharing software, recommending instead that agencies develop stronger security controls to prevent the services from being misused.
"You can't legislate out stupidity or poor common sense," said Meyerrose, who served as Chief Information Officer for the Office of the Director of National Intelligence during the Bush administration.
"Unless you remove all people from the process, breaches will happen. But it's an ostrich approach of sticking your head in the sand to say, 'We need to ban use completely.' People are looking for technology to solve problems, and there are all kinds of ways to do this securely."
Meyerrose suggested provisions that will prevent employees from downloading sensitive data and monitoring employee behavior on the network to ensure only authorized users to access classified information. He also suggested prosecuting those who violate policies.
"You have to figure out how to make it protectable, securable, and check-worthy," Meyerrose said. "Too often the IT folks say, 'No, not on my watch,' because they don't want to do the harder job of finding a way to make it work."
Coming Events of Interest
Future of Television East - November 186h-19th in New York, NY. Join television industry leaders including senior decision-makers from major broadcasters, production studios and cable networks, social networks, producers, creators, mobile companies, online content producers, distributors, technology companies, and association heads - for the industry's most prestigious event.
P2P MEDIA SUMMIT at CES - January 6th in Las Vegas, NV. The DCIA's seminal industry event, featuring keynotes from top P2P and cloud computing software companies; tracks on policy, technology, and marketing; panel discussions covering content distribution and solutions development.
2010 International CES - January 6th-10th in Las Vegas, NV. The industry's largest educational forum to help companies expand their businesses and understand new technology. Over 200 conferences and more than 300 expert speakers encompass International CES.
MIDEM & MidemNet - January 23rd-27th in Cannes, France. MIDEM is where music professionals from across the industry meet face-to-face to do business, analyze trends and build partnerships. MIDEM brings together music leaders looking for concrete solutions and insights. MidemNet's renowned digital business conference program is now included free with your MIDEM registration.
P2P MARKET CONFERENCE - March 9th in New York, NY. Strategies to fulfill the multi-billion dollar revenue potential of the P2P and cloud computing channel for the distribution of entertainment content. Case studies of sponsorships, cross-promotion, interactive advertising, and exciting new hybrid business models.
Media Summit New York - March 10th-11th in New York, NY. MSNY is the premier international conference on media, broadband, advertising, television, cable & satellite, mobile, publishing, radio, magazines, news & print media, and marketing.
|
