LimeWire Blamed for Govt. Computer Breaches

Published July 1, 2009

A congressional committee has sent a letter to the operators of the LimeWire file-sharing service, singling it out for blame after a series of high-profile breaches of security on government computers.

But Ralph Benko, a Washington, DC-based tech expert and author, represented the opinion of many tech experts by saying, “It is very sad when federal agencies that fail to take elementary steps to secure the sensitive information entrusted to them hornswoggle a couple of confused congressional aides into getting their bosses to launch an investigation in order to cover up their own ineptitude.”

Edolphus Towns (D-NY), chairman of the House Government Reform Committee, and ranking minority member Darrell E. Issa (R-CA) sent a letter in April to Mark Gorton, chairman of The Lime Group, the New York City firm that owns LimeWire.

The letter says the committee is concerned nongovernment individuals using LimeWire “easily obtained bank records, health records, military files, tax returns, corporate documents, and other highly sensitive private files [of American citizens] via the LimeWire network.”

Towns and Issa cited press reports in the past two years of computer users making available the blueprints for Marine One, more than 150,000 tax returns, 25,800 student loan applications, 626,000 credit reports, and tens of thousands of medical files, all taken from government computers.

Changes Already in Place

Gorton has informed Capitol Hill he is implementing significant changes to the LimeWire peer-to-peer (P2P) software program to ensure a major decrease in the number of inadvertent postings of confidential information onto the Internet.

Lime Group spokeswoman Linda Lipman said the program is not configured to share any file without clear permission from the user. “In fact, the software does not share any file or directory without explicit permission from the user,” she said.

Government Failure Cited

Timothy Lee, an adjunct scholar for technology issues at the Cato Institute in Washington, DC, agrees with Benko in thinking Towns and Issa are after the wrong culprit.

“Reps. Towns and Issa are wrong to place blame on a private software vendor for mistakes made by government employees and systems administrators,” Lee said. “Like any tool, LimeWire can be misused, and the blame for that rests with the user, not the tool.”

Congressional Abuse Claimed

Benko believes Congress might be abusing its power in sending such letters to a private corporation.

“It bespeaks a possible abuse of federal power,” Benko said. “Frankly, I am unclear on why Congress isn’t investigating the agencies who were careless with their data, rather than a software company who makes a neutral utility. This accusation against Lime sounds perilously like someone looking into whether the telephone company might be guilty of spying because a spy used a telephone to fax some information back to her headquarters.”

Thomas Cheplick ([email protected]) writes from Cambridge, Massachusetts.