Every once in a while you'll get a political hearing on capitol hill where elected Government officials will grand stand and politicize issues that should have nothing to do with politics. Sandy Berger stole secret documents from the National Archives by shoving them in to his socks so will Congressman Waxman propose a new law against socks?This time it's Government Reform Committee Chairman Henry Waxman who says he is considering new laws against P2P (Peer to Peer) software citing the possibility that P2P software may compromise National Security and can be used by organized crime. The problem is that Mr. Waxman hasn't a clue what he's talking about and this new round of political grandstanding is absurd.
The Federal Government should clean up their own security act because year after year they get failing or near failing grades. Mr. Waxman is slamming Lime Wire for producing software that may circumvent Federal Government security, but the real question is why are Federal Government IT departments allowing Federal employees to install Lime Wire or any other piece of software on Government computers? The mere fact that Government Employees have administrative access to install software on their computers let alone computers with access to sensitive information is absurd. If you can't even keep employees from installing Lime Wire, you're sure as hell not going to prevent them from installing root kits which are infinitely more destructive.
Why pick on Lime Wire? Sandy Berger stole secret documents from the National Archives by shoving the documents in to his socks so will Congressman Waxman propose a new law against socks? Will Congressman Waxman call the CEO of Fruit of the Loom to the hearings and grill him about the dangers of socks? If we're afraid that Federal Employees with use P2P software to divulge national secrets, shouldn't we be afraid they'll use the fax machine too? Shouldn't we be more worried about the type of employees we place in to sensitive positions? While we're at it, why not make Malware illegal? Oh yeah, they're already illegal but that hasn't stopped them. The onus is on the IT organization to lock down their end points and network resources so that malicious software doesn't get in to their infrastructure in the first place. The onus is on the Government or any organization to lock down their infrastructure from the physical layer to the application layer to the people working for them.