House bill seeking government P2P ban gets boost

05.10.2009
Security firm Tiversa Inc. has provided the House Oversight and Government Reform Committee with more reasons to ban peer-to-peer networks in government -- some 200 sensitive military documents it recently accessed via such technology.

The documents include personal data on U.S. troops based overseas, details on sensitive military projects and defense contracts and documents that violate International Traffic in Arms Regulations (ITAR) rules, according to a Tiversa executive. One document contained personal data on dozens of soldiers from the Third Special Forces Group based out of Fort Bragg N.C. and included the names and ages of their spouses and children.

The House Committee had asked Tiversa to try to access such data for use in its debate on a proposed bill that would ban the use of P2P technology on government networks. The request stemmed from a House hearing in July during which that it found details on safe house locations for the family of President Barack Obama, presidential motorcade routes and other sensitive data on a government P2P network. That followed Tiversa's disclosure that it had unearthed details about the on a server located in Iran. Those details were apparently inadvertently leaked to the Iranian system from a P2P network.

"In an effort to understand the magnitude of P2P risks, and draft appropriate legislation, the Committee asked us to provide additional examples following the hearing in July," said Scott Harrer, brand director of the Cranberry Township, Pa.-based Tiversa. Over the past month, the company submitted more than 200 more examples of P2P network data that it has accessed, Harrer said.

Most of the documents found by Tiversa were marked "secret" and appear to include information from all branches of the military, Harrer said. The company has reported on its findings to the Naval Criminal Investigative Service, Army Criminal Investigation Command and the Air Force Office of Special Investigations, he added. "We have recently seen these files being downloaded in foreign countries, including China and Pakistan," Harrer said. "We have also seen user-issued searches for this type of sensitive data emanating from outside the U.S., so people are in fact actively looking for it."

Tiversa's latest disclosures will likely add to growing concerns about the security of P2P networks.