Peer-to-peer network exposes document detailing US Congress ethics probes
By Simon Thorpe on Nov 02, 2009
Over the weekend a document containing confidential information from one of the most secretive panels in Congress was floating about on an peer-to-peer network. Apparently a junior member of staff went home to work on the memo and stored the document on a computer that also ran peer-to-peer networking software. The inevitable happened and the document was whisked away to the file sharing network to be available to thousands of other computers.The 22 page report contains details of sensitive ethics probes involving more than 30 lawmakers and aides compiled by the ethics committee in the House of Congress.
|The ethics committee is one of the most secretive panels in Congress, and its members and staff members sign oaths not to disclose any activities related to its past or present investigations. The 22-page "Committee on Standards Weekly Summary Report" gives brief summaries of ethics panel investigations of the conduct of 19 lawmakers and a few staff members. It also outlines the work of the new Office of Congressional Ethics, a quasi-independent body that initiates investigations and provides recommendations to the ethics committee. The document indicated that the office was reviewing the activities of 14 other lawmakers. Some were under review by both ethics bodies.
The leaked document, which was reported to the Washington Post, caused Democrat Zoe Lofgren, chairwoman of the House Ethics Committee, to interrupt House voting. She announced that the Washington Post had obtained a confidential ethics report and the newspaper had been contacting lawmakers named in the document. She described the release of the sensitive document, as a form of hacking.
This incident highlights the dangers of not correctly protecting your most confidential information. Unfortunately the blame is usually pointed at the person who didn't follow instructions on how to handle such data. In this incident the member of staff was fired and the committee "is taking all appropriate steps to deal with this issue,". According to house administration rules, they require that if a lawmaker or staff member takes work home, "all users of House sensitive information must protect the confidentiality of sensitive information" from unauthorized disclosure. I wonder what technologies are actually implemented to aid lawmakers and staff with actually protecting this information.
"I regret to report that there was a cyberhacking incident of a confidential document of the committee,"
Zoe Lofgren, (D CA)
Information Rights Management could have easily helped avoid this situation. The memo could have been encrypted and secured allowing the employee to work on the document where ever they wished. Then if the document had been transmitted across a peer-to-peer network, it would've been useless to anyone else because IRM ensures only authorized users can gain access to sealed content. This would've saved Congress the embarrassment and also saved the member of staff their job.