After a former Congressional staffer exposed some sensitive data on a file-sharing network recently, some lawmakers are calling for the Congress to start an internal review of its own data security policies immediately. The situation, which is linked to an ethics investigation in the House of Representatives, has brought to the fore concerns about the way that sensitive documents and personal data are handled in Congress. A report from the House ethics committee regarding the investigation of a California congressman was made available on a file-sharing network and reporters from The Washington Post, among others, were able to access it.
In the breach, the report was disclosed inadvertently by a junior
committee staff member, who had apparently stored the file on a home
computer with “peer-to-peer” software, congressional sources said. The
popular software allows computer users to share music or other files
and is easily available online. But it also allows anyone with the
software on a computer to access documents of another user without
permission, as long as the users are on a file-sharing network at the
same time.
The staff member was fired this week. She told committee leaders she
had saved a copy of the investigation summary to her personal computer
without realizing it, a congressional source said, speaking on the
condition of anonymity because of the sensitivity of the matter. The
file was stored in a part of her computer files where peer-to-peer
file-sharing software could operate, but she told the leaders that she
did not realize that it was actively running.
As a result, House Speaker Nancy Pelosi and Minority Leader John Boehner are asking for a review of policies and procedures for working with confidential data, the Post reports. Congressional staffers, especially those who work on committees that deal with touchy subjects such as intelligence and ethics, often have access to sensitive documents and data. And lawmakers say this incident points out the dangers inherent in that situation and the need for sctricter rules for handling such data.