IE 11 is not supported. For an optimal experience visit our site on another browser.

Paranoia or caution? Why US House blocked a popular music-streaming service


People love to make fun of the apparent technical ineptness of America's congressmen, so it was no surprise that plenty of cheap shots were taken when it was discovered that the U.S. House of Representatives is blocking Spotify. The reason? The legal music-streaming service incorporates the same peer-to-peer network technology found in shady illegal file-sharing networks.

"It is a sad day when a few bureaucrats can block our nation's leadership from enjoying free, secure access to over 20 million songs," a Spotify spokesman initially told Politico's Tony Romm when the news of the music service's ban first broke. "We truly hope the House of Representatives will see the error of their ways and stop blocking Spotify so that all of America can benefit from their collective joy of music."

A spokesperson for the Office of the Chief Administrative Officer (CAO) told NBC News that Spotify — and other software which incorporates peer-to-peer technology — is blocked as a precautionary measure.

"To help protect House data, our IT policy generally prohibits the use of peer-to-peer (P2P) technologies while operating within the secure network," the spokesperson said, emphasizing what he told Politico. "While Spotify is currently not authorized, the CAO has and will continue to work with outside vendors to enable the popular services that improve member communication capabilities."

“The Committee is always looking to improve access to popular services that facilitate open constituent communications," a spokesperson for the Committee on House Administration (CHA) added, in an email to NBC News. "However, in doing so, we must also ensure adequate safeguards exist to protect against the ever-growing cyber threats of today’s environment.”

While the spokespeople from the CAO and CHA refrained from elaborating on what safeguards must exist in order for software such as Spotify to be authorized, Chester Wisniewski — a senior security advisor at Sophos — explained to NBC News that sometimes "security through obscurity" can be a good thing. "You are actually safer if someone who's trying to get something past your defenses doesn't know what your defenses are," he said, pardoning the zipped lips of the CAO and CHA.

Wisniewski explained that it is likely that the House of Representatives' network administrators are not targeting specific applications, but rather blocking off certain network ports (which could be thought of as virtual paths allowing different applications to share a single physical Internet connection). After all, he elaborates, "the network sees a request coming from another computer, to access a specific port," but there are few ways of identifying what exactly the incoming traffic is. "Typically this type of traffic is encrypted," Wisniewski says, "so even if this traffic said 'Spotify' on it, you wouldn't know what's in there."

In even plainer terms: Opening up certain ports, for the sake of allowing an application such as Spotify, could put a network at greater risk of security attacks. Given how many high-profile hacks have been surfacing in recent days — the New York Times, Wall Street Journal, and Twitter come to mind — one can hardly blame anyone for erring on the side of caution.

A Spotify spokesperson did tell NBC News that there is some hope, though. "We are currently in talks with the House of Representatives to alleviate any concerns they have regarding Spotify," he said. "We firmly believe that music is a common language that all political parties speak and should be used to bring the legislators of this great country together so they can solve the serious issues facing our nation."

In the meantime, an RIAA spokesperson pointed NBC News to a letter written by Cary Sherman, the association's CEO, to the CAO. "We certainly can appreciate and understand why the policy was implemented that prevents access to unauthorized peer-to-peer services for security reasons as well as to prevent use of the House network for illegal activity," Sherman writes before also offering to help "develop a new policy that ensures that users of the House network will be able to gain access to these new legal services."

Amazingly enough, no one — so far — has issued a statement pointing out how many hours have been spent on this issue, which boils down to bending security policies to allow lawmakers to use a specific music-streaming service ... during work hours.

Want more tech news or interesting links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.