Oh, That Pesky Peer-to-Peer!
Friday, October 30th, 2009 by Patrick Ross
Print This Post
Just when you think the dangers of file-sharing are slipping out of the headlines, those silly buggers pop right back onto the front page.
The latest on this front blared across the cover of The Washington Post this morning, with news that dozens of U.S. federal lawmakers are being investigated by the House Ethics Committee. How did this come about? A young staffer had a confidential file with him at home, was using peer-to-peer software, and, well, you know the rest. Soon the world could see the inner workings of multiple ethics investigations.
Now as someone who spent a decade as an investigative reporter, it’s revelations like this that make me drool with anticipation. And as someone who lives in the congressional district of one of those being investigated, I like knowing of this investigation. It can also forcefully be argued, as it can be argued with any ongoing investigation, that it ultimately is a disservice to have this information disclosed prematurely; it can jeopardize an important investigation.
What can’t be argued is that peer-to-peer file-sharing, architected to encourage sharing in order to fully utilize the “network effect” (the more that’s shared, the more network use will grow), continues to bring in files beyond copyrighted, infringing creative works, but also lots of super-sensitive stuff (to be all legally jargony about it).
Not too long ago U.S. Supreme Court Justice Breyer’s personal financial data traveled peer-to-peer networks because an investor he had hired was using software he shouldn’t have been. (That also made the front page of the Post, ably reported by ace reporter Brian Krebs.)
There has been study after study on the continued dangers posed to identity and financial security by peer-to-peer software, most recently made clear at a (in particular see the testimony by The Progress & Freedom Foundation’s Tom Sydnor).
A bill considered at that hearing, HR-1319, the Informed P2P User Act by Rep. Mary Bono Mack (R-CA), recently cleared the U.S. House Commerce Committee. Essentially, the bill instructs the Federal Trade Commission to ensure users of P2P software are fully informed as to what they are sharing and consent to that sharing before the sharing occurs.
It will be interesting to see how this violation of the trust and rules of the U.S. House as a result of one careless file-sharer affects the future of HR-1319.
October 31st, 2009 at 12:51 am
Ah yes, I’ve heard about this incident, as well as its predecessors; I’ve also heard various details more specific than the common info about them. It’s truly frightening that the people who have access to state secrets and information of national security have no more clue about the most basic cyber-security practices than the people flipping burgers at the fast food restaurant down the street.
Right now it’s orders of magnitude cheaper to exploit stupid people in high places than to perform cyber-attacks on government/military systems. Of course it’s extremely unlikely that this was such a case: if this had been an attempt by terrorists or hackers to get internal documents from the government, they wouldn’t have released them publicly and revealed the security breach; this was just your run-of-the-mill stupid person screwing up.
October 31st, 2009 at 10:33 am
There is also that pesky technology called pen and paper. Once, someone wrote down some confidential information. This paper was then accidental left outside and someone found it. Someone should pass a law or something!
Then there was the case of the telephone. One time, one crook called another crook to plan a crime. The phone company did nothing to monitor phone conversations about such illegal activity happening on their network.
To borrow a phrase from the gun lobby: P2P software does not share files, people share files.
October 31st, 2009 at 12:03 pm
And guns are regulated at the state and federal level. Perhaps you are in favor of plastic guns (evading metal detectors)? They’re designed to deceive, and thus are regulated.
October 31st, 2009 at 1:16 pm
“There is also that pesky technology called pen and paper. Once, someone wrote down some confidential information. This paper was then accidental left outside and someone found it. Someone should pass a law or something!
Then there was the case of the telephone. One time, one crook called another crook to plan a crime. The phone company did nothing to monitor phone conversations about such illegal activity happening on their network.”
Don’t forget the USB drive. There have already been half a dozen cases in the US where a government employee has lost a USB drive containing sensitive government files. Think there were also a case or two of an entire laptop being lost.
October 31st, 2009 at 3:38 pm
[...] dumb employees and bad government security) was a huge national security threat and (of course) to urge Congresss to pass laws against file sharing programs. The one thing in common? All of those calls come from people who get [...]
October 31st, 2009 at 9:11 pm
Correction: half a dozen *publicized* cases involving USB drives. When somebody shares a file on P2P it practically becomes public property, and you’re never getting the genie back into the bottle; but with things like lost USB drives or viruses/trojans, where only a single person obtains the files, it’s easy to cover up the leak for a while.
With regard to sensitive government leaks, P2P is the extreme tip of the iceberg. The 21st century has come, and the government is NOT ready.
November 1st, 2009 at 8:48 am
Agree the government is not ready. But neither are the tens of thousands of US citizens whose tax returns and SSNs are forever out there, on strangers’ hard drives continuing to be shared. Do a search for Excel files or even “social security number” and you’ll see the pervasiveness.
If a government employee loses a USB drive or a laptop, all concerned learn pretty quickly. One doesn’t tend to notice when a file is shared off of your computer. This is particularly true if a family member (read teenager) installs software the parent doesn’t really understand, which is not an uncommon occurrence.
One can like P2P technology — I love its ability to allow connections, and let’s not forget it was born at the dawn of the Internet when scientists at universities used early TCP/IP to collaborate on scientific experiments — without putting one’s head in the sand about the hard-wired elements of infringing P2P software developers to dupe people into sharing even when they don’t want to.
I would think users of these services would be annoyed at the software treating them with some disdain. Whatever you think of file-sharing and infringement, this kind of abuse of a software user’s privacy seems indefensible.
November 12th, 2009 at 7:37 pm
Patrick, I understand your perspective but I believe that much criticism of p2p software is overblown. While different applications are.. well, different - much of the criticism I read attacked features like allowing users to share an entire folder (including subdirectories). I would not use any software which forced me to go to annoying extra lengths to do so - if you don’t want to share the whole folder, uncheck that box!
February 22nd, 2010 at 12:51 pm
[...] is hardly a new story; we noted a few months ago that U.S. Supreme Court Justice Breyer had his financial data circulating on a P2P network because someone at his money management firm had downloaded P2P software to his work [...]