The Federal Trade Commission said today that it has warned nearly one hundred U.S. companies that personal information, including sensitive data about customers and/or employees, is floating around on P2P networks, putting those customers and employees at risk of identity theft or fraud. The federal agency also said it has “opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks.”

From the FTC press release:

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers’ license and social security numbers–the kind of information that could lead to identity theft,” said FTC Chairman Jon Leibowitz. “Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing.”

The FTC is sending these organizations letters that point out the current risk, cite a specific file as evidence of the risk, and provide educational tools to avoid problems in the future. Of course, once the files are out there it’s almost impossible to contain that damage.

This is hardly a new story; we noted a few months ago that U.S. Supreme Court Justice Breyer had his financial data circulating on a P2P network because someone at his money management firm had downloaded P2P software to his work computer.

Congress shares the FTC’s concern with a problem that has been around as long as P2P itself. The problem is a simple one; a network is more robust when there is more participation, so P2P software by default encourages sharing. The U.S. Patent and Trademark Office wrote a compelling study on this threat, and last year Congress held a hearing to highlight this problem.

U.S. House members led by Rep. Mary Bono Mack (R-CA) are seeking to protect consumers with HR-1319, the Informed P2P User Act, which we’ve noted calls on the FTC to regulate P2P providers to ensure they aggressively inform consumers of risks and make it easy for consumers to limit or forbid sharing of their files. That bipartisan bill was approved by the U.S. House of Representatives in December 2009.

The goal of HR-1319 is, in one way, similar to the goal of those pursuing network neutrality regulations. Now stay with me here. In both cases, advocates are seeking to protect consumers in advance of harm — ex ante — rather than wait until the damage is done to address the problem legally — ex post. I’ll bet if you ask some of the employees of those nearly 100 organizations the FTC has discovered are now at risk for fraud and identity theft, they’ll tell you they would have liked whoever was responsible for installing that P2P software to have known the risk they were imposing on their many co-workers.

Kudos to the FTC for its continued vigilance in this important area of consumer privacy.

Share this:

This entry was posted on Monday, February 22nd, 2010 at 12:51 pm by Patrick Ross and is filed under FTC, p2p, piracy. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.