File sharing networks take it on the chin

File sharing proponents were doing the old duck-and-cover drill today as a congressional committee grilled a variety of experts on the subject. At the heart of the hearing was the idea that  sensitive information, including personal financial data, is mistakenly leaked through popular file-sharing programs such as LimeWire, KaZaA and Morpheus that individual, corporate and government users use to share music, movie and other entertainment files.Rep. Henry Waxman, D-Calif., chairman of the the House Oversight and Government Reform Committee said at the outset the purpose of the  hearing was  not to shut down P2P networks or bash P2P technology. It was apparent that’s what the hearing morphed into from time to time. "The American people would be totally outraged if they were aware of what is inadvertently shared ... by government agencies," said retired Gen. Wesley Clark, who is on the advisory board of Tiversa a data security company.  Clark showed  the committee several classified documents Tiversa  found on peer-to-peer networks, such  as the schematics of a military base in East Africa and threat assessments by a security contractor for subway systems in several major cities.The US Patent Trademark Office also took a shot at P2P networks. “Unbeknownst to many, users of popular filesharing programs are “sharing” files they do not intend to provide to thousands of strangers. These files may contain copyrighted works that users cannot legally distribute; they may also contain sensitive or proprietary data belonging to the user or a family member’s employer. This problem can be called “inadvertent sharing,” said Thomas Sydnor, an attorney with the PTO.  “Right now - and completely unknown to them – Americans are sharing sensitive personal  data—their bank records, credit-card numbers, passwords, tax returns, and letters, to name a few. Without their knowledge, businesses are sharing confidential data about their customers, employees, and strategic plans. Federal, state, and local governments are also affected—and sensitive data has been exposed. Worse yet, Internet criminals know this, and they are data-mining filesharing networks,” While Mark Gorton, chairman of LimeWire LLC, said his company "takes the problem of inadvertent file-sharing seriously" and seeks to make it easy for users to understand what files they may be sharing, he also told the committee he  he had "no idea" of the amount of classified information available over peer-to-peer networks.“The LimeWire program contains a number of features designed to prevent inadvertent file-sharing. In the Library tab, users can see which files are being shared and how many times each file has been uploaded. They can also turn off or on sharing on a file by file or folder by folder basis. The Monitor and logging tabs on the LimeWire client also show which files have been uploaded. Users are given warnings when they attempt to share folders which are likely to contain sensitive information such as the “My Documents” folder on Windows machines. A status bar is always present which shows how many files are being shared, the number of files currently being uploaded, and the current upload bandwidth being used,” Gorton said. “At LimeWire we continue to be frustrated that despite our warnings and precautions, a small fraction of users override the safe default setting that come with the program andend up inadvertently publishing information that they would prefer to keep private.”Although P2P technology confers significant benefits, such as allowing for faster file transfers, conserving bandwidth and storage requirements, and saving on maintenance and energy costs, it also has been associated with risks to consumers.  When consumers download and use P2P file-sharing software programs, they face risks such as downloading spyware or adware programs that come bundled with some P2P file-sharing programs, or receiving files infected with viruses that could impair the operation of their personal computers. In addition, through their use of P2P technology, consumers may unintentionally share personal or other sensitive files residing on their hard drives. Individuals also risk receiving or redistributing files that may subject them to civil or criminal liability under laws governing copyright infringement and pornography. Finally, because of the way some files are labeled, consumers, including children, may be exposed to unwanted pornographic images. Mary Englle,  associate director for advertising practices with the Federal Trade Commission.    Engle said there needs to be a balance that protects sensitive government, personal, and corporate information and copyright laws.     But a balance isn’t likely as majority leader Sen. Harry Reid of Nevada announced his plan to prevent “campus based digital theft” through a series of requirements that he is expected to try to attach to the reauthorization of the Higher Education Act, when the Senate takes up that legislation, most likely in the next day or so, according to an article on Inside Higher Ed.com. The Reid plan would require colleges to: ·          Report annually to the U.S. Education Department on policies related to illegal downloading. ·          Review their procedures to be sure that they are effective. ·          “Provide evidence” to the Education Department that they have “developed a plan for implementing a technology-based deterrent to prevent the illegal downloading or peer-to-peer distribution of intellectual property.”·          Require the education secretary to annually identify the 25 colleges and universities that have in the previous year received the most notices of copyright violations using institutional technology networks·          The most controversial aspect of the amendment is the mandated P2P filter, the "technology-based deterrent," being that none are 100% effective and run the risk of blocking legitimate P2P software and file-sharing. ·          The most controversial aspect of the amendment is the mandated P2P filter, the "technology-based deterrent," being that none are 100% effective and run the risk of blocking legitimate P2P software and file-sharing.  

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.