Congress: ‘Can P2P and File-Sharing Programs Lead to a Cyber Pearl Harbor?’

Warned that they can be used by terrorists and hackers to gain confidential financial and national security data.

The House Oversight and Government Reform Committee, chaired by Rep Henry Waxman (D-CA), reignited the debate over online file-sharing today with dramatic testimony about how P2P and file-sharing programs pose a dangerous new threat to information security in this country.

Committee Chairman Waxman began the discussion by noting that in a recent investigation using LimeWire it was able to find "…personal bank records and tax forms, attorney-client communications, the corporate strategies of Fortune 500 companies, confidential corporate accounting documents, internal documents from political campaigns, government emergency response plans, and even military operation orders."

To combat the problem, the committee then decided to hold hearings to discuss P2P and file-sharing networks and ask themselves the following 3 questions:

  • 1) Does inadvertent file sharing over P2P networks create unacceptable risk for consumers, corporations, and government?
  • 2) If so, how extensive is the problem?
  • 3) Does Congress need to intervene in this matter with legislation or can the problems be addressed through available oversight tools and enhanced consumer education?

The first question is kind of silly to me because it implies that if file-sharing was unacceptable that the Federal Govt would either try to block it, impossible, or outlaw it, even more impossible.

The third question is also silly because no amount of "consumer education" will get people to stop using the inferior P2P programs like KaZaA, Limewire, eMule, and others that are responsible for this whole data leak mess no matter what and how many times you tell them. People are still paying $30 bucks for KaZaA Lite, does Congress really think they can "educate" them? Good luck.

In a prepared statement the FTC notes that "When consumers download and use P2P file-sharing software programs, they face risks such as downloading spyware or adware programs that come bundled with some P2P file-sharing programs, or receiving files infected with viruses that could impair the operation of their personal computers.

It’s no secret that some P2P programs contain malicious software but, is it any more of a threat than simple internet browsing or e-mail for these very same people?

Much to their credit, the FTC then goes on to acknowledge that the "…risks to consumers associated with P2P file-sharing are not unique, but also exist when consumers engage in other Internet-related activities such as surfing web sites, using search engines, downloading software, and using e-mail or instant messaging.

Thank you.

Computer safety and privacy is always about TRUSTED SOURCES and COMMON SENSE. If you can’t figure out how to compartmentalize what folders you are sharing, or furthermore, to upgrade to BitTorrent or other more secure P2P programs than you probably have no business being in the file-sharing game. I think the rest of us in the file-sharing community haven’t gotten a lousy spyware or adware program bundled with a P2P program since KaZaA back in the day.

Retired General Wesley Clark later testified about how he was able to obtain a number of confidential and classified material on P2P and file-sharing networks. He insists that he doesn’t want to shut down P2P and file-sharing networks but, that an "active defensive mechanism" needs to be put in to place to somehow filter or prevent important data from being leaked out.

He was then asked by one of the committee members if failure to "secure" P2P or file-sharing programs could lead to a "cyber Pearl Harbor," to which he simply noted the dangers of leaking sensitive information and the difficulty in tracking down those responsible.

Moreover, it didn’t appear that any grandstanding took place to try and further demonize P2P or file-sharing software, and that for now the hearings were simply an attempt to get individuals to be more aware of the data they are inadvertently sharing and the danger it poses for all of us.

The only part where the discussion got somewhat heated and hints of an ulterior motive is when Mr. Mark Gorton, Chief Executive Officer of The Lime Group(Limewire) is questioned by Rep Issa (R-CA). He asks Gorton whether today’s testimony would make him reconsider the default features by which folders are currently shared.

Admittedly stunned by hearing the breadth of confidential and classified national security data available on P2P and file-sharing networks, Gorton then mentions that Limewire is currently working on methods to reconfigure the way that shared folders and directories are configured.

Rep Issa then interrupts him to ask whether or not he’d be surprised if he were sued for having a "defective product" by the hundreds of thousands of people who have accidentally made their personal financial and medical data available for others to download.

To his credit, Gorton sticks to his guns by pointing out that the vast majority of users know what they’re doing and he says that it’s only a "minority that make mistakes using the program."

"Clearly these mistakes have consequences and we want to fix that," he continues.

Rep Issa goes on to wonder aloud if Limewire users have been "properly warned…that they were violating copyright laws in essentially publishing this (copyrighted video, music, etc.) and that feel they may have been damaged by this."

Could a class-action "defective product" lawsuit be the hail mary cure that the movie and record industry has been looking for?

Moreover, Gorton makes an important point about the leaking of classified and sensitive national security data over P2P and file-sharing networks in that why is it on a home PC in the first place, or more importantly why is it on a govt PC?

The committee had no response for this question.

Couldn’t the problem of leaking important national security data be more easily solved by following laws already in place that govern the handling of govt data and network security?

As for the inadvertent sharing of private financial and medical information by users I think more secure default settings would help but, ultimately just as people continue to fail to use common sense when it comes to internet browsing and e-mail handling, so too will there be those that fail to secure P2P and file-sharing programs.

Altogether the hearing was well over 2 hours long, and if you’re curious enough you can watch it here.