Peer-to-Peer Peering Pondered

A discussion of privacy on peer-to-peer networks raised varied questions and accusations of spying and carelessness, but brought few answers and no plans for legal action, at a recent US Congressional hearing.

Some members of Congress were interested in charges that P-to-P networks expose personal data, but experts produced little evidence of that happening on a large scale. Still, the meeting produced a lively discussion, drawing comments from representatives of file-sharing service Kazaa, law enforcement, and academics who have studied file-sharing trends.

Information Unveiled

Committee staff found tax returns, medical records, attorney-client communications, and resumes on one search of an unnamed file-sharing service, said Committee Chairman Tom Davis. He also warned of spyware and adware that's available on some P-to-P services.

"Users of these programs need to be aware that sharing personal information can open the door to identity theft, consumer fraud, or other unwanted uses of their personal data," Davis said. "Parents, businesses, and government agencies also need to be aware of these risks if their home or office computers contain file-sharing programs."

However, James Farnan, deputy assistant director of the FBI's Cyber Division, said his agency has received no complaints of identity theft through P-to-P networks. He noted that victims may not report the crime if they use P-to-P to illegally trade files.

"Peer-to-peer networks primarily serve as a come-and-get-it resource on the Internet," Farnan said. "Criminals are only beginning to explore the potential of crime via peer-to-peer networks."

Nathaniel Good, an information graduate student, showed the committee files downloaded from users of the popular P-to-P service Kazaa. Good identified entire contents of e-mail in-boxes, credit card information on spreadsheets, and employee bonus salary agreements, all presumably shared accidentally.

"There's a lot of stuff here the person doesn't want the rest of the world to download," Good said.

In a study through Good's school and the University of Minnesota, researchers found about 1000 Kazaa users sharing their e-mail in-boxes during a one-week sweep of the service in January, Good said. But that's a small percentage of the estimated 70 million active Kazaa users.

Safeguards Considered

In the newest version of Kazaa, the default setting allows downloading of files only from a downloads folder, said Kazaa lawyer Philip Corwin. Users would have to change the settings to share tax documents or credit card information found elsewhere on their hard drives, he said.

"You have to go in and choose to share that file or everything on your C: drive," said Corwin, who attended the hearing but was not on the witness list.

Good's study recommends consumer education about the dangers of file-sharing and a better user interface for Kazaa, and Corwin said the P-to-P service will take those recommendations to heart. A forthcoming update of Kazaa will include more prominent warnings about unintentionally sharing private files, Corwin said.

The hearing was the committee's second on P-to-P networks. A previous hearing focused on pornography on P-to-P services, and a third will discuss file-sharing among government agencies. Corwin said he hopes the committee will also look into the music industry, which he called the "greatest threat to privacy" for trying to subpoena the names of file downloaders. He said the music industry also wants to be able to go into individual computers and delete files.

"I hope (the committee) is going to look into the millions of dollars Hollywood is spending on very aggressive invasive technologies that appear to be in violation of existing U.S. law," Corwin said.

Corwin's allegation that the music industry is developing such software is a "ridiculous charge," said Jonathan Lamy, a spokesperson for the Recording Industry Association of America. "The record companies would never do anything like that."

Putting It in Perspective

Others accuse some P-to-P services of making it difficult for users to designate files to share, and complain that some P-to-P software includes spyware. E-mail viruses and worms also can expose personal data, but P-to-P presents additional security challenges, said John Hale, assistant professor of computer science at the University of Tulsa.

"In short, P-to-P file sharing exposes users to untrusted hosts and software and offers little in the way of protection," he said.

Others said P-to-P software, when used correctly, isn't more dangerous than most other software.

File-sharing raises serious privacy concerns, said Alan Davidson, associate director of the Center for Democracy and Technology. "At the same time, it can be very beneficial, and it's largely in the control of the people who use it."

P-to-P networks may not be a major culprit in identity theft, although most victims can't identify how their personal information was stolen, said Mari Frank, a lawyer and expert on identity theft.

"P-to-P file sharing may pose less of a threat to identity theft than the careless display of records at your doctor's office, the negligently filed tax returns left on your accountant's desk for the cleaning crew to review, the unencrypted and unlocked cabinet with personnel files at work ... and the hacked databases of credit card companies," she said.

Seeking Suggestions

Representative Christopher Shays suggested Congress sometimes overreacts to problems. He asked for suggestions to prevent P-to-P users from accidentally sharing private data.

Good and most other attendees suggested public education about the potential problems of P-to-P, as well as making P-to-P software easier to use and configure. "(Technologists) like to think we can design things so we're not compromising security and convenience," Good said.

Jeffrey Schiller, network manager and security architect at the Massachusetts Institute of Technology, suggested P-to-P services could design their software to download only music files, but that would give the music industry ammunition against P-to-P services.

"There is a copyright issue here, and designers are safer sharing everything than they are trying to share just a type of file, because then it'd be easier to accuse them, 'this is only about sharing music'," he said. "One of the defenses is, 'Oh, no, you can share anything.'"

Congress should consider legislation that requires P-to-P and other Internet-based businesses to protect consumer privacy, Davidson said.

But Representative Dutch Ruppersberger said he is concerned about how P-to-P services use information obtained through spyware or adware, but questions the effectiveness of a law.

"At this time, I think we need legislation, but I'm fearful that whatever we write up in Congress will be obsolete within one year," he said.

A Davis spokesperson said the committee chair has no plans for P-to-P legislation at this point.

"The chairman's goal was to inform other members of Congress and the public about the potential dangers of peer-to-peer networks and to prompt a private-sector fix," the spokesperson said.

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?