November 18, 2009 | 1
Peer-to-peer (P2P) networking has emerged as a vastly popular way for computer users to democratize the transfer of information, allowing faster and easier sharing of images, documents and other files without the need for a centralized server. Unfortunately, and ironically, P2P is a little too democratic for the U.S. government, which has been victimized several times by the public disclosure of sensitive documents via file-sharing networks.
Stung most recently by last month’s leak of a highly confidential House of Representatives’ Ethics Committee document containing a list of ongoing investigations into financial dealings, travel and campaign donations, the House Oversight and Government Reform Committee on Tuesday introduced the "Secure Federal File Sharing Act," a bill aimed at restricting the use of P2P file sharing software across the federal government. The proposed legislation would bar government employees and contractors from downloading, installing or using P2P file-sharing software such as Limewire without official approval, the Associated Press reports. The bill also would require the White House to develop rules for employees and contractors working on home or personal computers.
With P2P, people share information stored on their computers with other people on a particular network, a practice first made popular by the music-swapping service Napster. Often, P2P users must download software on their computers that allows others to search their computer for different files. Allowing other P2P users to access your computer, however, means dropping your defenses (including firewalls meant to keep out snoopers and hackers).
A team of Dartmouth University researchers reported earlier this year that an experiment with P2P security in healthcare networks exposed confidential medical files for thousands of people, including patient billing records and insurance claims containing Social Security numbers, birth dates, medical diagnoses and psychiatric evaluations. The leaked information came from the heath care organizations themselves, their employees working remotely, and from businesses that perform billing and other services for these organizations, all of whom placed sensitive information on computers also used for P2P file sharing.
In the past year, P2P file sharing has been blamed for revealing the electronic schematics to the U.S. Marine Corp’s "Marine One" helicopter that carries the President, as well as financial information belonging to Supreme Court Justice Stephen Breyer and the location of a U.S. Secret Service safe house for the First Family.
"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose, " committee chairman Rep. Edolphus Towns (D–N.Y.) said in a prepared statement. "Voluntary self-regulations have failed so now is the time for Congress to act." Towns noted that there are an estimated 20 million people worldwide sharing files at any given time.
P2P security problems have more to do with its users lack of understanding of how the technology works than with the technology itself. In the Ethics Committee’s case, the information came from a committee document that a junior staffer had exposed on her home computer, which was using peer-to-peer technology, The Washington Post reports. The staff member didn’t realize the file was unprotected but was subsequently fired anyway, according to the AP, which also reports that the White House Office of Management and Budget advised federal agencies in 2004 not to use peer-to-peer software.
Image ©iStockphoto.com/ Jaimie Duplass