About the SA Blog Network



Opinion, arguments & analyses from the editors of Scientific American
Observations HomeAboutContact

Embarrassing security leaks prompt bill to clamp down on government P2P use

The views expressed are those of the author and are not necessarily those of Scientific American.

Email   PrintPrint

P2P, file sharing, government, securityPeer-to-peer (P2P) networking has emerged as a vastly popular way for computer users to democratize the transfer of information, allowing faster and easier sharing of images, documents and other files without the need for a centralized server. Unfortunately, and ironically, P2P is a little too democratic for the U.S. government, which has been victimized several times by the public disclosure of sensitive documents via file-sharing networks.

Stung most recently by last month’s leak of a highly confidential House of Representatives’ Ethics Committee document containing a list of ongoing investigations into financial dealings, travel and campaign donations, the House Oversight and Government Reform Committee on Tuesday introduced the "Secure Federal File Sharing Act," a bill aimed at restricting the use of P2P file sharing software across the federal government. The proposed legislation would bar government employees and contractors from downloading, installing or using P2P file-sharing software such as Limewire without official approval, the Associated Press reports. The bill also would require the White House to develop rules for employees and contractors working on home or personal computers.

With P2P, people share information stored on their computers with other people on a particular network, a practice first made popular by the music-swapping service Napster. Often, P2P users must download software on their computers that allows others to search their computer for different files. Allowing other P2P users to access your computer, however, means dropping your defenses (including firewalls meant to keep out snoopers and hackers).

A team of Dartmouth University researchers reported earlier this year that an experiment with P2P security in healthcare networks exposed confidential medical files for thousands of people, including patient billing records and insurance claims containing Social Security numbers, birth dates, medical diagnoses and psychiatric evaluations. The leaked information came from the heath care organizations themselves, their employees working remotely, and from businesses that perform billing and other services for these organizations, all of whom placed sensitive information on computers also used for P2P file sharing.

In the past year, P2P file sharing has been blamed for revealing the electronic schematics to the U.S. Marine Corp’s "Marine One" helicopter that carries the President, as well as financial information belonging to Supreme Court Justice Stephen Breyer and the location of a U.S. Secret Service safe house for the First Family.

"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose, " committee chairman Rep. Edolphus Towns (D–N.Y.) said in a prepared statement. "Voluntary self-regulations have failed so now is the time for Congress to act." Towns noted that there are an estimated 20 million people worldwide sharing files at any given time.

P2P security problems have more to do with its users lack of understanding of how the technology works than with the technology itself. In the Ethics Committee’s case, the information came from a committee document that a junior staffer had exposed on her home computer, which was using peer-to-peer technology, The Washington Post reports. The staff member didn’t realize the file was unprotected but was subsequently fired anyway, according to the AP, which also reports that the White House Office of Management and Budget advised federal agencies in 2004 not to use peer-to-peer software.

Image © Jaimie Duplass

Rights & Permissions

Comments 1 Comment

Add Comment
  1. 1. Faun 10:03 pm 11/18/2009

    Most P2P computer applications allow users to set what part of their computers can be searched. Special legislation is not necessary. It would be better to educate the users and the stress the consequences of failing to keep their documents restricted from public access. Is Sony the lobbyist behind this bill??

    Link to this

Add a Comment
You must sign in or register as a member to submit a comment.

More from Scientific American

Email this Article