Skip to main content

Embarrassing security leaks prompt bill to clamp down on government P2P use

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American


Peer-to-peer (P2P) networking has emerged as a vastly popular way for computer users to democratize the transfer of information, allowing faster and easier sharing of images, documents and other files without the need for a centralized server. Unfortunately, and ironically, P2P is a little too democratic for the U.S. government, which has been victimized several times by the public disclosure of sensitive documents via file-sharing networks.

Stung most recently by last month's leak of a highly confidential House of Representatives' Ethics Committee document containing a list of ongoing investigations into financial dealings, travel and campaign donations, the House Oversight and Government Reform Committee on Tuesday introduced the "Secure Federal File Sharing Act," a bill aimed at restricting the use of P2P file sharing software across the federal government. The proposed legislation would bar government employees and contractors from downloading, installing or using P2P file-sharing software such as Limewire without official approval, the Associated Press reports. The bill also would require the White House to develop rules for employees and contractors working on home or personal computers.


On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.


With P2P, people share information stored on their computers with other people on a particular network, a practice first made popular by the music-swapping service Napster. Often, P2P users must download software on their computers that allows others to search their computer for different files. Allowing other P2P users to access your computer, however, means dropping your defenses (including firewalls meant to keep out snoopers and hackers).

A team of Dartmouth University researchers reported earlier this year that an experiment with P2P security in healthcare networks exposed confidential medical files for thousands of people, including patient billing records and insurance claims containing Social Security numbers, birth dates, medical diagnoses and psychiatric evaluations. The leaked information came from the heath care organizations themselves, their employees working remotely, and from businesses that perform billing and other services for these organizations, all of whom placed sensitive information on computers also used for P2P file sharing.

In the past year, P2P file sharing has been blamed for revealing the electronic schematics to the U.S. Marine Corp's "Marine One" helicopter that carries the President, as well as financial information belonging to Supreme Court Justice Stephen Breyer and the location of a U.S. Secret Service safe house for the First Family.

"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose, " committee chairman Rep. Edolphus Towns (D–N.Y.) said in a prepared statement. "Voluntary self-regulations have failed so now is the time for Congress to act." Towns noted that there are an estimated 20 million people worldwide sharing files at any given time.

P2P security problems have more to do with its users lack of understanding of how the technology works than with the technology itself. In the Ethics Committee's case, the information came from a committee document that a junior staffer had exposed on her home computer, which was using peer-to-peer technology, The Washington Post reports. The staff member didn't realize the file was unprotected but was subsequently fired anyway, according to the AP, which also reports that the White House Office of Management and Budget advised federal agencies in 2004 not to use peer-to-peer software.

Image ©iStockphoto.com/ Jaimie Duplass

Larry Greenemeier is the associate editor of technology for Scientific American, covering a variety of tech-related topics, including biotech, computers, military tech, nanotech and robots.

More by Larry Greenemeier