Commentary

Peer-To-Peer Networks Don't Breach Privacy, Users Do

Sounding an alarmist note about peer-to-peer networks, the Federal Trade Commission said today it has informed more than 100 schools, business and local governments that sensitive data about their customers and employees has landed on file-sharing networks.

The FTC has notified the organizations and advised them to take remedial steps, including contacting people whose data might have been exposed. The commission additionally said it has launched a probe of other companies to determine whether they exposed private data online -- which could potentially violate laws like the Gramm-Leach-Bliley Act and Fair Credit Reporting Act.

"Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure," FTC chairman Jon Leibowitz said in a statement. "Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing."

advertisement

advertisement

The FTC stopped short of recommending that all businesses avoid file-sharing programs, but directed companies to a publication urging them to implement procedures to limit the risk of data breaches.

The FTC's report -- marking the first time the commission investigated data breaches on peer-to-peer networks -- comes several months after Congress probed peer-to-peer networks in response to reports that people were inadvertently sharing private data online. At the time, LimeWire's CEO Mark Gorton told Congress that the company's latest software doesn't share documents by default or, for that matter, share any files without express authorization by users.

Long associated with copyright infringement, peer-to-peer networks already have an image problem. In fact, the Recording Industry Association of America complained this afternoon that the FTC's public statement about peer-to-peer networks doesn't go far enough. "We are grateful to the FTC for recognizing the harmful effects of p2p abuse and raising consumer awareness on this issue. While the warning is welcome, it does not fully address the persistent problems caused by bad actors who profit everyday as they jeopardize privacy and computer networks," Mitch Bainwol, RIAA Chairman & CEO, stated.

"Given the significant job losses endured by the creative community and profound evidence that no business or community is immune from the damaging effects of p2p abuse, what will it take to spur meaningful and long-overdue action against those who profit from nefarious use of p2p?" he added.

But, while there's no question that some people have used peer-to-peer networks to share copyrighted files, or that some people have inadvertently shared private documents via such networks, vilifying the technology itself won't solve either problem.

First of all, peer-to-peer networks have legitimate uses -- including facilitating transfer of files that aren't under copyright.

Additionally -- and possibly even more significantly -- companies easily can and do compromise people's privacy without using peer-to-peer technology. In fact, some of the biggest privacy missteps have had nothing to do with peer-to-peer networks. Last week, Google exposed people's address book contacts with its new Buzz service. Several months ago, Rocky Mountain Bank misdirected an email with confidential account information. In 2007 Facebook's Beacon program shared information about people's retail activity with their friends; the year before AOL released search query data for 650,000 supposedly anonymized users -- some of whom were identified based on their queries alone.

Yes, the FTC is right to warn companies that they are inadvertently exposing confidential data. But the problem doesn't stem from peer-to-peer technology but from the fact that companies don't think through the privacy ramifications of their decisions. And that holds true regardless of whether those decisions involve launching a product like Buzz or storing confidential files on a computer system without implementing the security measures that would prevent them from ending up on peer-to-peer networks.

2 comments about "Peer-To-Peer Networks Don't Breach Privacy, Users Do ".
Check to receive email when comments are posted.
  1. Dave Woodall from fiorano associates, February 22, 2010 at 8:50 p.m.

    I agree with Mr Bainwol Wendy; we should ban any tecnology that has the potential to be used for harm.

    In fact just last week I accidentally received a neighbor's wage garnishment notice in the mail. My first thought was, "In the wrong hands this information could really do some harm. We should make sure that it never happens again by abolishing the US Postal Service." Then it occured to me that a disgruntled and malicious state employee could still distribute the information in person. So the only reasonable and prudent thing to do is, obviously, ban paper. And just to be sure, ban any method of encoding, transmitting, or transferring information from one location to another.

    I'm sure once we do that, America will be safe for democracy again and the RIAA can go back to doing what it does best; figuring out new ways to screw artists and fans.

  2. Janice Gaines from Auto-Office Access, February 23, 2010 at 12:24 p.m.

    I think David Scott is right: Most individuals and organizations enjoy Security largely as a matter of luck. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium).

Next story loading loading..