Hearing on Inadvertent Sharing Held Today
July 24, 2007
Thomas Mennecke
Inadvertent file-sharing has been a constant nearly as long as P2P networking went mainstream under Napster. Inadvertent file-sharing refers to the practice of publicly exposing private files without the end users' knowledge. The end user typically commits this error during the installation of a P2P application. Most file-sharing programs create and share one empty folder by default - the end user then actively selects his or her entire root directory (C:\) in error.
Once the unknowledgeable end user selects the root directory (or "My Documents", etc.), the entire contents of the hard drive are now shared for the entire world to see. Bank statements, emails, sensitive business documents, personal letters, resumes, are all available for the world to see. Any search on any P2P network for these general key words will expose the mistakes of thousands. As some basic research will yield, this is not an isolated occurrence or incident. The inadvertent sharing of sensitive documents is a widespread pandemic that is causing security breaches worldwide.
Just recently, there have been two high profile cases involving inadvertent sharing. Most notably, a Tokyo police officer recently shared over 6,000 classified police documents using the Winny P2P application on a department lap top. These documents contained information on over 12,000 individuals, and contained sensitive information on interrogations, victim complaints, classified locations of license plate readers, and personal information on 400 members of the Yamaguchi-gumi yakuza criminal organization.
The other case involves a Pfizer employee who brought a company laptop home. The employee’s husband, against company policy, installed a P2P application and inadvertently shared sensitive identity information on approximately 17,000 individuals.
This information can be used by all segments of the criminal world for various types of impropriety. Personal information can be used to steal someone’s identity, police files were likely found useful by the Yamaguchi-gumi yakuza criminal organization, and military secrets are likely found very useful by our enemies.
The United States Government has taken notice of the growing occurrence of inadvertent sharing. In response to the seemingly explosive growth of confidential documents finding their way onto P2P networks, the Committee on Oversight and Government Reform, chaired by Representative Henry A. Waxman (D-Ca), is holding a hearing today at 10:00 AM EST on the issue.
“On Tuesday, July 24, 2007, at 10 a.m., the Committee will hold a hearing to examine recent developments regarding inadvertent file sharing over peer-to-peer (P2P) networks, the impact of such sharing on consumers, corporations and government entities, and whether such sharing creates privacy or security risks for users.”
Today’s hearing is the culmination of nearly a two year interest and investigation into the inadvertent sharing of files via P2P networks by Rep. Waxman. Rep. Waxman sent inquiries to LimeWire and StreamCast in June of this year, questioning whether these P2P developers provide “users with information to avoid uploading files inadvertently?”
Mark Gorton of LimeWire and Mary Koelbel Engle, Associate Director for Advertising Practices, Bureau of Consumer Protection, Federal Trade Commission, are among those testifying this morning. A video of the hearing is broadcasting at the time of this article’s publication.
Reply With Quote
Bookmarks