Can someone with a clue run down to Capital Hill and talk some sense to our Congress People, please? There is apparently a bru-ha-ha rising about P2P file sharing and how it is a National Security Threat and congress recently held a hearing on the matter.

I hate to use this hackneyed cliché, but P2P software doesn’t disclose secrets, people, do. Exposing secrets happens in email, web sites, file shares, on disks and removable media. If the US Government wants to disallow the use of P2P software within their agencies, that seems like a good policy. But it should not extend beyond the governments self-policing. Exposing secrets, whether it is through P2P file sharing, or stealthy hand-offs at dead drops is a National Security issue that should be addressed.

Mr. Thomas D. Sydnor, II, Attorney-Advisor, Copyright Group, Office of International Relations, U.S. Patent and Trademark Office, had this to say: ” Any program or service that lets users make files or data available to other users of the Internet could cause inadvertent sharing—regardless of whether it was a “centralized” server-based social-networking website or a fully “decentralized” peer-to-peer filesharing network” and goes on to point that this file services are fairly common in enterprises. He goes on to quote Chairman Waxman from a 2003 hearing ““The users of file-sharing programs are
predominantly teenagers” and Sydnor concludes : “This has safety implications: When teenagers or pre-teens use filesharing programs, they enter a shadowy network of anonymous strangers and mislabeled files that look like popular songs, but contain child pornography or dangerous spyware. The USPTO Report makes one point clear: When people enter these networks, no one will be looking out for them.” The US Gov’t really should be providing parental oversight. This is thinly veiled FUD as fact.

Mary Engle from the FTC was more balanced pointing to a two day workshop the FTC held on P2P and “the staff report emphasized that many of the risks to consumers associated with P2P filesharing are not unique, but also exist when consumers engage in other Internet-related activities such as surfing web sites, using search engines, downloading software, and using e-mail or instant messaging … FTC staff reviewed the risk disclosures on the web sites of the ten most popular P2P file-sharing program distributors to determine if the web sites misrepresented or failed to disclose risks associated with downloading and using their programs. Commission staff concluded that, although the risk disclosures were not false or misleading, they could be improved.” The FTC asked P2P distributers to self-police. In 2005, the FTC tested 10 P2P sites on disclocing bundled spyware and adware. They found 8 either didn’t contain adware or disclosed that fact.

Daniel Mintz, CIO for the Department of Transportation, related a story about an employee who worked from home accessing DoT documents from her personal computer. A computer that her daughter had installed a P2P application on. The DoT has a stated policy disallowing the use of P2P software—a sound policy, in my opinion. As Mr. Mintz points out, the DoT can’t inspect the personal computers of employees, but they could issue and properly lock down DoT issued computers to teleworks. That too is a sound IT practice.

People will inadvertently expose sensitive information whether then use P2P software, open up a Windows file share, send financial information to con-men, loose tape back-ups from trucks, or any number of avoidable losses. Criminalizing a tool doesn’t address the real problem, just a symptom.