IPcentral Weblog
  The DACA Blog

Friday, October 30, 2009

More Members of Congress Pay the Price for P2P Piracy
(previous | next)

Well, another inadvertent file-sharing debacle has been documented. Another needless disclosure of highly confidential data has occurred. Another promising career has been shattered. Tomorrow, something similar will happen again, though it may not be documented in the Washington Post.

This story by Washington Post reporters Ellen Nakashima and Paul Kane has exposed the latest in a long line of file-sharing disasters stretching back to 2001. In short, a highly confidential report detailing the activities of the House Committee on Standards of Official Conduct, (often called the "Ethics Committee") was broadcast over a peer-to-peer file-sharing network. The disclosed report summarized confidential ongoing or potential investigations relating to at 33 Members of Congress and some Congressional staff.

This latest disastrous disclosure occurred because a diligent--but unlucky--committee staffer did work at home on a computer that was running the sort of peer-to-peer file-sharing program used almost exclusively to pirate popular music, movies and software. But--no doubt inadvertently--someone had mis-configured the program, and as a result, thousands of personal files, (like the Ethics Committee report), were inadvertently shared with strangers. The Post reports that the staffer in question has been fired.

A Member of the Ethics Committee, responding to the report of the breach, "said the breach was an isolated incident."

No, it wasn't. There was nothing "isolated" about this incident of inadvertent sharing--as demonstrated by the five Congressional hearings on inadvertent file-sharing and countless other media reports. (Links to the hearings are here, here, here, here and here; and a much longer listing of incidents can be found here). Indeed, were someone to fund the necessary research, I confidently predict that this sort of file-sharing-related breach of confidential data would be found to be affecting the constituents of every single Representative and Senator in Congress--every one. There is nothing "isolated" about inadvertent sharing. That is why, in New York alone about 150,000 tax returns were being "shared" with identity thieves.

Nor are such disasters really accidents. To the contrary, they occur regularly because piracy-adapted file-sharing networks don't work well unless many users share popular files--almost all of which, the Supreme Court noted in Grokster, are infringing. Consequently, once content distributors and their public-interest allies finally succeeded in demanding copyright enforcement against consumers using these programs, consumers using these programs tried to stop sharing files--as groups like EFF had advised.

For the distributors of these programs, this was Bad. So--as computer scientists had long predicted--distributors of these programs began to incorporate into their programs certain "features" that were long known to dupe unsophisticated users into sharing many thousands of personal files, including their entire collections of music and movies. Pretty soon, even the theoretically tech-savvy EFF became incapable of telling users of its own client's file-sharing program how to stop sharing files.

In short, from the perspective of distributors of piracy-adapted file-sharing programs, inadvertent file-sharing looks like a very deliberate strategy to increase the amount of content on the network. Voluntary self-regulation by these distributors has now failed miserably--twice.

Fortunately, Members of Congress have introduced H.R. 1319, the Informed P2P Users Act. It would serve the useful purpose of reminding the Federal Trade Commission that it is, in fact, a federal law enforcement agency charged to protect consumers from bad actors--like the ones that it has been "working with" since 2004 to no effect.

Some will try to blame this latest episode on the hapless staffer who disclosed sensitive government data. But that misses the point. Granted, sensitive data--governmental or personal--should never be stored on any computer running a file-sharing program. But here is the problem: every home computer that I own or have owned has housed sensitive personal data. Consequently, if file-sharing programs cannot be safely used on computers housing sensitive data, then they cannot be safely used by ordinary consumers. That is the point.

posted by Thomas Sydnor @ 11:04 AM | Copyright , Cyber-Security , Economics , IP , Internet , The FTC

Share |

Link to this Entry | Printer-Friendly


I think we should let consumers be the judge of what they can use safely.

To me this is a bizarrely veiled call for regulation of the software industry.

Who are you going to trust to regulate? The FTC? And, since when do libertarian think tanks (as yours claims to be) advocate government agency intervention in the private market.

Are you suggesting that consumers are too dumb? Or, are you suggesting that software firms aren't able to provide the (p2p-software-free) products that educated consumers want? Or, are you suggesting that the software market is uncompetitive?

All the free market ideology I hold dear tells me that if this was a problem there would be entrepreneurial solutions (a profit-maximizing firm can and would make and sell a computer that would not have or allow p2p access). Why call in the government? Libertarian? Not you, sir.

Posted by: Ricardo at November 2, 2009 6:23 PM

"Some will try to blame this latest episode on the hapless staffer who disclosed sensitive government data. But that misses the point."

Insisting on personal responsibility for one's actions "misses the point"??

Posted by: Marcus at November 3, 2009 11:08 AM

If individuals want to download P2P software to their systems to enable them to steal music and movies so be it. If that P2P software then makes all their financial information available to the general public so that their identities are stolen and their lives are ruined that strikes me as poetic justice.

However, the fact that our government, our banking system, the health care sector and other areas are so careless with information should certainly give one pause. It's not enough to say "caveat emptor" when a single individual working for a government agency or a private corporation can accidentally disseminate information through a P2P that is legally required to be kept private. Especially when that information has the potential to destroy the lives of tens of thousands of innocent people.

We have laws against the distribution of malware and viruses across the Internet. If certain P2P technologies are designed to dupe individuals into opening up their hard drives to the world (and that intent has certainly been proven in previous cases) then those programs should be designated as malware and the companies that create and distribute them should be prosecuted.

After the outpouring of rage from consumers who unwittingly installed rootkits on their computers when they put certain releases from Sony/BMG into their computers' optical drives, I would have thought we would hear the same hue and cry against P2P software developers when our government's security is compromised because of some the shadier aspects of the programs they create.

Posted by: Shawn Murphy at November 3, 2009 4:22 PM

Post a Comment:

Blog Main
RSS Feed  
Recent Posts
  EFF-PFF Amicus Brief in Schwarzenegger v. EMA Supreme Court Videogame Violence Case
New OECD Study Finds That Improved IPR Protections Benefit Developing Countries
Hubris, Cowardice, File-sharing, and TechDirt
iPhones, DRM, and Doom-Mongers
"Rogue Archivist" Carl Malamud On How to Fix Gov2.0
Coping with Information Overload: Thoughts on Hamlet's BlackBerry by William Powers
How Many Times Has Michael "Dr. Doom" Copps Forecast an Internet Apocalypse?
Google / Verizon Proposal May Be Important Compromise, But Regulatory Trajectory Concerns Many
Two Schools of Internet Pessimism
GAO: Wireless Prices Plummeting; Public Knowledge: We Must Regulate!
Archives by Month
  September 2010
August 2010
July 2010
June 2010
  - (see all)
Archives by Topic
  - A La Carte
- Add category
- Advertising & Marketing
- Antitrust & Competition Policy
- Appleplectics
- Books & Book Reviews
- Broadband
- Cable
- Campaign Finance Law
- Capitalism
- Capitol Hill
- China
- Commons
- Communications
- Copyright
- Cutting the Video Cord
- Cyber-Security
- Digital Americas
- Digital Europe
- Digital Europe 2006
- Digital TV
- E-commerce
- e-Government & Transparency
- Economics
- Education
- Electricity
- Energy
- Events
- Exaflood
- Free Speech
- Gambling
- General
- Generic Rant
- Global Innovation
- Googlephobia
- Googlephobia
- Human Capital
- Innovation
- Intermediary Deputization & Section 230
- Internet
- Internet Governance
- Internet TV
- Interoperability
- IP
- Local Franchising
- Mass Media
- Media Regulation
- Monetary Policy
- Municipal Ownership
- Net Neutrality
- Neutrality
- Non-PFF Podcasts
- Ongoing Series
- Online Safety & Parental Controls
- Open Source
- PFF Podcasts
- Philosophy / Cyber-Libertarianism
- Privacy
- Privacy Solutions
- Regulation
- Search
- Security
- Software
- Space
- Spectrum
- Sports
- State Policy
- Supreme Court
- Taxes
- The FCC
- The FTC
- The News Frontier
- Think Tanks
- Trade
- Trademark
- Universal Service
- Video Games & Virtual Worlds
- VoIP
- What We're Reading
- Wireless
- Wireline
Archives by Author
PFF Blogosphere Archives
We welcome comments by email - look for a link to the author's email address in the byline of each post. Please let us know if we may publish your remarks.

The Progress & Freedom Foundation