Well, another inadvertent file-sharing debacle has been documented. Another needless disclosure of highly confidential data has occurred. Another promising career has been shattered. Tomorrow, something similar will happen again, though it may not be documented in the Washington Post.
This story by Washington Post reporters Ellen Nakashima and Paul Kane has exposed the latest in a long line of file-sharing disasters stretching back to 2001. In short, a highly confidential report detailing the activities of the House Committee on Standards of Official Conduct, (often called the "Ethics Committee") was broadcast over a peer-to-peer file-sharing network. The disclosed report summarized confidential ongoing or potential investigations relating to at 33 Members of Congress and some Congressional staff.
This latest disastrous disclosure occurred because a diligent--but unlucky--committee staffer did work at home on a computer that was running the sort of peer-to-peer file-sharing program used almost exclusively to pirate popular music, movies and software. But--no doubt inadvertently--someone had mis-configured the program, and as a result, thousands of personal files, (like the Ethics Committee report), were inadvertently shared with strangers. The Post reports that the staffer in question has been fired.
A Member of the Ethics Committee, responding to the report of the breach, "said the breach was an isolated incident."
No, it wasn't. There was nothing "isolated" about this incident of inadvertent sharing--as demonstrated by the five Congressional hearings on inadvertent file-sharing and countless other media reports. (Links to the hearings are here, here, here, here and here; and a much longer listing of incidents can be found here). Indeed, were someone to fund the necessary research, I confidently predict that this sort of file-sharing-related breach of confidential data would be found to be affecting the constituents of every single Representative and Senator in Congress--every one. There is nothing "isolated" about inadvertent sharing. That is why, in New York alone about 150,000 tax returns were being "shared" with identity thieves.
Nor are such disasters really accidents. To the contrary, they occur regularly because piracy-adapted file-sharing networks don't work well unless many users share popular files--almost all of which, the Supreme Court noted in Grokster, are infringing. Consequently, once content distributors and their public-interest allies finally succeeded in demanding copyright enforcement against consumers using these programs, consumers using these programs tried to stop sharing files--as groups like EFF had advised.
For the distributors of these programs, this was Bad. So--as computer scientists had long predicted--distributors of these programs began to incorporate into their programs certain "features" that were long known to dupe unsophisticated users into sharing many thousands of personal files, including their entire collections of music and movies. Pretty soon, even the theoretically tech-savvy EFF became incapable of telling users of its own client's file-sharing program how to stop sharing files.
In short, from the perspective of distributors of piracy-adapted file-sharing programs, inadvertent file-sharing looks like a very deliberate strategy to increase the amount of content on the network. Voluntary self-regulation by these distributors has now failed miserably--twice.
Fortunately, Members of Congress have introduced H.R. 1319, the Informed P2P Users Act. It would serve the useful purpose of reminding the Federal Trade Commission that it is, in fact, a federal law enforcement agency charged to protect consumers from bad actors--like the ones that it has been "working with" since 2004 to no effect.
Some will try to blame this latest episode on the hapless staffer who disclosed sensitive government data. But that misses the point. Granted, sensitive data--governmental or personal--should never be stored on any computer running a file-sharing program. But here is the problem: every home computer that I own or have owned has housed sensitive personal data. Consequently, if file-sharing programs cannot be safely used on computers housing sensitive data, then they cannot be safely used by ordinary consumers. That is the point.