WASHINGTON — Citing two Minnesota cases where vital information was improperly accessed through peer-to-peer networks, Sen. Amy Klobuchar has introduced legislation to regulate the installation of those networks and ensure that users can opt out at any time.
Klobuchar’s bill would require a user’s informed consent before peer-to-peer software could be installed, make it illegal to block authorized users from uninstalling or blocking peer-to-peer networks and give the Federal Trade Commission enforcement authority. Her bill was co-sponsored by Republican John Thune of South Dakota.
“As a former prosecutor, I know identity theft and security leaks can be prevented,” Klobuchar said in a statement. “Without the proper safeguards, file-sharing software can expose everything on your computer, whether it’s tax returns and medical records or family photos and home movies. This legislation will help computer users protect their files and prevent them from getting into the wrong hands.”
Just last week, the Internet security firm Norton named Minneapolis among the top ten cities where users are most vulnerable to cyber crime. Last year, Americans lost $560 million due to cyber crime, according to the federal International Crime Complaint Center.
The Distributed Computing Industry Association (DCIA) supports the intent of Senator Klobuchar, not only with words but also with its actions. The Inadvertent Sharing Protection Working Group (ISPG) is a DCIA-sponsored industry-wide program introduced in July 2008 that has been working with the private sector and FTC staff to address the important issues that she spoke about.
Compliance reports began to be compiled and submitted one year ago from top brands representing implementations of P2P technologies ranging from downloading to live-streaming, from open consumer file-sharing environments to secure corporate intranet deployments, and from user-generated to professionally produced content.
Representative examples of these are BitTorrent and LimeWire. In the case of BitTorrent and software programs that use BitTorrent, it is unlikely that a user can inadvertently share data because of the multiple intentional steps involved in converting a file to a .torrent format, uploading it to a tracker, etc. In the case of LimeWire, the company literally rebuilt its software to protect users from accidentally sharing their personal or sensitive data.
The distributed computing industry takes the safety of consumers very seriously. Once this concern was recognized, it responded proactively.
The fact remains, however, that the amount of confidential data that is in distribution on the Internet is cumulative. Material that was accidentally disclosed years ago is still floating around. And more recently leaked data is also accessible. The entire focus of ISPG so far has been to shore up the sources of such unintended file uploads in the first place. Removing items that are already in circulation on the web is a problem of a different order of magnitude and one that this group is just starting to investigate.
The ISPG’s best advice now – to parents and children alike – is similar to that given by other Internet software distributors: PLEASE UPGRADE TO THE LATEST VERSION FOR THE BEST PERFORMANCE AND THE SAFEST EXPERIENCE.
For public and private sector institutions that require workers to handle classified information: PLEASE DISCONNECT YOUR COMPUTER FROM THE INTERNET WHILE WORKING ON HIGH-SECURITY PROJECTS AND REMOVE SENSITIVE DATA FROM YOUR DEVICE BEFORE RECONNECTING.
Also, along with actively participating in this program, summarized here, the DCIA encourages file-sharing software distributors to direct users to the Onguard Online website pages dedicated to File-Sharing Safety.
The DCIA is less enthusiastic about legislative measures in this realm.
Such bills tend to be technologically outdated before they can be finalized and signed into law, result in unintended consequences that stifle commercial innovation, and prove to be unenforceable given that the Internet is a global medium.
The industry has acted to address inadvertent uploading of sensitive data by shoring up the entry points in file-sharing software.
This issue has moved now to institutional policies for managing data securely and to the removal of confidential data already in circulation. Nevertheless, the DCIA will engage with Congressional staff to minimize collateral damage related to measures that lawmakers wish to advance.