Compliance Management, Incident Response, Privacy, TDR

P2P legislation would build security awareness among users

Share

Days after a security company said it located sensitive documents about President Obama's Marine One helicopter, federal lawmakers reintroduced a bill calling for the education of peer-to-peer (P2P) software users.

The Informed P2P User Act, set forth Thursday by Reps. Mary Bono Mack, R-Calif.; John Barrow, D-Ga., and Joe Barton, R-Texas, will require P2P programs to provide notice and acquire consent from users prior to installation.

"It would basically tell them what is at risk," Jennifer May, a spokeswoman for Bono Mack, told SCMagazineUS.com on Tuesday. "It is not the industry standard to provide consent."

The bill, which first was introduced last September but stalled in subcommittee, also would prevent P2P providers from stopping users who want to block installation of file-sharing programs or disable them once they are installed.

The three lawmakers who introduced the bill are members of the U.S. House Energy and Commerce Committee.

"Far too many people have no idea that they could be sharing all of their personal files and documents when popular peer-to-peer software is on their computer," Bono Mack said in a statement. "Computer users deserve to know -- in fair and simple terms -- about this potential security risk."

Ira Winkler, president of the Internet Security Advisors Group, a security services firm, said P2P software presents a major security risk to home users and businesses. He said many people end up sharing directories that they shouldn't.

"The big problem about peer-to-peer is that it can be configured securely, but few people know how to configure it securely," Winkler told SCMagazineUS.com on Tuesday. "And even if it is configured securely, the users will eventually have the opportunity to screw up the security."

Winkler said companies should ban such applications from running on their networks.

"People are ignorant to the true capability of this software," he said. "Security is about risk. Based on what I've seen, the potential loss [from P2P] is huge. It's like putting your entire company searchable on Google."

May said the Federal Trade Commission will be charged with the bill's enforcement, which received a momentum boost following the disclosure that Marine One documents, including blueprints of the helicopter, were downloaded from an Iranian IP address.

"It helps us share the message of how serious this problem is," she said.