U.S. congressmen raised concerns over whether peer-to-peer (p-to-p) networks are exposing users' personal information, but witnesses at a House Committee on Government Reform hearing Thursday produced little evidence of that happening on a large scale.
Committee staff members were able to find tax returns, medical records, attorney-client communications and resumes on one search of an unnamed file-sharing service, said Committee Chairman Tom Davis, a Virginia Republican. He also warned of spyware or adware that's available on some p-to-p services.
"Users of these programs need to be aware that sharing personal information can open the door to identity theft, consumer fraud or other unwanted uses of their personal data," Davis said. "Parents, businesses and government agencies also need to be aware of these risks if their home or office computers contain file-sharing programs."
However, James Farnan, deputy assistant director of the Cyber Division at the U.S. Federal Bureau of Investigation, said his agency hasn't received any complaints of identity theft through p-to-p networks, but victims using p-to-p services may not report the crime if they are using p-to-p to illegally trade files.
"Peer-to-peer networks primarily serve as a come-and-get-it resource on the Internet," Farnan said. "Criminals are only beginning to explore the potential of crime via peer-to-peer networks."
Nathaniel Good, an information graduate student at the University of California, Berkeley, showed the committee files downloaded from users of popular p-to-p service Kazaa. Good identified entire contents of e-mail inboxes, credit card information on spreadsheets, and employee bonus salary agreements, all presumably shared accidentally.
"There's a lot of stuff here the person doesn't want the rest of the world to download," Good said.
In a study through Good's school and the University of Minnesota, researchers found about 1,000 Kazaa users sharing their e-mail inboxes during a one-week sweep of the service in January, Good said. But that's a small percentage of the estimated 70 million active users Kazaa users.
In the newest version of Kazaa, the default setting allows only files to be downloaded from a downloads folder, said Kazaa lawyer Philip Corwin. Users would have to change the settings to share tax documents or credit card information elsewhere on their hard drives, he said.
"You have to go in and choose to share that file or everything on your C drive," said Corwin, who attending the hearing but was not on the witness list.
Good's study recommends consumer education about the dangers of file sharing and a better user interface for Kazaa, and Corwin said the p-to-p service will take those recommendations to heart. A new version of Kazaa, due to be released shortly, will include more prominent warnings about unintentionally sharing private files, Corwin said.