Congress: Is p-to-p an enemy of privacy?

House Committee hearing explores issue

Thursday's hearing was the committee's second about p-to-p networks, with the first on pornography available on p-to-p services and a third planned on file sharing among government agencies. Corwin said he hopes the committee will also look into the music industry, which he called the "greatest threat to privacy" for trying to subpoena the names of file downloaders and which has pushed for legislation that would allow the industry to go into individual computers and delete files. Corwin cited a May 4 New York Times article saying the recording industry is also trying to develop software to delete files from remote computers.

"I hope [the committee] is going to look into the millions of dollars Hollywood is spending on very aggressive invasive technologies that appear to be in violation of existing U.S. law," Corwin said.

Corwin's allegation of the music industry developing such software is a "ridiculous charge," said Jonathan Lamy, a RIAA spokesman, adding, "The record companies would never do anything like that."

Other witnesses accused some p-to-p services of making it difficult for users to decide just what files they want to share, and complained that some p-to-p software includes spyware. e-mail viruses and worms also can expose personal data, but p-to-p presents additional security challenges, said John Hale, assistant professor of computer science at the University of Tulsa.

"In short, p-to-p file sharing exposes users to untrusted hosts and software and offers little in the way of protection," he said.

Other witnesses said p-to-p software, when used correctly, isn't more dangerous than most other software. Files sharing raises serious privacy concerns, said Alan Davidson, associate director of the Center for Democracy and Technology. "At the same time, it can be very beneficial, and it's largely in the control of the people who use it."

P-to-p networks may not be a major culprit in identity theft, although most victims can't identify how their personal information was stolen, said Mari Frank, a lawyer and expert on identity theft.

"P-to-p file sharing may pose less of a threat to identify theft than the careless display of records at your doctor's office, the negligently filed tax returns left on your accountant's desk for the cleaning crew to review, the unencrypted and unlocked cabinet with personnel files at work ... and the hacked databases of credit card companies," she said.

Representative Christopher Shays, a Connecticut Republican, suggested that Congress sometimes overreacts to problems, and he asked witnesses for the best solutions to p-to-p users accidentally sharing private data.

Good and most other witnesses suggested public education about the potential problems of p-to-p, as well as technological solutions that would make p-to-p software easier to use and configure. "[Technologists] like to think we can design things so we're not compromising security and convenience," Good said.

Jeffrey Schiller, network manager and security architect at the Massachusetts Institute of Technology, suggested p-to-p services could design their software to only download music files, but that would give the music industry ammunition against p-to-p services.