A Government Reform Committee meeting earlier this week focusing on the security implications of peer-to-peer (P2P) networking apparently led to fireworks.
CNET reports that lawmakers from both parties grilled Mark Groton, the chairman of P2P software provider Lime Wire. Senators maintained that in some cases P2P endangers national security, violates copyright law, and intrudes on people's privacy. Committee Chariman Henry Waxman (D.-Calif.) said that he is considering laws aimed at file sharing.
The Congressional scrutiny is coming as more industry attention is trained on P2P security. Last week, Prolexic released a report that said P2P is being used to launch distributed denial of service (DDoS) attacks. This story at BCS suggests that the trend, which was first noticed in April and May, is part of an overall move toward exploiting Web 2.0 interfaces to commandeer machines. P2P is being used by criminals to help form botnets, experts say.
It's not difficult to find examples of the dangers of P2P. For instance, this TechWorld piece says a policeman with the Tokyo Metropolitan Police Department using the Winny file-sharing program inadvertently made 6,600 documents on his hard drive available to outsiders. Among the data was a list of vital information on as many as 12,000 people, the location of crime-fighting license plate readers, and the names and addresses of 400 members of a criminal gang.
The story says the policeman denied having the program, which earlier was responsible for compromising security at a nuclear power station run by the Chubu Electric Power Company.
Another recent example was installation of P2P software in a laptop used by a Pfizer executive that made vulnerable sensitive information on about 17,000 employees.
Experts say the fault lies with users, who don't understand file sharing and install in a way that makes their entire C: drives vulnerable to outsiders.
Ari Tammam, a vice president at Promisec, told IT Business Edge that, outside of instant messaging, there is no real need for P2P and that it should be limited. There are a number of approaches, from total bans to limits on usage and content monitoring. Corporate cooperation is best gained, Tammam says, by showing real-world examples of people wasting time and company resources by using P2P programs.