P2P legislation would build security awareness among users

Share this article:
Days after a security company said it located sensitive documents about President Obama's Marine One helicopter, federal lawmakers reintroduced a bill calling for the education of peer-to-peer (P2P) software users.

The Informed P2P User Act, set forth Thursday by Reps. Mary Bono Mack, R-Calif.; John Barrow, D-Ga., and Joe Barton, R-Texas, will require P2P programs to provide notice and acquire consent from users prior to installation.

"It would basically tell them what is at risk," Jennifer May, a spokeswoman for Bono Mack, told SCMagazineUS.com on Tuesday. "It is not the industry standard to provide consent."

The bill, which first was introduced last September but stalled in subcommittee, also would prevent P2P providers from stopping users who want to block installation of file-sharing programs or disable them once they are installed.

The three lawmakers who introduced the bill are members of the U.S. House Energy and Commerce Committee.

"Far too many people have no idea that they could be sharing all of their personal files and documents when popular peer-to-peer software is on their computer," Bono Mack said in a statement. "Computer users deserve to know -- in fair and simple terms -- about this potential security risk."

Ira Winkler, president of the Internet Security Advisors Group, a security services firm, said P2P software presents a major security risk to home users and businesses. He said many people end up sharing directories that they shouldn't.

"The big problem about peer-to-peer is that it can be configured securely, but few people know how to configure it securely," Winkler told SCMagazineUS.com on Tuesday. "And even if it is configured securely, the users will eventually have the opportunity to screw up the security."

Winkler said companies should ban such applications from running on their networks.

"People are ignorant to the true capability of this software," he said. "Security is about risk. Based on what I've seen, the potential loss [from P2P] is huge. It's like putting your entire company searchable on Google."

May said the Federal Trade Commission will be charged with the bill's enforcement, which received a momentum boost following the disclosure that Marine One documents, including blueprints of the helicopter, were downloaded from an Iranian IP address.

"It helps us share the message of how serious this problem is," she said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.