P2P legislation would build security awareness among users

Share this article:
Days after a security company said it located sensitive documents about President Obama's Marine One helicopter, federal lawmakers reintroduced a bill calling for the education of peer-to-peer (P2P) software users.

The Informed P2P User Act, set forth Thursday by Reps. Mary Bono Mack, R-Calif.; John Barrow, D-Ga., and Joe Barton, R-Texas, will require P2P programs to provide notice and acquire consent from users prior to installation.

"It would basically tell them what is at risk," Jennifer May, a spokeswoman for Bono Mack, told SCMagazineUS.com on Tuesday. "It is not the industry standard to provide consent."

The bill, which first was introduced last September but stalled in subcommittee, also would prevent P2P providers from stopping users who want to block installation of file-sharing programs or disable them once they are installed.

The three lawmakers who introduced the bill are members of the U.S. House Energy and Commerce Committee.

"Far too many people have no idea that they could be sharing all of their personal files and documents when popular peer-to-peer software is on their computer," Bono Mack said in a statement. "Computer users deserve to know -- in fair and simple terms -- about this potential security risk."

Ira Winkler, president of the Internet Security Advisors Group, a security services firm, said P2P software presents a major security risk to home users and businesses. He said many people end up sharing directories that they shouldn't.

"The big problem about peer-to-peer is that it can be configured securely, but few people know how to configure it securely," Winkler told SCMagazineUS.com on Tuesday. "And even if it is configured securely, the users will eventually have the opportunity to screw up the security."

Winkler said companies should ban such applications from running on their networks.

"People are ignorant to the true capability of this software," he said. "Security is about risk. Based on what I've seen, the potential loss [from P2P] is huge. It's like putting your entire company searchable on Google."

May said the Federal Trade Commission will be charged with the bill's enforcement, which received a momentum boost following the disclosure that Marine One documents, including blueprints of the helicopter, were downloaded from an Iranian IP address.

"It helps us share the message of how serious this problem is," she said.
Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.