P2P legislation would build security awareness among users

Share this article:
Days after a security company said it located sensitive documents about President Obama's Marine One helicopter, federal lawmakers reintroduced a bill calling for the education of peer-to-peer (P2P) software users.

The Informed P2P User Act, set forth Thursday by Reps. Mary Bono Mack, R-Calif.; John Barrow, D-Ga., and Joe Barton, R-Texas, will require P2P programs to provide notice and acquire consent from users prior to installation.

"It would basically tell them what is at risk," Jennifer May, a spokeswoman for Bono Mack, told SCMagazineUS.com on Tuesday. "It is not the industry standard to provide consent."

The bill, which first was introduced last September but stalled in subcommittee, also would prevent P2P providers from stopping users who want to block installation of file-sharing programs or disable them once they are installed.

The three lawmakers who introduced the bill are members of the U.S. House Energy and Commerce Committee.

"Far too many people have no idea that they could be sharing all of their personal files and documents when popular peer-to-peer software is on their computer," Bono Mack said in a statement. "Computer users deserve to know -- in fair and simple terms -- about this potential security risk."

Ira Winkler, president of the Internet Security Advisors Group, a security services firm, said P2P software presents a major security risk to home users and businesses. He said many people end up sharing directories that they shouldn't.

"The big problem about peer-to-peer is that it can be configured securely, but few people know how to configure it securely," Winkler told SCMagazineUS.com on Tuesday. "And even if it is configured securely, the users will eventually have the opportunity to screw up the security."

Winkler said companies should ban such applications from running on their networks.

"People are ignorant to the true capability of this software," he said. "Security is about risk. Based on what I've seen, the potential loss [from P2P] is huge. It's like putting your entire company searchable on Google."

May said the Federal Trade Commission will be charged with the bill's enforcement, which received a momentum boost following the disclosure that Marine One documents, including blueprints of the helicopter, were downloaded from an Iranian IP address.

"It helps us share the message of how serious this problem is," she said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.