Increasingly popular peer-to-peer (P2P) networks, which allow users to share files with one another directly, pose a major national security threat, according to lawmakers and industry experts.
Government information such as classified network diagrams, employee lists, security clearances and studies on the security of major U.S. cities is all available and actively being sought via P2P networks.
Personal information such as medical histories, financial data, passwords and Social Security numbers are also just a few clicks away, according to testimony delivered today during a hearing held by the House Oversight and Government Reform Committee.
“The American people would be outraged if they understood what is inadvertently shared by government agencies on P2P networks,” said retired Gen. Wesley Clark, an adviser to Tiversa, during the hearing. “They would demand solutions.”
Tiversa works with agencies, companies and individuals to protect information on P2P networks.
People sometimes accidentally divulge much of the information on their computers’ hard drives when they log on to a P2P network because they misunderstand the messages they receive. For example, many P2P programs automatically search hard drives and make downloaded files available for sharing.
Therefore, users often don’t know how much information they are making available or whether a sharing program has been uninstalled, according to a recent report from the U.S. Patent and Trademark Office.
Federal employees also run the risk of exposing government data when they telework using home computers loaded with P2P software.
Lawmakers at the hearing did not bash P2P technology and even touted it as a way for businesses and government to increase bandwidth and reduce transaction costs. But it’s still a major security threat, they said.
“It seems to me that this is something that would call for the utmost urgency or we may find ourselves sadly in a worse situation” than the 2001 terrorist attacks, said Rep. Elijah Cummings (D-Md.) at the hearing.
Digg
De.licio.us
Slashdot
Technorati
