FTC announcement opens debate on P2P file sharing at work and by organisations
The announcement by the Federal Trade Commission (FTC) that information shared from its networks was available on peer-to-peer (P2P) file-sharing networks did not examine how the files ended up on there.
Brian Lapidus, chief operating officer at Kroll Fraud Solutions, said that while the FTC conducted the investigation in its role as the national consumer protection agency and has rights to enforce company-made privacy promises according to the FTC Act, its announcement and letters did not examine how the files ended up on the file-sharing network.
He said: “It could have happened in a number of ways – from an employee using the software to access music files on a friend's computer, to a business that uses such software to share certain files with a vendor but did not engage security settings in such a way that protected other data on their computer from access.”
He commented that the educational material sent along with the FTC notices give detailed information for the businesses to consider whether they ban the use of P2P file-sharing software or allow it for particular uses. While social media has its place in society and in business, in both settings an awareness of what is and what is not appropriate to share is ‘absolutely required'.
Last year, a US House of Representatives Committee hearing revealed that a confidential document was shared via the Limewire peer-to-peer file-sharing network. This document contained details of the secret service safe house that would be used by Michelle Obama in the event of the White House being evacuated. In addition, the hearing heard that sensitive details regarding the location of every nuclear facility in the USA were available via file-sharing systems.
Commenting on the use of P2P file-sharing networks, Graham Cluley, senior technology consultant at Sophos said that downloading music and movies opens the door for data loss both in the workplace and on home PCs, where users may have worked on company files.
He claimed that the FTC's warning should act as a stern reminder to UK companies towards the dangers posed by P2P file sharing in the work environment, and the need to control the movement of sensitive data.
A survey conducted by Sophos revealed that 86.5 per cent of organisations would like the ability to block P2P file-sharing applications, with 79 per cent indicating that blocking is essential. These statistics point towards the concerns felt by most businesses with regard to protecting their data.
Cluley said: “If not configured properly, Kazaa, Limewire and other P2P file-sharing networks can scoop up files on your computer that you would probably prefer the whole world didn't have access to.
“There are now cyber criminal gangs who scavenge the file-sharing networks, hunting for sensitive work documents such as financial records, driving licences and social security numbers.
“Some firms may choose to turn a blind eye to their workers using peer-to-peer file-sharing applications to download pirated music and movies, but they must wake up to the risks of exposing sensitive data. Many of these P2P apps will scour your entire hard drive for files to share automatically, and could pick up data that should never be released onto the net.”