Ethics Committee Slip-Up Shows P2P Dangers

Last week, a junior member of the House ethics committee shared a sensitive document, a report scrutinizing the activities of more than 30 lawmakers, with those for whom the document was never intended.

Leaks of confidential information are nothing knew in Washington. But as The Washington Post first reported, this one wasn’t strategic but accidental. And the source of the embarrassing gaffe, a popular P2P file-sharing service, is a reminder for all consumers to be wary of this often-underestimated threat to data security.

It’s unclear which of the file-sharing services the government employee had used to make the details of a confidential investigation food for the masses, but we know the breach occurred on her home computer running a program typically used to swap movies, music and more (programs like these include the popular P2P programs LimeWire and Morpheus).

For consumers and businesses wishing to keep their own sensitive data secure—be it last year’s tax documents or last month’s financial statements—the gaffe is instructive. After all, accidental disclosures of documents like these are happening all the time, the product of inexperienced users toying around with file-sharing programs.

In May, the Cranberry, PA-based company Tiversa, which monitors file-sharing networks, found “13,185,252 breached files emanating from over 4,310,839 sources on P2P file-sharing networks within a twelve month period from March 01, 2008 - March 01, 2009.” The company’s study was limited to business documents (.doc, .xls, .pdf, .pst, etc.). Earlier findings reached by the company and Dartmouth College’s Tuck School of Business included the discovery of “a spreadsheet from an AIDS clinic with 232 client names, including Social Security numbers, addresses and birth-dates” and “databases for a hospital system that contained detailed information on more than 20,000 patients, including Social Security numbers, contact details, insurance records, and diagnosis information."


The ethics committee breach isn’t the first time the government has experienced a file-sharing slip-up. As the Post reminds us in a follow-up article, “documents relating to the Marine One presidential helicopter have been downloaded by at least one computer user in Iran; the personal data of thousands of Special Forces units have been downloaded by users in China and Pakistan; and documents on the Air Force's F-35 Joint Strike Fighter have been accessed by users in China and other countries.”

The bottom line: it’s important to recognize how a file-sharing program is configured to share files from your machine. Typically, programs will share all of the files in a particular folder. So, if you’re going to file-share, it’s imperative to:

Remember, the whole world is watching.