The Dangers of Peer-to-Peer “Peering”


By Todd Davis – Congress recently suffered one of the most embarrassing federal security breaches on record: a sensitive memo regarding an ethics investigation of 30 House lawmakers and staffers inadvertently leaked to the media.

The breach wasn’t the result of a Watergate-style burglary, nor was it the handiwork of a sophisticated foreign hacker. The thief obtained the ethics memo through a simple peer-to-peer (P2P) file-sharing network — the kind that internet users throughout the world use to share music, videos, and photos.

As this episode proves, nobody is immune to the security risks posed by P2P networks — not even the federal government. And surprisingly, such file-sharing puts everyone’s personal data at risk — whether they use P2P software or not.

We’re all familiar with identity theft. Perhaps your credit-card company has called to make sure you actually ordered those first-class plane tickets to Tahiti. Or worse, perhaps you’ve seen your bank balance dwindle overnight as a thief withdrew your savings from an ATM. In many cases, all a thief needs to wreak havoc is your Social Security number or your bank PIN.

Thanks to the rise of the internet, identity theft has become much easier — and more common. No longer must criminals sift through trash or steal wallets to get the information they need — they can rob you from the comfort of their own computers. According to the research firm Javelin Strategy & Research, cases of identity theft increased 11 percent in the United States between 2008 and 2009.

The tens of millions of people worldwide who use P2P file-sharing networks like LimeWire and Kazaa are especially susceptible to identity theft. If their P2P software isn’t set up properly, other users may be able to access all the files on their computers — not just the music or video collection meant for sharing.

In other words, private documents like credit reports, photographs, tax returns, and bank statements could easily be downloaded by perfect strangers.

A 2009 investigation by The Today Show illustrated the scope of the problem. Their report found more than 25,000 student loan applications, more than 150,000 tax returns, and nearly 626,000 credit reports easily accessible through file-sharing networks. All it took was a simple search using keywords like “tax return” or “health insurance.”

Many technologically savvy folks believe they can protect their personal information by using antivirus software and carefully configuring their privacy settings. Some people may think they can reduce their risk of identity theft by avoiding P2P networks or staying offline entirely.

Unfortunately, that’s not the case.

After all, home computers aren’t the only repositories for our personal information. Retail stores, places of employment, schools — virtually everywhere we conduct business stores pieces of our personal information electronically. So if the receptionist at the doctor’s office uses P2P file-sharing software at work, for instance, every patient’s medical and financial information could be available for the world to see.

Fortunately, government officials are becoming aware of the risks posed by file sharing. Earlier this year, the Federal Trade Commission notified nearly 100 organizations that their customer and employer data were accessible through P2P networks. In addition, the Senate will soon consider a measure that would require software developers to notify users whenever their personal files are being shared. The problem appears to be so widespread that the FTC is reportedly conducting a number of non-public investigations of companies whose consumers’ personal data was revealed as a result of such P2P breaches.

These government actions are heartening, but individuals will ultimately have to take the lead in protecting their personally identifiable information. Several organizations offer varying levels of protection against identity theft. Consumers should seek out services that scan P2P networks for their personal information as well as limit the information they provide to business organizations. Taking these steps will reduce potential information exposure.

The internet has proved a revolutionary medium of exchange for people worldwide. But it’s also made the jobs of identity thieves a lot easier. Lawmakers must take note of the risks posed by P2P networks — and empower Americans to protect themselves from becoming yet another identity theft statistic.

Todd Davis is the Chairman and CEO of LifeLock, Inc.