Lawmaker proposes banning federal use of certain file-sharing software

The leader of a House oversight panel on Wednesday said he plans to introduce a bill banning software commonly used to exchange music and video clips from all government and contractor computers to prevent inadvertent leaks of sensitive information.

During a hearing, Rep. Edolphus Towns, D-N.Y., chairman of the Oversight and Government Reform Committee, also promised an investigation into whether providers of peer-to-peer file-sharing software should be held accountable for failure to implement safeguards.

Such software allows the direct exchange of files. But P2P applications, if not configured properly, can open unintended folders on hard drives -- often unknown to the users. These folders could contain documents with sensitive or private information.

The P2P file-sharing software industry is largely self-regulated, and recent reports have indicated that measures designed to protect users from inadvertently exposing sensitive computer files are inadequate.

"As far as I am concerned, the days of self-regulation should be over for the file-sharing industry," Towns said. "In the last administration, the Federal Trade Commission took a see-no-evil, hear-no-evil approach to the file-sharing software industry. I hope the new administration is revisiting that approach, and I hope to work with them on how to better protect the privacy of consumers."

Towns said a bill banning agencies and contractors from using the file-sharing software is critical because "the risk is simply too great to ignore." The measure would be in keeping with security specialists' recommendations that agencies prevent employees from downloading the applications in the first place.

He also said he plans to meet with FTC Chairman Jon Leibowitz to request a probe of whether software companies engage in an unfair trade practice when they fail to install adequate protections on P2P applications.

P2P file-sharing software has been responsible for a number of recent breaches of sensitive government information. It was found to be at fault in the leak of blueprints and the avionics package for the president's helicopter to a file server in Iran, for instance.

During the hearing, peer-to-peer network monitoring expert Thomas Sydnor recommended that Congress encourage law enforcement agencies to be more proactive in pursuing crimes related to the use of P2P file-sharing networks to download sensitive information from computers. He encouraged lawmakers to support the Informed P2P User Act, which would require software providers to obtain informed consent from users before making files available to another computer. That bill is being considered by the House Energy and Commerce Committee.

"The measures needed to comprehensively remediate inadvertent sharing are neither mysterious nor complex," said Sydnor, who is senior fellow and director of the Center for the Study of Digital Property at the think tank Progress and Freedom Foundation. "They simply are not compatible with the interests of companies that still insist upon trying to build businesses based upon unlawful uses of their programs."