Federal Trade Commission sweats peer-to-peer networks

The Federal Trade Commission (FTC) has notified nearly 100 organizations in the public and private sectors that sensitive information from their computer networks has been shared and is available on peer-to-peer (P2P) file-sharing networks, the commission announced on Feb. 22.

The FTC urged the organizations to review security practices to ensure that they comply with the law. The commission also recommended the organizations identify the people affected and consider whether to notify them that their information is available on P2P networks.

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers’ license and social security numbers -- the kind of information that could lead to identity theft,” FTC Chairman Jon Leibowitz said in a statement.

Commercial P2P programs allow users to easily share videos, music and other data but have also been used to extract sensitive information from users' computers without the victims' knowledge.

On Capitol Hill last year, a confidential document that listed ongoing investigations of lawmakers’ activities made its way from the secretive House Ethics Committee into newspaper headlines. The document was inadvertently disclosed by a committee staffer who used P2P software while working from home.

One bill to prevent the inadvertent disclosure of information on a computer through P2P networks without prior consent passed the House last December. Meanwhile, government employees and contractors would generally be prohibited from installing or using open-network  P2P file-sharing software on all federal computers, systems and networks under a separate bill that was introduced in the House last November.