C|Net News is running a very interesting story about a new blog that is posting military and military-related information supposedly found on P2P filesharing networks (Are P2P networks leaking military secrets?). The blog is See What You Share on P2P. The purpose of the site is explained here: Why This Site Exists.
A few months ago, I downloaded some military briefings from the Gnutella Network. The briefings were zipped and the file contained 21 documents with classifications ranging from For Official Use Only to Secret/NO FORN. Shocked at my discovery, I notified an agency on a nearby military installation. When nothing happened, I notified another agency. I continued this course because no action was taken and for a nation at war, I was concerned for the safety of our soldiers.
It may appear that I am picking on certain institutions. This is true. I want everyone to know that we can be our own worst enemies when we dont understand the full power of our technology. I want every military and government agency to see first hand what is being shared with anyone who has a computer. Since a picture is worth a thousand words, I can save myself some talking.
This is not surprising. Nor, I'm sure, is the information inadvertantly shared solely related to military and emergency services. There are probably a number of corporations that would be surprised what files are available for the downloading.
This is a real problem. However, it is properly a computer security issue, not a P2P issue, as the website's owner misleadingly claims, "Technology often outruns legislation. So is the case with Peer 2 Peer networks. Many people obtain P2P software so they can download music or movies. A large number of those people do not have any idea what they are sharing." Note the reference to legislation. Of course, the RIAA, among others, often makes this point and requests more regulation, such as the Inducing Infringement of Copyrights Act (IICA, née INDUCE Act). However, is it really the technology so much as unfamiliarity with the security issues involved?
I remember some of the earlier days of email and how people would accidentally "reply all" or forward to mailing lists information they shouldn't. Still happens, actually. Does that mean we need more regulation of email? The default settings for certain operating systems leave plenty of security holes for accessing information on a network-connected computer. Do we need operating system regulation?
See What You Share on P2P is doing a fine service alerting people (and especially gov't officials) to the security problems their networks have. However, to characterize it as a P2P problem, as opposed to a security problem, is incorrect. We all need to be more familiar with the means and necessity of protecting certain types of information on our computers.
Want to know more about the INDUCE Act?
Please see LawMeme's well-organized index to everything I've written on the topic: The LawMeme Reader's Guide to Ernie Miller's Guide to the INDUCE Act.