Tuesday, July 24, 2007
Communications and Information Technology

Committee Holds Hearing on Inadvertent File Sharing over Peer-to-Peer Networks

Chairman Waxman's Opening Statement

Just over four years ago, the Committee on Government Reform held a hearing entitled: “Overexposed: The Threats to Privacy and Security on Filesharing Networks.” Then, as now, the hearing was part of a bipartisan effort to investigate and understand the uses and risks of peer-to-peer file-sharing networks, also known as P2P networks.

The Committee previously looked at two problematic aspects associated with P2P networks: children’s exposure to pornography on P2P networks and the privacy and security risks created by these networks.

That investigation found that P2P networks were making highly personal data such as tax returns and financial information available to anybody using popular P2P applications like KaZaA, Morpheus, LimeWire, and Grokster. These documents were being shared with millions of computer users without the knowledge of their owners.

After the hearing, numerous P2P file sharing program distributors adopted a voluntary Code of Conduct to prevent inadvertent disclosures of sensitive information. Along with other members, I hoped the problem had been solved.

In March, however, the Patent and Trademark Office (PTO) released a report suggesting that inadvertent file sharing may still be a serious problem.

Moreover, following the release of the PTO study, several news reports revealed that individuals and government entities were unknowingly sharing highly confidential information, including files from the National Archives, the Department of Transportation, a Naval hospital, and the Department of Defense.

The Committee staff did its own investigation. We used the most popular P2P program, LimeWire, and ran a series of basic searches. What we found was astonishing: personal bank records and tax forms, attorney-client communications, the corporate strategies of Fortune 500 companies, confidential corporate accounting documents, internal documents from political campaigns, government emergency response plans, and even military operation orders.

All these files were found in unpublished, Microsoft Word document format. All were found in limited searches over the past month. It is truly chilling to think of what private information an organized operation or a foreign government could acquire with additional resources.

In light of these developments, Ranking Member Davis and I agreed that the Committee should take another look at the privacy and security issues posed by P2P networks. We will use this hearing to examine three basic questions:

Does inadvertent file sharing over P2P networks create unacceptable risk for consumers, corporations, and government?

If so, how extensive is the problem?

Does Congress need to intervene in this matter with legislation or can the problems be addressed through available oversight tools and enhanced consumer education?

We are fortunate to have with us a distinguished panel of experts. They include government officials, representatives from computer security firms, academics, and the head of LimeWire. They can provide the Committee with a wide range of perspectives on the risks and benefits of P2P networks.

The purpose of this hearing is not to shut down P2P networks or bash P2P technology. P2P networks have the potential to deliver innovative and lawful applications that will enhance business and academic endeavors, reduce transaction costs, and increase available bandwidth across the country.

At the same time, however, we must achieve a balance that protects sensitive government, personal, and corporate information and copyright laws.

The goal of this hearing is to gain insights into how to strike this balance and ensure that inadvertent file-sharing does not jeopardize the public’s privacy and security.