US Tackles P2P Data Breach Risk With New Legislation

Software developers would be required to clearly inform users when their files are made available to other P2P (peer-to-peer) users under legislation introduced on 24 Feb. by Senators Amy Klobuchar (D-MN) and John Thune (R-SD).

The legislation comes just one day after the FTC (Federal Trade Commission) notified nearly 100 organisations on 23 Feb. that the use of P2P programs on their computer networks had resulted in significant data breaches involving sensitive information about customers and employees.

The FTC said users of these networks risk the exposure of personal information, including health-related information, financial records and drivers’ license and Social Security numbers, which can lead to identify theft.

“As a former prosecutor, I know that identity theft and security leaks can be prevented,”  Klobuchar said in a statement.  “Families across Minnesota run the risk of unintentionally sharing all of their private files like tax returns, legal documents, medical records and home movies when they are connected to peer-to-peer networks.  This bill will let people know — in a way that they can understand — that their personal files are being shared with complete strangers.”

The P2P Cyber Protection and Informed User Act would prohibit P2P file sharing programs from being installed without the informed consent of the authorised computer user. The legislation would also prohibit P2P software that would prevent the authorised user from blocking the installation of a P2P file sharing program and/or disabling or removing any P2P file sharing program. 

”It is important that consumers are aware of the privacy and security threats associated with some peer-to-peer file-sharing programs,” Thune said. “The P2P Cyber Protection and Informed User Act is an important step in achieving this goal.”