The Privacy Lawyer: P2P Networks: The Other Risks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:23 PM

The Privacy Lawyer: P2P Networks: The Other Risks

Privacy and security are at stake if you use P2P networks or IM apps that support P2P file sharing.

Sadly, in the early years of P2P this wasn't the case. I had personally contacted several P2P networks (thankfully, none of which are still in business) with complaints about child pornography images I discovered while representing a famous pop star. I was retained as her counsel in an attempt to stop fraudulent pornographic images of her from being posted online and in P2P networks. The network executives refused to return my calls and refused to take down the images. They only cooperated when law enforcement became involved.

Few child pornography images are caught by filtering software programs or parental controls. Most of these products work using either known lists of images or textual descriptions or names of images. Typically, child pornographic images don't use the words or names that would otherwise trigger a filtering product.

The only way to avoid child pornography on P2P networks is to steer clear of search terms that might imply images of young children or preteens. Even then, downloading unknown images can be risky.

Although some files provide an indication of their child pornography subject matter, using searchable terms such as "Lolita," "young boys," etc., the more sophisticated child pornography traders use other file names to mask their true content. It's possible for someone to innocently stumble across one or more of these files while looking for other content. If anyone comes across a file he believes to be of child pornography he should notify the P2P network administration immediately. He should not forward the file to anyone, print out copies, or save the file to a computer or any other media. He also should contact the National Center for Missing and Exploited Children's CyberTipline , noting the exact file name and location where the file was found.'s anti-child pornography campaign is "Don't support it, report it!" If everyone reports what they find (without actively seeking it), the Internet will be a better place.

While P2P networks contain many violent, hateful, pornographic, and other potentially harmful content files, this content is generally not illegal in the United States. But they may be offensive to many adults and highly inappropriate for children. Most of the parental controls and filtering software programs can now filter all content downloaded from P2P networks. In addition, most popular P2P networks have premium services available for a fee that provide content filters.

Given the content issues, as well as the risk of exposing private files to the public by using the wrong settings for shared files, P2P isn't appropriate for preteens. The best choice for parents of younger children, especially preteens, is to prevent your children from using P2P networks entirely. If there's a file they need for school, or otherwise want, the parent can access it for them. This also would have the added benefit of keeping the children from pirating music, movies, and software when they may be too young to appreciate the ramifications of their actions. For parents whose children may not listen to their rules, many parental control and filtering products have settings that would allow parents to block their children's access to P2P networks entirely and prevent them from downloading the P2P software applications.

Security And Privacy Risks
Private and, in some cases, very sensitive files, are often shared inadvertently by people using P2P networks. A study was done by Hewlett-Packard and the University of Minnesota on P2P file sharing to test how prevalent inadvertent file sharing was on the P2P networks. In a survey of 12 users, only two understood what files were subject to sharing. This is particularly alarming because of the kinds of files they discovered were being shared, undoubtedly without the user's knowledge.

In a test, searches for Outlook database files were conducted every 1-1/2 minutes for a 12-hour period on Kazaa. The study showed that many people had made private files open for download by others on the P2P network. These files include financial information, E-mail files, and even browser caches, showing others where the user had surfed. Many people are not aware of how to limit the files that can be accessed from the P2P network on their own computers. And with the ease of P2P file search, others who understand what to look for can easily find these private files. The same study showed that on a dummy server set up with files identified as creditcard.xls and Outlook databases, four unique users downloaded these files during the test 24-hour period. So, not only are users making their private data available to others online in P2P environments, but others know this and search for and download these files.

This tells us that we need to be sure what files are subject to sharing, how not to make mistakes when we allocate files for sharing, and understanding the import of the data contained in files to be able to determine the risk of sharing them.

The more sophisticated P2P purveyors use a wizard or user-friendly interface to help the user locate the shared file folder and limit the risk of sharing private files unintentionally. But if the wizard is bypassed or the default settings modified, or the wizards aren't created with the user's privacy in mind, the potential for mistakenly sharing files is very real. Selecting a new location for downloaded files broadens the files subject to search, scrutiny, and download by others in P2P. All files located within or under a specified file folder also are available to others for searching, scrutiny, and download. This isn't very clear to the typical P2P user.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 3
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll