File sharing threatens security at the personal and national level

A recent government report says that the old adage "buyer beware" now even applies to those who are not technically buying anything at all. Despite the reputation of "free" downloads, much of the illegal file sharing done on the internet comes at a steep price: personal and national security.

The United States Patent and Trademark Office (USPTO) has released a report that concludes that the distributors of five popular file sharing programs – namely BearShare, eDonkey, KaZaA, LimeWire and Morpheus -- repeatedly deployed features that "they knew or should have known" could cause users to share files inadvertently. The report identifies five features in recent versions of five popular file sharing programs that could cause users to inadvertently distribute to others downloaded files or their own proprietary or sensitive files.

"Computer programs that can cause unintended file sharing contribute to copyright infringement, and they threaten the security of personal, corporate, and governmental data," Jon Dudas, Under Secretary of Commerce for Intellectual Property, said in a statement.

The report shows that distributors of file sharing programs deployed features that could cause inadvertent sharing even after repeated warnings that these features could facilitate identity theft and breaches of personal and national security, the USPTO claimed. For example, in 2003, two Congressional hearings were prompted by research indicating inadvertent sharing could be caused by search-wizard and share-folder features. After the hearings, many distributors adopted a code of conduct that prohibited use of these features. Nevertheless, in 2004 and 2005, many of these same distributors kept deploying more aggressive versions of search-wizard or share-folder features, according to the report. Many distributors also deployed other features, like partial-uninstall and coerced-sharing features, that also had what the USPTO said was a "known or obvious potential" to cause inadvertent sharing.

The report also shows that inadvertent sharing has had severe consequences for governments, corporations and individuals. In a 2005 information bulletin, the Department of Homeland Security warned that inadvertent file sharing could compromise national security. "There are documented incidents of P2P file sharing where Department of Defense sensitive documents have been found on non-US computers with no protection against hostile intelligence," the report said.

"A decade ago, no one would have thought that copyright infringement could threaten personal or national security," Dudas added in a statement. "Today, that threat is a reality; we need to understand its causes and find solutions."