Data Security

The Distributed Computing Industry Association (DCIA) supports the statement made by the US Federal Trade Commission (FTC) on Monday, not only with words but also with its actions. The Inadvertent Sharing Protection Working Group (ISPG) is a DCIA-sponsored industry-wide program introduced in July 2008 that has been working with the private sector and FTC staff to address the issues Chairman Leibowitz spoke about in his statement.

Compliance reports began to be compiled and submitted one year ago from top brands representing implementations of P2P technologies ranging from downloading to live-streaming, from open consumer file-sharing environments to secure corporate intranet deployments, and from user-generated to professionally produced content.

Representative examples of these are BitTorrent and LimeWire. In the case of BitTorrent and software programs that use BitTorrent, it is unlikely that a user can inadvertently share data because of the multiple intentional steps involved in converting a file to a .torrent format, uploading it to a tracker, etc. In the case of LimeWire, the company literally rebuilt its software to protect users from accidentally sharing their personal or sensitive data.

The distributed computing industry takes the safety of consumers very seriously. Once this concern was recognized, it responded proactively.

The fact remains, however, that the amount of confidential data that is in distribution on the Internet is cumulative. Material that was accidentally disclosed years ago is still floating around. And more recently leaked data is also accessible. The entire focus of ISPG so far has been to shore up the sources of such unintended file uploads in the first place. Removing items that are already in circulation on the web is a problem of a different order of magnitude and one that this group is just starting to investigate.

The ISPG's best advice now - to parents and children alike - is similar to that given by other Internet software distributors: PLEASE UPGRADE TO THE LATEST VERSION FOR THE BEST PERFORMANCE AND THE SAFEST EXPERIENCE.

For public and private sector institutions that require workers to handle classified information: PLEASE DISCONNECT YOUR COMPUTER FROM THE INTERNET WHILE WORKING ON HIGH-SECURITY PROJECTS AND REMOVE SENSITIVE DATA FROM YOUR DEVICE BEFORE RECONNECTING.

Also, along with actively participating in this program, summarized here, the DCIA encourages file-sharing software distributors to direct users to the Onguard Online website pages dedicated to File-Sharing Safety.

The DCIA was less enthusiastic about news that Senators Amy Klobuchar (D-MN) and John Thune (R-SD) misguidedly introduced legislation on Wednesday "to inform Internet users of the privacy and security risks associated with file-sharing software programs."

Such measures tend to be technologically outdated before they can be finalized and signed into law, result in unintended consequences that stifle commercial innovation, and prove to be unenforceable given that the Internet is a global medium.

The industry has moved to address inadvertent uploading of sensitive data by shoring up the entry points in file-sharing software.

This issue has moved now to institutional policies for managing data securely and to the removal of confidential data already in circulation. Nevertheless, the DCIA will engage with Senate staff to minimize collateral damage.