When he opened Wednesday's hearing on the hazards of inadvertent file sharing via peer-to-peer software, Representative Edolphus Towns (D-NY) said he was done with letting the industry solve the problem. By the end of the hearing Towns had lowered the boom, announcing that he plans to introduce a bill to bar LimeWire-style software from government and government contractor computers and their networks.

"At its best, with the proper safeguards in place, peer-to-peer software has great potential," Towns told the Committee on Oversight and Government Reform, which he chairs. "At its worst, it isn't peer-to-peer; it's predator-to-prey."

The representative also said he wants the Federal Trade Commission to investigate whether "inadequate standards" on P2P software constitute an unfair trade practice. "The FCC needs to look into this too," he added, although it's unclear what statutory authority, if any, the Federal Communications Commission has over this problem.

One thing is for sure, though. The "see no-evil, hear-no-evil approach" is done, Towns declared. "As far as I am concerned, the days of self-regulation should be over for the file-sharing industry."

Prime targets

To the hearing came experts with horror stories. Inadvertent file sharing takes place when P2P users allow the program to share not only music or video files on a specific folder, but much of what is contained in the rest of their computer, including .pdfs of legal and personal documents, .gifs of medical records, and .csvs of financial data. A lot of the discussion focused on the accidental exposure of sensitive military information. The latest shocker came out of the testimony of Robert Boback of the Tibersa security company, who showed the House committees slides of a document the company says it found titled, "U.S. Nuclear Facilities. List of Site Location Facilities and Activities."

"This is from the United States," Boback told the representatives. 'This is from the President.... Every nuclear agency. Every facility. The problem is we found this in France. Four locations in France. Not in the United States. Other countries know how to access this information, and they are accessing this information."

But it appears that what the hearing saw (it's streamed here) was in fact a list of civilian nuclear fuel sites that was first accidentally posted online by a government website. Boback's testimony was confusing to the Washington Post, which has published an errata on its earlier story on the event. Nonetheless, there's no shortage of evidence that loose file sharing is releasing tons of Personally Identifiable Information (PII) on the US military.

"Military families are prime targets for identity theft as the thieves are aware that the soldiers are probably not checking their statements or credit reports very closely due to the serious nature of the work that they are performing," Boback warned. "We have seen the confidential information (SSNs, blood types, addresses, next of kin, etc.) of more than 200,000 of our troops."

Other cited data leaks have included the Social Security numbers of all master sergeants in the Army, about 24,000 medical records from a Texas hospital, and the surveillance photos of a Mafia hit man. It also seems that the office of one Fortune 100 company officer accidentally released an executive's Microsoft Outlook .PST file, Boback disclosed, donating thousands of e-mails, contact addresses, sales spreadsheets, phone numbers, and passcodes to the file sharing universe.

The culprit du jour at this hearing was LimeWire itself. Digital property expert Thomas D. Sydnor of the Progress and Freedom Foundation laid into the company with gusto. "Distributors of file-sharing programs like LimeWire LLC have repeatedly responded to even the most serious and well-documented concerns about inadvertent sharing with half-measures, misrepresentations, whitewash, and other conduct that, considered in its entirety, could strongly suggest bad faith," Sydnor charged, "an intent to cause and perpetuate inadvertent sharing."

Dangerous living

Sydnor told the company that over the weekend he performed a test on a computer with 16,798 files in a folder named My Documents. "After confirming that no version of LimeWire was installed upon this test computer, I then did something very dangerous: I downloaded the latest version of LimeWire 5," he explained, and opted for the software's default settings. The program very quickly put all 16,798 files up for sharing, Sydnor said.

"Were this my actual family computer, my family would be sharing all of our work-related and personal documents, all of our scanned tax-related and identifying documents, many home movies, all of our family photos, and over 3,800 copyrighted audio files," he warned.

LimeWire Group Chair Mark Gorton dropped by for the roast, he being the main course. He strongly disputed Sydnor's charges. "LimeWire 5 does not share user-originated files by default," Gorton insisted. "In fact, by default, LimeWire 5 shares no files of any sort for the new LimeWire user. Also contrary to what Mr. Sydnor states, LimeWire 5 does not share 'sensitive file types' by default. In fact, by default LimeWire does not permit sharing of Microsoft Word documents, Corel documents, many proprietary tax document extensions, Excel spreadsheets, power point presentations and .pdf file[s]."

But it's clear that after seven years of probes and government hand wringing over this issue, key players in Congress have run out of patience with assurances that the industry can plug up all these widely noted security leaks on its own.

"The file-sharing software industry has shown it is unwilling or unable to ensure user safety," Towns declared. "It's time to put a referee on the field." He also wants the government to launch a national consumer education campaign "about the dangers involved with file-sharing software."