une 17th, 2003
Contact: Margarita Tapia, 202.224.5225
JUDICIARY STATEMENT: "THE DARK SIDE OF A BRIGHT IDEA"
Will Persional and National Security Risks of P2P Networks Compromise the Promise of P2P Networks?
Statement of Senator Orrin G. Hatch
Senate Judiciary Committee
"The Dark Side of a Bright Idea: Will Persional and National Security Risks of P2P Networks Compromise the Promise of P2P Networks?"
We are here today to explore some potentially troubling aspects of an exciting technology that rightfully has gained the attention and admiration of millions of
Americans, and many millions more around the world: peer-to-peer file sharing networks.
Recent developments in peer-to-peer networks have added dramatically to their versatility – and therefore their utility – to many computer users. Napster, the first
peer-to-peer system, permitted the sharing of audio files only, but newer generations of this technology permit the sharing of any type of computer file, including
audio files, video files, visual images, documents of all kinds and computer programs.
These advances have been accompanied by a soaring increase in the use of peer-to-peer networks. Kazaa, the most popular of these networks, is now the most
popular download on the "downloads.com" Internet site – Kazaa and other file-sharing programs have now been downloaded over 400 million times. Kazaa often
has over 4 million users connected to its network simultaneously. The demand for other popular P2P programs, such as Grokster and Morpheus, is growing rapidly
as well, and mostly among minors. Research shows that about 41percent of those who download files over P2P file-sharing networks are between the ages of 12
These statistics underscore the great appeal and promise of P2P networks, as well as the potential scale of any problems they create. They permit rapid and broad
dissemination of information and ideas; and they have provided a powerful tool to researchers, hobbyists, and interested citizens seeking information and ideas on an
array of topics. At the same time, however, they have also opened up our homes, our businesses, and our government agencies to potentially serious security risks
that are neither widely recognized nor easily remedied. Recent studies involving some of the more popular P2P networks suggest that a significant number of their
users are inadvertently sharing personal and highly sensitive data over these networks, including tax returns, bank account information, personal identifying
information, passwords, and e-mail inboxes. While the true scope of this problem is still unknown, studies have shown that potentially malicious parties are searching
P2P networks for personal emails and credit card numbers. This alone is disturbing, but in government agencies, employee use of P2P networks could also disclose
sensitive government data to the enemies of this country. At this moment in history, the implications of this risk are troubling, to say the least.
I am also troubled that many P2P networks require their users to install so-called "spyware" or "adware" – programs that monitor, collect, and report information
about the Internet "browsing" habits of a particular user. Such programs can collect and disseminate information about the Internet use and personal information of
anyone using the computer on which a P2P networking program has been installed. The invasion of privacy and potential for identity theft inherent in such programs
has already attracted justifiable attention from members of Congress and consumer advocates concerned about the privacy and security implications of such
practices. In addition, some of these "spyware" or "adware" programs can also wreak havoc on a user's computers by commandeering their browsers, creating
conflicts with other software that can crash a user's computer, and otherwise interfering with users' control over their computers.
Finally, the users of P2P file-sharing networks may also encounter malicious programs – such as viruses, worms and Trojan horses – that have been disguised as
popular media files. Indeed, the operators of the most popular file-sharing program recently explained to the House Committee on Government Reform that "when
files come from anonymous and uncertified sources, the risk of [those] file[s] containing a virus greatly increases." If the promoters of these networks acknowledge
that their nature increases users' risk of exposure to malicious programs, then they must also recognize their increased duty to protect and educate their users.
I do believe that peer-to-peer file-sharing networks are here to stay. But the problems of data privacy, spyware and viruses should remind all of us that the final role
of peer-to-peer file-sharing networks in our culture remains to be seen. This technology has great promise, but some potential pitfalls. If these networks are
designed to minimize the risks of file-sharing, then the promise of this technology can become reality. If not, then users, network administrators and others may
ultimately conclude that the risks of this technology outweigh its advantages.
I would like to thank all of our witnesses for appearing here today to address these important issues. We are particularly privileged to have with us three of our
colleagues whose stellar work in this area has shed much-needed light on the significance of the risks we will discuss in this hearing and their potential consequences:
Senator Feinstein and Representatives Tom Davis and Henry Waxman.
"firstname.lastname@example.org" <aicra Sent by: email@example.com
06/19/2003 09:52 AM
Please respond to dvd-discuss
Subject: [dvd-discuss] Hatch press release