Who's at Fault With Peer to Peer?

George Ou, a blogger at ZDNet, takes on Rep. Henry Waxman, D-Calif., chairman of the House Committee on Oversight and Government Reform, over Waxman's call for tighter regulation of peer-to-peer software. After ZDNet posted a story on a Government Reform Committee hearing on how peer-to-peer software threatens national security, Ou wrote that Waxman "hasn’t a clue what he’s talking about and this new round of political grandstanding is absurd." Committee members grilled Mark Gorton, the chairman of peer-to-peer Lime Wire who testified before the committee.

Ou argues that peer-to-peer makers like Gorton are not the problem. Rather, federal information technology shops should do a better job of policing federal employees' computers for peer-to-peer software and to remove it when it is found. "The onus is on the Government or any organization to lock down their infrastructure from the physical layer to the application layer to the people working for them," Ou writes. Good point. Transportation Department chief information officer Daniel Mintz told the committee that DOT, after a peer-to-peer software downloaded on a DOT laptop opened access to government documents, developed a policy that requires "written authorization for installation of P2P programs on government machines," according to the ZDNet article.

But Ou goes a few steps further, which pushes his argument over the edge. He argues that the problem isn't the technology, but the people who use the technology to commit crimes. "Sandy Berger stole secret documents from the National Archives by shoving the documents in to his socks so will Congressman Waxman propose a new law against socks? Will Congressman Waxman call the CEO of Fruit of the Loom to the hearings and grill him about the dangers of socks?"

This misses a finer point. Creators of peer-to-peer software such as Gorton know that their software can be misused to spread malware. It is questionable -- and the committee did raise the questions -- whether Gorton and other peer-to-peer programmers have ignored this fact to spread the use of their software and whether they have been responsible enough in informing users that, if not properly configured, peer-to-peer software can open up personal files. Think of a warning label like you see on a pack of cigarettes. It doesn't take a stretch of the imagination to come up with that possibility. It does take a stretch of the imagination for Fruit of the Loom to consider the possibility of someone using their socks to pilfer documents. Regulation to prevent such an event would be absurd. No one in their right mind would think of such a thing.

Not so for peer to peer. The makers of peer-to-peer software know the dangers that their products present. Just like drug manufacturers know the dangers of misusing the drugs they make. But we have regulations in place to require drug companies to inform the public of possible side effects and the dangers of drug interactions and overdosing. Is it too onerous to ask peer-to-peer manufacturers to act as responsibly? By requiring some action from peer-to-peer providers to better secure their products, together with more vigilance from federal security IT shops, peer to peer can become a safer app and continue to provide value to federal workers.