P2P networks could represent national security risksWASHINGTON – Testimony before a House committee on Wednesday indicated file-sharing networks could represent a national security risk.

Experts told the House Oversight and Government Reform Committee peer-to-peer networks contain sensitive information including FBI surveillance photos and motorcade routes and safe-house addresses for former First Lady Laura Bush.

The networks also source lists of people with HIV, social security numbers, personally identifiable psychiatric evaluations and other private data, according to one expert.

The problem is not that users intentionally upload the data — although that may occur, as well — but insecure P2P software clients expose the contents of unsophisticated users’ hard drives to thieves, hackers and the curious, the experts said.

Committee chairman Edolphus Towns [D-NY] was so upset by the news he said he plans to propose legislation to ban P2P software from all government computers and networks. He also plans to ask the Federal Trade Commission to take up the issue of whether inadequate security in P2P software and networks constitutes an unfair trade practice.

“The administration should initiate a national campaign to educate consumers about the dangers involved with file-sharing software,” Towns said.

According to security firm Tiversa’s chief executive officer Robert Boback, the threat to national security and law enforcement is very real. While scouring the P2P networks for a client in the entertainment industry, Tiversa found FBI surveillance photos of an alleged Mafia hit man before the trial court saw them. A list of confidential government informants in the case, including the identities of witnesses in the federal witness protection program, were available as well. The hit man eventually was convicted and sent to prison for life despite the leaks, but other data on the networks presents even more distressing opportunities for enemies of the state, Boback said.

“Other countries know how to access this information, and they are accessing this information,” he told the committee. “This is not information you want to have out there.”

FBI and Secret Service spokesmen told the committee the data to which Boback referred was not classified and “not of any value” after an event.

“And if something like [motorcade routes and safe-house addresses] were to emerge before an event, keep in mind we’ve got other security countermeasures in place,” Secret Service spokesman Malcolm Wiley told the committee.

Another security expert told The Washington Post medical information has become a target for organized crime, because medical records can fetch big bucks on the black market.

“This is unbelievably sensitive medical data,” said Deborah Peel, founder of Patient Privacy Rights, a health-privacy advocacy group. “It has people’s names on it from mental-health treatment programs [and] drug studies. All of these medical files have everything needed for identity theft, the most prominent and frightening consumer issue with electronic systems.”