According to this story from Wired.com, the top court in the European Union has ruled that telecommunications companies cannot be forced to divulge names and addresses of individuals suspected of distributing copyrighted movies and music over peer to peer networks. The court did state that individual countries could draft national laws to change that, but cautioned that any such laws would have to take into account individual privacy, as both property and privacy are "fundamental rights."
Given that this is taking place in Europe, it won't have much effect on privacy rights in this country, or on the music industry's continuing crusade against peer to peer networks in the U.S. However, it can provide a useful point of comparison between the treatment of privacy in the E.U., and the treatment of privacy in the U.S. For example, in the U.S., privacy protections aren't balanced against the interests of copyright holders - they're used as a pretext to advance the interests of copyright holders when it isn't politically expedient to advance the interests of copyright holders directly (see, e.g., here. As someone who generally supports greater individual privacy, I would like this to change, though I'm not optimistic that, in this country, it ever will.
Showing posts with label P2P. Show all posts
Showing posts with label P2P. Show all posts
Wednesday, January 30, 2008
Friday, July 27, 2007
Priorities
Recently, at a hearing on P2P networks, Henry Waxman stated that he was considering laws aimed at the problem of inadvertent leaking of classified information (described here and here). Apparently, sensitive documents have been making their way onto P2P networks such as those accessed via Limewire or Kazaa. While this is obviously a problem, the solution proposed by Waxman - regulating the networks - is insane. I could access that sensitive data through my computer, and, in getting to my computer, that sensitive data would travel through a DSL line. However, Mr. Waxman isn't proposing that computer makers or telcos take responsibility for making sure that people can't access sensitive documents. The reason is obvious: telcos and computer makers can't be responsible for the actions of end users, because there is no effective way for them to control end users without effectively shutting down. P2P networks are no different. Looking at his comments charitably, it seems that Mr. Waxman simply doesn't understand the consequences of putting responsibility for the acts of consumers on the providers of P2P software.
Of course, it is also possible to look at Mr. Waxman's comments in a less charitable light. Currently, the federal government is scrambling to meet a White House directive on securing personal data (details can be found here) and it seems that there is an almost continuous stream of incidents of lost data involving government employees (e.g., the theft of a laptop containing records for 26.5 million veterans, described here), so attacking an easy target, such as P2P networks, could serve an instrumental purpose for Waxman of making it appear that he is doing something about information security. Further, by attacking P2P networks as a threat to national security, Waxman is undoubtedly pleasing the powerful recording industry, which has been seeking to destroy P2P technology ever since Napster. In this regard, it is telling that Waxman said that he would seek to achieve a balance between "sensitive government, personal and corporate information and copyright laws" (emphasis added). Given that protecting copyrights, while a valid concern, is an entirely different type of objective than protecting the physical well-being of Americans by improving national security, the inclusion of copyright law on that list seems strange. However, if the primary motivation to regulate P2P networks is to benefit copyright holders, then the list provided by Mr. Waxman makes perfect sense, with the national security concerns acting as window dressing for the desire to shut down P2P networks on behalf of copyright holders.
In any case, I think it is extremely unlikely that regulating P2P networks is a viable solution to the Federal Government's information security problems. Even if P2P networks were banned entirely, that would do nothing to stop people from stealing data, or from losing the media on which data are stored. However, when faced with a decision as to whether to spend time exercising oversight on HR or training policies which might increase information security, and blasting the enemies of the RIAA, it is clear where Congress' priorities lie. Disappointing, but not at all a surprise.
Of course, it is also possible to look at Mr. Waxman's comments in a less charitable light. Currently, the federal government is scrambling to meet a White House directive on securing personal data (details can be found here) and it seems that there is an almost continuous stream of incidents of lost data involving government employees (e.g., the theft of a laptop containing records for 26.5 million veterans, described here), so attacking an easy target, such as P2P networks, could serve an instrumental purpose for Waxman of making it appear that he is doing something about information security. Further, by attacking P2P networks as a threat to national security, Waxman is undoubtedly pleasing the powerful recording industry, which has been seeking to destroy P2P technology ever since Napster. In this regard, it is telling that Waxman said that he would seek to achieve a balance between "sensitive government, personal and corporate information and copyright laws" (emphasis added). Given that protecting copyrights, while a valid concern, is an entirely different type of objective than protecting the physical well-being of Americans by improving national security, the inclusion of copyright law on that list seems strange. However, if the primary motivation to regulate P2P networks is to benefit copyright holders, then the list provided by Mr. Waxman makes perfect sense, with the national security concerns acting as window dressing for the desire to shut down P2P networks on behalf of copyright holders.
In any case, I think it is extremely unlikely that regulating P2P networks is a viable solution to the Federal Government's information security problems. Even if P2P networks were banned entirely, that would do nothing to stop people from stealing data, or from losing the media on which data are stored. However, when faced with a decision as to whether to spend time exercising oversight on HR or training policies which might increase information security, and blasting the enemies of the RIAA, it is clear where Congress' priorities lie. Disappointing, but not at all a surprise.
Wednesday, June 13, 2007
Risks from P2P Networks
ComputerWorld has a pair of articles up here and here discussing risks posed by P2P networks. The first article focuses on a Dartmouth study which found that substantial amounts of sensitive information, including (ironically) a security evaluation for a bank performed by a third party contractor, is inadvertently made accessible by consumers who download P2P software. The second article provides a concrete example of that danger: a Pfizer employee who installed P2P software on a laptop which was provided by the company for her own home use inadvertently exposed personal data for around 17,000 current and former employees of Pfizer. The take home message from all this? Have policies which control the use of P2P software, and make sure that employees know that violating those policies won't only be a breach of workplace rules, it would also put their own personal data at risk.
Subscribe to:
Posts (Atom)