The Shrouded Sharing Shenanigans of P2P Programs

People who use popular file-sharing software at home, in school and in the workplace to download music and videos are likely to expose their own personal and corporate data stored on their computers’ hard drives.

The ability of P2P (peer-to-peer) software to hunt for and grab personal and corporate information is now raising concerns by government and military agencies worried that these file-sharing programs could pose threats to national security.

People who store any type of sensitive data on their home computers, particularly computers to which children, teenagers or college students might have access, confront circumstances similar to those faced by governmental or corporate IT managers, warns a U.S. Patent and Trademark Office (USPTO) report.

“P2P depends on the availability of files on the network. P2P intentionally dupes users into providing these files,” Safwat Fahmy, CEO and president of SafeMedia, told TechNewsWorld.

Fahmy presented testimony to the United States House of Representatives Committee on Science and Technology on Dec. 5. That hearing focused on using technology to reduce digital copyright violations. His testimony, in part, addressed the issues raised in the USPTO report.

SafeMedia has developed Clouseau software and the P2P Disaggregator technology it uses to prevent computers from uploading personal and sensitive documents while blocking illegal downloads of copyrighted music and videos.

At a Glance

The USPTO report was prepared by Thomas D. Sydnor II, John Knight and Lee A. Hollaar in November. It contains introductory comments by Jon W. Dudas, undersecretary of commerce for intellectual property and director of the USPTO, about the need to further review the report’s findings. The report reviews public data about the behavior of five popular file-sharing programs — BearShare, eDonkey, KaZaA, LimeWire and Morpheus.

It poses two questions about privacy and file-sharing issues. First, the report asks whether distributors of these file-sharing programs used features that had a known or obvious propensity to trick users into uploading infringing files inadvertently. Second, it asks if further investigations are needed into the intentions of any particular distributor over the use of such duping schemes to induce users to illegally share copyrighted material.

The report concludes that the distributors of these five file-sharing programs have repeatedly deployed features that had a known propensity to trick users into uploading infringing files inadvertently.

Targeted Features

All five programs studied in the USPTO report use either the same share folder or search wizard features. The report described these features as being uniquely dangerous. The targeted features can cause users to inadvertently share infringing files and sensitive personal files like tax returns, financial records and documents that contain private or classified data. By late spring of 2005, the Department of Homeland Security reported that government employees using file-sharing programs had repeatedly compromised national and military security by sharing files containing sensitive or classified data, according to the report.

All five P2P programs studied employ a feature that lets users store downloaded files in a folder other than the specified default folder the programs create. However, the programs fail to warn users that all files stored in the selected folder will be shared. In most cases, the sharing caused by this feature includes not only the files stored in the designated folder but also all files stored in any of its subfolders, said the report.

At least three of the programs use a feature that searches users’ hard drives and recommends that users share folders that contain certain file types. These file types trigger uploads of document files, audio files, audiovisual files and image files, noted the report. Further, some search-wizard features activate automatically, while others require the user to trigger them.

Another problem revealed by the report is that some of the features are activated during a program’s installation and setup process. However, others are an option that a user can activate after the program is installed and running.

Other Problem Areas

The report cited concerns about the partial-uninstall features found in at least four of the P2P programs analyzed. If users uninstall one of these programs from their computers, the process will leave behind a file that will cause any subsequent installation of any version of the same program to share all folders shared by the “uninstalled” copy of the program.

Privacy violations are not limited to the user profile, warned the report. Whenever a computer is used by more than one person, this partial-uninstall feature ensures that users cannot know which files and folders these programs will share by default.

The coerced-sharing features of P2P programs further worried the report writers. Four of the P2P programs have features that make it far more difficult for users to disable the sharing feature of the folder used to store downloaded files. This folder may be the default download folder created by the file-sharing program or an existing folder selected to store downloaded files through a share-folder feature, according to the report.

In each case, the feature can provide misleading feedback that incorrectly indicates that the user has disabled sharing of the download folder. However, in each case, an obscure mechanism appears to allow sophisticated users to avoid the coerced-sharing feature and stop sharing the download folder. The report was critical of the level of technical skill users need to fully turn off the shared download folder feature.

Report Conclusions

All five of these programs can cause users to share infringing files inadvertently, warned the report. Redistribution and coerced-sharing features can cause users to share downloaded files inadvertently.

“Even when parents know that their children are using popular sites like LimeWire, eMule, uTorrent and dozens of others, most of them are not techies enough to understand these illegal P2P networks’ features,” explained Fahmy. “The problem is, on the surface they appear to be so easy to use. Parents believe that they are safe.

“The damage being caused by P2P networks goes unnoticed because it’s free, and most often it is an illegal transfer of copyright-protected files,” explained Fahmy. In addition, research by the security company TruSecure found that 45 percent of popular downloaded files concealed malicious code, he said.

Devastating Industry

P2P file-sharing is enormously detrimental to the entertainment industry. Last year more than US$2 billion worth of illegal music downloads and movies were pirated at more than $20 billion loss to the industry, according to Bob Werden, publicist for Independent Films in Hollywood.

“In Los Angeles, one can go not more than five miles from any of the major studios and find DVDs of films not even in release being sold for as little as $10. Major efforts are underway to stop that part of the piracy. But someone who has purchased ‘SpiderMan 3’ or ‘Ocean’s 13’ or ‘Pirates of the Caribbean’ can now send it to their friends for downloading. The music industry is in equal jeopardy,” Werden told TechNewsWorld.

That kind of piracy has devastated both the music and film industries, offered David Bortman, a Beverly Hills entertainment attorney. Billions of dollars have been lost, he said, and many people have lost their jobs because of such piracy. It is an extremely difficult problem because many people believe they are doing nothing wrong by downloading a record or a movie. They feel nothing has been taken from anyone, he said.

“People who do these things feel no guilt whatsoever, even though they are destroying careers. It would seem clear, based on experience over the last few years, that this is not going to change. For this reason, the only thing that is going to protect the artists and their partners and coworkers is the development of technology that prevents the unlawful downloading,” Bortman said.

No Innocent Bystanders

P2P downloaders are not innocent bystanders, asserted Werden. Security efforts in the entertainment industry are getting tighter and stronger, but films are still being stolen and moved onto the Internet, he said.

“I do believe that those people who download DVD and CD films and music that are not legal know that. There are very few tech-unaware Internet users out there. Perhaps some 80-year-old guy and his wife might not realize that the film they send to their grandchild at college is illegal, but the majority have read and heard about Internet piracy of films and music,” Werden told TechNewsWorld.

Artist and songwriter Eddie Money could not agree more.

“Music piracy is illegal and extremely detrimental to all of those who make a living creating original musical works,” Money told TechNewsWorld. “If you truly like music, don’t steal it. Support the industry by downloading your music legally.”