A diagram of a Pentagon computer network that includes passwords to defense contractors' systems is one of hundreds of classified documents accidentally available online, a House panel was told Tuesday.
This and other sensitive information, including personal financial data, is mistakenly leaked through popular file-sharing programs such as LimeWire, KaZaA and Morpheus that individual, corporate and government users use to share music, movie and other entertainment files, several experts said at a hearing by the House Oversight and Government Reform Committee.
"The American people would be totally outraged if they were aware of what is inadvertently shared ... by government agencies," said retired Gen. Wesley Clark, who is on the advisory board of Tiversa Inc., a data security company. Clark did not name the defense contractors whose computing passwords were compromised.
Rep. Henry Waxman, D-Calif., chairman of the committee, said the hearing was intended to scrutinize the threats file-sharing, or peer-to-peer, technology poses to privacy and security, not to ban it.
Waxman and Rep. Tom Davis, R-Va., senior Republican on the committee, said they had examined similar concerns four years ago. Both members introduced a bill in 2003 that would have required government agencies to clamp down on file-sharing, but the legislation wasn't approved.
Robert Boback, Tiversa's chief executive, said that over 300 million searches are conducted through peer-to-peer networks daily, compared to 130 million through Google. While most sensitive information is shared accidentally, users in both the United States and abroad are aware of what is available and actively search for data such as credit card numbers, bank statements, and account passwords.
Mark Gorton, chairman of Lime Wire LLC, said his company "takes the problem of inadvertent file-sharing seriously" and seeks to make it easy for users to understand what files they may be sharing.
But he also said he had "no idea" of the amount of classified information available over peer-to-peer networks.
Other experts downplayed the threat posed by peer-to-peer file-sharing.
Mary Engle, associate director of advertising practices at the Federal Trade Commission, said a 2005 FTC report found that peer-to-peer file-sharing "is a 'neutral' technology," meaning that "its risks result largely from how individuals use the technology rather than being inherent in the technology itself."
Meanwhile, Thomas D. Sydnor, an attorney at the U.S. Patent & Trademark Office, said that distributors of the five leading file-sharing programs continue to include features in their software that can trick users into sharing sensitive and copyrighted files.
Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, said on Monday, before the hearing, that users of file-sharing software need to be educated on how to do so safely, as do users of all kinds of software.
"Why is the focus on peer-to-peer?" Opsahl said. "Is that furthering another agenda?," he added, referring to the entertainment industry's criticism of the practice.