< Return To Hearing
The Honorable Patrick Leahy
June 17, 2003
Statement of Senator Patrick Leahy
I must note at the outset, however, my concern about the process by which we arrived here this morning. It is critically important that we ensure that we are well-prepared to make good use of the expertise and time generously contributed today by the witnesses seated before us. A careful selection of those witnesses, and a thorough study of their written testimony, are absolutely vital to a useful evaluation of the problems associated with peer-to-peer file sharing. The last-minute rush to put this hearing together has meant that, despite the fact that this hearing is supposed to shed light on the important national security issues raised by peer-to-peer networks, there is no witness here from FBI or the Defense Department or the Department of Homeland Security, who can speak to those issues. In the short time leading up to this hearing, I understand that the Committee majority was simply not able to find anyone who was available. As we move forward to explore this important new technology, I am hopeful that we can work in a bipartisan manner and make real progress.
Peer-to-peer has the potential dramatically to change the way we share information, but it is not new to the Internet. In fact, peer-to-peer merely refers to any network that allows users to share information directly with each other, with little or no centralized control. We should not forget that email, and even the world wide web itself, are both types of peer-to-peer networks. When these networks first developed, they also presented serious concerns, and this Committee, both under my leadership and that of Chairman Hatch, correctly took the lead in responding to those concerns. With the expertise and the mandate needed to address these important issues, this Committee has focused on such issues as online privacy, the availability of pornographic materials on the web, computer piracy, and the dangers of computer viruses. By and large, we have responded appropriately to these challenges, by allowing the communities that use these technologies to find the most efficient and effective ways to deal with their concerns. Only where absolutely necessary have we stepped in to regulate in cyberspace. As a result of this careful work, new technologies have developed, with new uses and more powerful abilities -- and they have developed largely without hindrance.
Like email and the world wide web, peer-to-peer file sharing holds simultaneously enormous promise and the danger of harmful misuse. At its core, it has two components. First, it allows a user to search any of millions of computers for a particular file or kind of file. Next, it allows the user to download those files extremely quickly, directly from others on the network. Despite the promise of these networks, there are problems with some of the ways peer-to-peer is used. Peer-to-peer makes it quite easy to share copyrighted materials. It has also become clear that peer-to-peer networks offer an easy way for people to share pornographic materials, often child pornography, and may allow sexual predators a way to lure their victims into an instant messaging conversation. These are very serious concerns, and I look forward to working with Chairman Hatch and the rest of the Committee to address them. Today's hearing, however, was apparently designed to focus on another important aspect of peer-to-peer networking, the personal and national security problems it may raise.
First, peer-to-peer file sharing can render a user's entire hard drive vulnerable to download by anyone else using the network. This is because the default setting on some of the programs will search your hard drive for any video or audio files, and then make everything in that folder available for download by anyone on the network. Thus, if there is one picture in your "My Documents" folder, the software will recognize it and make all of the "My Documents" folder available for download. You can commonly find personal information like tax returns, credit card information and medical documents on peer-to-peer networks, and many of the users have no idea that they are sharing this information with everyone else on the network. If the user is a government employee and the computer is a government computer, sensitive government information could be made available to those unfriendly to the United States. Here in the Senate, of course, the firewalls installed by the Sergeant at Arms are intended to keep us safe from these dangers by effectively eliminating the possibility of file sharing using Senate computers. But I also understand that not all government offices have such protections in place, which presents the ominous possibility of genuine risks to national security interests.
Second, some peer-to-peer software is designed to circumvent firewalls and other security protections intended to keep peer-to-peer off a computer or network. This prevents parents from protecting their children from adult content, and also prevents network administrators such as universities from keeping unlawful uses of peer-to-peer off their networks. Many networks would choose to preclude peer-to-peer because the software tends to use up a lot of bandwidth. Parents and those who run computer networks should be able to keep peer-to-peer off if they choose to.
Third, certain peer-to-peer programs include "spyware" and "adware." These two types of software track an individual's Internet browsing, and can record any information sent via the Internet, like credit card numbers. They then send that information to marketers, allowing targeted "pop-up" ads and spam. Because they collect personal information, spyware and adware may contribute to identity theft. Spyware and adware often get installed on the user's computer with little or no notice to the user.
These problems are serious ones, but they are not new. In my Privacy Report Card for the 106th Congress, I noted: "Increasingly, personal information such as diaries, finances, and schedules, will not be stored on hard drives, but instead on Internet-based files. Combined with the reality that a substantial amount of our information is being carried over the 'Wireless Web' access to our personal information-by private and by public snoopers-is also growing exponentially." What is new is the public awareness of the risks posed by peer-to-peer, and the urgency we in Congress are feeling about the best ways to address those risks.
And while these problems are serious, they are not insurmountable. The inadvertent sharing of files may well be remedied by improving the instructions and warnings that users are given when they install peer-to-peer software. The software also need not have the ability to circumvent firewalls to work effectively. Finally, peer-to-peer need not insert spyware or adware on a user's computer to work. None of these programs are necessary elements of peer-to-peer technologies. And the problems they raise can be solved, or better yet avoided, if good corporate citizens and good cyber citizens take the responsibility to do the right thing.
# # # #