Peek-A-Boo!!!
Craig at mtpolitics wrote rather extensively here about P2P (i.e. peer to peer) file sharing programs. The gist of his post is that the folks who download (i.e. swap) music files with other P2P software users may not just be swapping music. Apparently all sorts of things are out there for all the world to see, some of which is quite shocking and even dangerous. Craig wrote:
…Most people think that if they download and install Kazaa, Limewire, etc., all it does is download music. They don’t understand that the program scans their hard drive for files to share, and doesn’t care whether it’s music or not. The concepts of Spyware, Adware and file sharing just don’t resonate with them
Later, he pointed to a specific site called “See What You Share on P2P.†I too received a referral from that site (Thank you), and I checked it out. The author of the site has made it his mission to demonstrate just what kinds of things are out there for everyone to see. Like the fellow described in Craig’s post, who found sensitive material and notified various federal agencies, all to no avail, Glen Breakwater (an alias), the author of “See What You Share on P2P” found the same lack of governmental response. As he explains, this led to the creation of his site:
Technology often outruns legislation. So is the case with Peer 2 Peer networks. Many people obtain P2P software so they can download music or movies. A large number of those people do not have any idea what they are sharing.
A few months ago, I downloaded some military briefings from the Gnutella Network. The briefings were zipped and the file contained 21 documents with classifications ranging from For Official Use Only to Secret/NO FORN. Shocked at my discovery, I notified an agency on a nearby military installation. When nothing happened, I notified another agency. I continued this course because no action was taken and for a nation at war, I was concerned for the safety of our soldiers.
It may appear that I am picking on certain institutions [emphasis seems to be on things military ed.]. This is true. I want everyone to know that we can be our own worst enemies when we don’t understand the full power of our technology. I want every military and government agency to see first hand what is being shared with anyone who has a computer. Since a picture is worth a thousand words, I can save myself some talking.
His latest post highlights what happens when P2P software resides on the same hard drive as people’s medical records.
I never got into music downloading, and, given the existence and scope of this problem, I am not about to start. I think I’ll continue to get my music by buying CDs, and I hope my doctor is doing the same.
Yikes! You know, if I was Glen’s attorney, I’d explain to him what a potentially massive fine he could incur for each one of these documents display on his website. And I’d advise him to take them down like yesterday.
HIPAA heavily frowns on things like that ya know.
Comment by Rita — July 26, 2004 @ 8:04 am
Rita,
I believe you are quite right. I have a feeling that the author will read these comments and either take the medical records down or obliterate the patient identifying information.
Comment by Jim - Parkway Rest Stop — July 26, 2004 @ 8:30 am
I hope so. Just accessing them was a major HIPAA violation.
I’d hate to see him get into trouble. I think he’s doing a good thing by making people more aware of the security issues with using P2P.
Comment by Rita — July 26, 2004 @ 9:06 am
My question is this: Isn’t it the doctor’s responsibility to ensure that they are kept private?
I mean, that’s a pretty huge deal that Glen was able to access them in the first place.
Comment by Craig — July 26, 2004 @ 12:28 pm
I’m pretty sure when I installed my P2P s/w that I selected an option to NOT share my files. Now I’m worried though, and can’t check until I get home . . . not that there’s ANYTHING of interest on my PC . . . I swear!
Comment by Lynne — July 26, 2004 @ 2:08 pm
Looks like he’s already taken the medical stuff down . . . site is inaccessible.
Comment by Lynne — July 26, 2004 @ 2:10 pm
You’re correct Craig, it is the doctor’s responsibility. But both the doctor and the person who accesses such files could be criminally & civilly liable under HIPAA….very nasty fines & federal prison time possible if the DOJ decided to prosecute. Not something you want to mess around with, IMO.
Comment by Rita — July 26, 2004 @ 4:38 pm
Aahh. I feel better now . . . I checked the s/w I’m using (WinMX) and it does allow you to configure so you share nothing on your own PC. I hope it’s telling the truth. Thanks again, Jim.
Comment by Lynne — July 26, 2004 @ 5:20 pm
Rita–
Thanks for clearing that up for me.
I knew HIPAA had some pretty sharp teeth — but not that sharp!
Comment by Craig — July 26, 2004 @ 11:28 pm
WinMX is clean, but there are many P2P programs that maliciously exploit unknowing users. People install these things, or simply don’t use anti-virus and anti-spyware and don’t fix Windows with the windows updates available from Microsoft and these omissions leave their computers vulnerable to port scanners, websites, and a whole plethora of passive and active attacks from the internet. People don’t understand computers, and it hurts everybody.
People in the computer industry have known this for years; in fact, there are so many people who inadvertantly share their entire hard drives that sometimes it is easier, when fixing someone’s computer, to download a few windows dll’s or some drivers from someone’s windows directory. It’s amazing really, that these machine continue to function as much as they do!
Comment by Dz — July 27, 2004 @ 4:03 am