informa
/
Commentary

Justice Breyer's Data Exposure A Reminder Of P2P File Risks

The news that Supreme Court Justice Stephen Breyer's personal information was among thousands of other personal data files compromised as a result of a file-sharing snafu raises a couple of issues, chief among them whether or not peer-to-peer file sharing via public programs is ever appropriate for business info.
The news that Supreme Court Justice Stephen Breyer's personal information was among thousands of other personal data files compromised as a result of a file-sharing snafu raises a couple of issues, chief among them whether or not peer-to-peer file sharing via public programs is ever appropriate for business info.The Justice's social security number and other information leaked via a botched LimeWire connection by an investment firm employee.

As the Washington Post reported, the employee had improperly configured LimeWire's settings, opening a hard disk's contents to full file-share while grabbing a movie or song -- which is no comfort but offers big lessons on two fronts:

1) What was an investment firm -- whose stock (you'll pardon the expression) in trade (ditto) is private information -- doing allowing an employee to use LimeWire in the first place, assuming the firm knew the p2p program was being run? If not...

2) Why didn't the firm know that the P2P program was being run, especially considering how easy it is to misconfigure LimeWire and open an entire hard disk -- and the business and other confidential files it contains -- to open sharing while the employee is downloading a pirate copy of an almost undoubtedly copyrighted work (which in itself should be prohibited at all businesses, for ethical and legal as well as practical employee time and network resource concerns.)

The breach evidently happened six months or so ago, and was discovered by a Post reporter trolling LimeWire for stories, but you can bet the reporter wasn't the only one trolling.

The investment firm should have known better than to let employees run P2P, even for personal download materials (and should have been aware of employees violating the prohibition.) Just ask the 2,000 or so of its clients whose information has been floating around in fileshare space for the past half-year, Justice Breyer among them.

Be interesting to see if Breyer's experience will be reflected should he be faced with any cases regarding intellectual property, file sharing technology... or regulatory compliance in the protection of private information.

Recommended Reading: