FTC tags schools among data breaches from P2P file sharing
As if RIAA and the MPAA didn't give us enough reasons to ban file-sharing traffic in our schools, the FTC has contacted over 100 organizations (including several schools) who inadvertently released sensitive data through file-sharing activities. Do you want to be getting a letter like this from the Federal Trade Commission?
Dear Sir or Madam: Data on several of the students in your school, including their social security numbers, grades, and medical records, were recently obtained from public file-sharing utilities. These are widely available and we estimate that at least 1000 people have had access to these files through the Limewire peer-to-peer (P2P) network. This constitutes a violation of HIPAA regulations, as well as FERPA.
Based on these records, we recommend that you go fire your CTO immediately.
OK, so I'm just assuming what the letters looked like; the FTC didn't release the names of the companies or the letters themselves. However, according to the Washington Post,
The consumer protection agency said it sent nearly 100 letters to organizations where information on customers and employees -- including health and financial data and Social Security and driver's license numbers -- leaked through peer-to-peer Web services.
This is, of course, how most P2P clients work. They take sections of a computer hard drive and then open it to share with the world. P2P isn't all bad; I have a server in my basement from which I seed Ubuntu images and other free software that I want to help make more widely available. However, this traffic moves through a carefully opened port and sits on a carefully secured directory on a dedicated server (actually just an old computer, but it does the job). But most employees or students simply install Limewire on their desktops and begin downloading and sharing files with little regard for the sensitive data that might also live on their PCs.
This isn't done with malice; it's done with naivete. The average student is only thinking about expanding his music collection and the incredible bandwidth available in a dorm or office where he has an internship.
The solution? Shut down the traffic, secure the desktops, and make sure that file sharing isn't happening without the express knowledge and consideration of the people who will take the fall when a letter comes from the FTC.