TO P2P OR NOT TO P2P

In case you’re not completely up on this subject, P2P is simply peer-to-peer networking. It is technology consisting of a software application and protocol which is used to communicate with others and share files. (See Wikipedia) Since it is “decentralized” and “operating in an environment of unstable connectivity and unpredictable IP addresses, P2P nodes [individual participants] must operate outside [the Internet],” according to OpenP2P.com, which has an interesting piece about what it is and isn’t. If the terms “decentralized,” “unstable connectivity,” and “unpredictable IP addresses” didn’t get your attention, how about the fact that anything you put out there could be exposed to millions of people. That’s what happened in a recent case where a net 5,208 Citigroup customers’ personal data were exposed through the application LimeWire. The information included name, Social Security number and customer’s mortgage loan specifics. You can read a good article on EWeek.com that explains the breach, and provides more insight into P2P technology. This all becomes relevant because in June the Pharmalot Blog exposed pharmaceutical company Pfizer’s breach of 17,000 names and Social Security numbers. It happened because of similar file-sharing software unknowingly placed on an employee’s laptop by her spouse, releasing the private information throughout the network. Incidentally, since then Pfizer has had two more incidents of lost personal data. Pharmalot’s exposing of Pfizer’s episode could well be the ChoicePoint of the Internet online community. CP, of course, was the first junk mail data broker to be caught selling consumers’ private information to ID thieves by a new California law, SB 1386. In the latest Pfizer breach of 34,000 personal records, the company has requested that the employee responsible—who at this point had left the company—be prosecuted by the Connecticut Attorney General, as reported again by Pharmalot. Apparently his new employer caught him with the missing data and turned it over to Pfizer. And in Seattle, Gregory Thomas Kopiloff was arrested in early September, accused of using LimeWire, Soulseek and other file-sharing software to heist financial information from victims’ PCs, according to SCMagazine. This article brings up an interesting point; the fact that many of the victims had children using the P2P applications, and evidently were unaware the software was on their computers. It is too early to determine if this is the newest fad in the identity crisis, but if it is, the potential for ID theft victims is enormous. The question, of course, is what to do? That’s tomorrow.