Trying to Put the P2P Genie Back in the Bottle

A few years back, Ray Kurzweil wrote a nice article on the promise and peril of technology in the 21st century. He writes,

As technology accelerates toward the full realization of genetic engineering, nanotechnology and, ultimately, robotics (collectively known as GNR), we will see the same intertwined potentials: a feast of creativity resulting from human intelligence expanded manyfold, combined with grave new dangers. We need to devise our strategies now to reap the promise while we manage the peril.

Last week the US House Committee on Oversight and Government Reform held hearings on "to examine recent developments regarding inadvertent file sharing over peer-to-peer (P2P) networks, the impact of such sharing on consumers, corporations and government entities, and whether such sharing creates privacy or security risks for users."

Well, the hearings weren't really about whether P2P networks create privacy or security risks - that was a foregone conclusion - but about the magnitude of the risks and whether there was a way to put the P2P genie back into the bottle.

As reported by CNET News, Government Reform Committee Chairman Henry Waxman (D-Calif.) considers P2P an ongoing national security threat and is considering new laws at addressing the problem. Others on the Committee seemed to agree.

Of course, as Kurzweil points out, it is counterproductive - and useless - to try to restrict a technology once it enters the mainstream. As he states in regard to GNR but is applicable to P2P,

Most important, we need to understand that these technologies are advancing on hundreds of fronts, rendering relinquishment completely ineffectual as a strategy.

Kurzweil is right - file sharing software has become ubiquitous and new P2P providers are appearing all the time. Also as Kurzweil points out, a more effective strategy is to think through and create technological defenses for the potential harm new technologies like P2P can create. Will these defenses have potential harm effects? Of course, but that is the problem with any technology - it is a ultimately a question of risk and reward.

It is far easier and more effective to teach people to not use P2P software on machines with sensitive data, and to encrypt sensitive data on the machines, and to run software checks for P2P activity, etc., then to try to pass laws to stop P2P file sharing. Off course, this won't keep legislators from passing their useless little laws, for they need to be seen as doing something. At the end of the day, however, people will learn through possibly painful experience, and adjust accordingly.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City