Chapter 4. Security, Vulnerability, and the Legal Issues of P2P

Security and vulnerability are issues rarely considered by most individuals using computers, and even less so in the specific contexts of p2p applications. Witness the recurring global rashes of virus-infested e-mail and server worms, many of which would never have occurred, or at least would have had marginal effects, if only users and administrators had exercised even a modicum of precaution and common sense.

In fact, it’s a safe bet to assume that even those who consider their systems “secure” or “reasonably safe” from intrusion have given little thought to how the use of a p2p client might easily circumvent existing security measures. Such breaches of security can be a serious problem in environments where there is wide-spread complacency and implicit trust in for instance corporate firewalls and established policies. A first step towards addressing the problem is to be informed about the risks and to have a greater understanding of the technologies involved.

The implementations examined in detail in later chapters have sections that deal with these issues in the specific application context. This chapter serves as a more general background and provides a broader understanding of how p2p technologies introduce both new risks and new possibilities. In some situations and with the proper preparations, a deployed p2p technology might even prove more secure and robust than the traditional client-server network.

Security and legal issues are intimately related, even if we consider only the immediate risks of liabilities and litigation raised by inappropriate access or distribution of content by users. It therefore seems appropriate to end the chapter with some mention of common legal issues you should be aware of.