Would You Trade Your Tax Returns and Bank Statements for Free Music Downloads?

LimeWire sounds innocent enough – a file sharing program that allows individual users to download music over the Internet, video and other files directly from the hard drive of another LimeWire user. LimeWire and other similar software, described as peer-to- peer software, is a popular way to avoid paying for music and movies. There is, however, a catch. These free downloads pose enormous risks. An anonymous LimeWire user who can download a song or a movie from your computer can also download your highly sensitive personal information that can be used to steal your identity and, in turn, your bank accounts and credit cards.

Because “users of some versions of LimeWire risk inadvertently sharing sensitive information stored on their computers,” the Federal Trade Commission (“FTC”), Bureau of Consumer Protection, conducted an investigation into the LimeWire program as reported in a publicly released letter, dated August 19, 2010, from the FTC to the CEO of Lime Wire LLC. http://www.ftc.gov/os/closings/100919limewireletter.pdf. The FTC was concerned that “LimeWire might expose . . . [a user’s] tax returns, credit reports, and college loan applications to millions of people” because “[i]dentity thieves have used LimeWire to retrieve this information and injure consumers.”

This was not a theoretical concern. In 2009 Frederick Eugene Wood was prosecuted by the Seattle Washington U.S. Attorney’s Office for using the LimeWire program to steal personal information from the computers of 120 people across the United States. The stolen personal information included tax returns and bank statements. Armed with this personal information, Wood assumed the individuals’ identity and created forged checks that he used to buy high-end electronic equipment that he sold through Craigslist. Wood pleaded guilty to, among other things, a violation of the Computer Fraud and Abuse Act, Title 18, U.S. C. §1030(a)(4) and was sentenced to 39 months in prison. http://www.justice.gov/usao/waw/press/2009/aug/wood.html

The FTC, as its letter to Lime Wire reflects, did not recommend any enforcement action against Lime Wire because it had incorporated “safeguards against the inadvertent sharing of sensitive, personal documents into the user interface of more recent versions of its software.” Other reasons the FTC gave for not pursuing action against Lime Wire were “that the attrition rate for legacy versions is substantial, the apparent inability of Lime Wire to force users to upgrade legacy versions of the software to more recent versions; and the possibility that users of some of the older versions of LimeWire may have been able to avoid disclosure of sensitive information.”

Despite efforts by Lime Wire to rectify this issue, the FTC warned that consumers “who are still using insecure legacy versions” are still at “risk of inadvertent sharing of sensitive, personal information.” Moreover, LimeWire, as the FTC recognized, is not the only peer to peer software that is available to consumers. All computer users must be aware of the risks posed by software programs like LimeWire. This risk is increased if multiple people are using the same computer. For example, if your children are using the home computer that you use to prepare your income tax returns and conduct personal banking, you need to be extra vigilant that they are not using peer-to-peer software to create their music libraries.