P2P file sharing networks aren’t seen very often on corporate PCs. At this point, most managers have implemented policy to prohibit their use, and admins have implemented technological measures to make sure employees aren’t putting them on their PCs. And that’s all well and good, but it’s not enough.

Do you leave your work at the office at the end of the day? Didn’t think so. Most companies have at least several people, if not the majority of employees, taking work home; and many have staff members telecommuting from home on a regular basis. This too, is a wonderful trend. I personally haven’t seen the inside of a cubicle in 18 years, and this trend is only going to increase. The office is fast becoming obsolete and unnecessary.

But those security measures, and the trend of working at home, work at cross purposes. Security measures in the office usually stop at the network, protecting access to files and applications and ensuring that PCs within the physical boundaries of the workplace are protected against attack. But today, physical boundaries are irrelevant.

We saw this last week when an ethics report from the US House of Representatives was accidentally leaked onto a public P2P file sharing network. The document was an internal file that listed several members of Congress who were being investigated for ethics violations.

There is an argument, which has some legitimacy, which says that ethics investigations should indeed be made public. Citizens have the right to know whether their elected representatives are crooks. But that argument is misplaced. The policy of the Ethics Committee is not to disclose those investigations unless there is a formal investigation, and at that point it would be made public. But that again is besides the point.

The point is, the House of Representatives used lax security rules, and needs to tighten them up. Whether the information should have been public or not doesn’t matter; the fact is that they screwed up from a security perspective by allowing something to be made public that they had not intended to be made public.

The Ethics Committee was quick to release a “not our fault” statement, saying that the leak wasn’t caused by their own information systems. But this is only a half-truth. The leak was in fact caused when a junior staffer took the file home and stored it on a home computer where P2P software was installed, and as such, the Committee argues that it wasn’t their systems—but in fact, it was their own lack of policy and oversight that caused it. Security policy once again must go beyond the borders of the enterprise and into every computer that touches the network. If a worker telecommutes, then the computer used for telecommuting—especially if sensitive documents are being worked on—must also comply with corporate policy. And that means no P2P file sharing applications on it.