#include <disclaimer.h>
The following was carried out as a gedankenexperiment. Should you choose to implement any or all of the suggestions below, they are your own creations and responsibilities. You are responsibile for validating and/or refuting any assumptions, data, and conclusions presented below before attempting implementation.
Now that the legalese is out of the way, on with the writeup
The title of this node shouldn't be all that surprising. The RIAA (and their cronies for that matter) are known to hire companies that specialize in tracking filesharing over the internet. Before you cry foul, consider this: What they're doing is perfectly legal, while what p2p users are doing is questionably legal at best.
IANAL, but my understanding of the US Constitution (specifically, the Bill of Rights) is that it gives you more than enough rope to shoot yourself in the foot. For Constitutional and privacy purposes, the internet's as public as Central Park. There aren't any back alleys on the internet sheltering shady dealings from the visibility of the rest of the net. Almost anything you do is perfectly visible to whomever takes the effort to put a packet sniffer between you and the other guy. Some things, such as SSL-encrypted transmissions, would still be sniffed, they just wouldn't render anything useful (aside from sender, receiver, and other header data).
That last sentence is the key to blinding the RIAA and friends to your activities. No, not a p2p client that uses SSL-encrypted transmissions. SSL (or any other encryption method, for that matter) is pointless if the network itself is wide open. With an open network, these companies can simply assign a few engineers to reverse engineering the protocol used, and from those specifications write a tool to monitor everything. If pushed by their clients to do so, they could probably do this in a matter of weeks, at which point the p2p users would be back to square one securitywise.
Truly secure filesharing requires a closed group using secure connections of some sort, such as VPN, ip tunnels, SFTP, or some other encrypted protocol. This solves both the third-party remote monitoring problem and the open network problem. However, this brings the human element to the forefront. Not only does it rely on each member keeping their logins and passwords secret, it also relies on none of them being arrested for tangentally related crimes (i.e. other forms of piracy) and turning state's evidence against the rest of them. These kinds of networks also make the group more resemble hardcore piracy groups (i.e. Drink or Die) than p2p users. Provided the members keep sufficient secrecy of their activities (and don't tag whatever files find their way out of the group), they should be relatively safe.