House Committee Passes HR 1319, the (ill) Informed P2P User Act.

By on
Michael Wyszomierski, “Secured.” September 19, 2005 via Flickr, Creative Commons Attribution.The Energy and Commerce comittee recently passed the "Informed P2P User Act" and has sent it on to the full House for consideration. The Act is intended to protect computer users from inadvertently sharing confidential or personal information. However, this Act has been criticized as merely "feel good" legislation that provides no actual benefit.


Congresswoman Mary Bono Mack first brought the Act in March 5, 2009. The purpose of the Act is "To prevent the inadvertent disclosure of information on a computer through the use of certain ‘peer-to-peer’ file sharing software without first providing notice and obtaining consent from the owner or authorized user of the computer."

 

While this sounds like a noble goal, the unintended consequences of this bill make it bad legislation.

 

A little background


One of the primary concerns prompting this Act is the leaking of confidential government information. This past year, classified information regarding the President's Marine One helicopter was leaked on the Internet. The source of the leak was a peer-to-peer program downloaded and installed onto a government computer. Another recent leak involved Secret Service details for the First Family. This involved sensitive information regarding Presidential motorcade routes and safe houses for the First Family.


Peer-to-peer software is used to share music, movies, and many other files on the Internet (think Bittorrent, Usenet, etc). However, sometimes software can end up sharing a majority of the users files, including private or sensitive information. The bill suggests that people using these peer-to-peer applications are often unaware of what they are actually sharing with the rest of the online community.

 

The Informed P2P User Act requires the following from software vendors. First, it requires clear and conspicuous notice. Prior to "initial activation", the P2P software must notify the user which of his or her files are subject to search and copy by other computers (lack of clarity on this point described in PK's crticisms below). The software then must obtain informed consent from the users. Second, the Act prevents devious or disingenuous tactics by software vendors. Secret or surreptitious installs are prohibited. The user must also have the ability to remove or disable the software.

 

The Act's goals appear logical in the abstract, however, there are several flaws when you try to apply the language to the reality of software. Essentially, the act aims to control the practical functioning of software, as opposed to simply trying to propose reasonable consumer disclosure requirements. Public Knowledge has identified five potential problems with the Act:

 

 

"1. Legislating Software Design: The bill is aimed at a specific technology and kind of application instead of simple non-tech-focussed consumer protection and disclosure principles. Instead it’s aimed at legislating the design and workings of common software. It’s the exact kind of thing that has all kinds of unintended and unforeseeable consequences.
2. Over / Under Inclusive Definition: No matter how narrow the definition of “covered file-sharing program” may seem, it’s going to include more and less than is intended or desirable. Over inclusive: bill would include basic operating systems like Windows 7 and Mac OS X that enable file sharing; iTunes shares media files as well. Under inclusive: bill would not include applications that simply upload the entirety of a user’s hard drive to the web.
3. “Initial Activation” Needs Clarification: The amendment, just like the previous bill, requires the software to notify the user at installation and “initial activation of a file sharing function.” The problem remains that there are a number of interpretations of what this means, here are three: A. The first time an application is installed and launched; B. Every time the application is launched; or C. Every time the feature is enabled. Unless the language is made clear, developers not wanting to incur penalties will err on the side of notice, which means the most notifications.
4. Applies to Software Already Written: Software that has already been written and is still being distributed, but not maintained by a developer or manufacturer may fall prey to the provisions of this bill. Unless otherwise exempted, this would require developers to update their older software at great cost, unless they wanted incur penalty of law.
5. Interferes with User and Administrator Choice: This bill would require a fundamental change in how much software operates. Users, especially system administrators, make informed choices about the applications that will meet their needs — especially those that “just run” without user interaction. In many cases, how an application installs, launches, and operates behind the scenes is part of their decision, and this bill would interfere with how they run their systems."

Opponents of the Act, claim that this is just another ill-advised attempt to reduce piracy and illegal file sharing. While the Act deals with peer-to-peer software, it does nothing to hinder to block the use of the software in illegal ways. Instead, the Act would have the effect of establishing greater liability for file sharers. This is because it is harder to claim ignorance, and possibly easier to argue something like willfulness in copyright law, in any future lawsuits because the alleged infringers will have knowingly consented to sharing their files.

Another potential problem for practical application of this legislation lies in the fact that much of the software is created outside of the U.S. "In other words, because the FTC does not have jurisdiction over individual programmers, many of whom live outside the U.S., there is little it can possibly do to enforce the provisions of this bill. It is in effect, a harmless piece of “feel-good” legislation." (https://theassurer.com/p/501.html)

The Informed P2P User Act is a vague and ill-crafted legislation that ostensibly claims to increase the protection of computer users and file sharers. However, it ends up putting greater liability on unwitting users, lacks the ability to be practically applied, and attacks the technology rather than the underlying behavior.
Find additional articles by

Related Topics: 

Related Types of Content: 

Additional Tags: