House Committee Passes "Informed P2P User Act"

An anonymous reader writes "This week the House Energy and Commerce Committee passed the 'Informed P2P User Act' and has sent it along to the full House for consideration. The bill, which appears to have heavy support on both sides of the political fence, simply states that P2P software must not install extra software or prevent users from removing it, in addition to being 'clear and conspicuous' about which files are being shared and getting user consent to share them. 'Rep. Henry Waxman (D-CA), the powerful committee chairman, opened the markup session by warning about "the danger of inadvertent sharing of sensitive information through the use, or misuse, of certain file sharing programs. Tax returns, medical files, and even classified government documents have been found on these networks. The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved."'"

Why P2P

[AnotherBlackHat]

Why is this limited to P2P software?

Re:Why P2P

[ZekoMal]

Because then companies like Sony couldn't screw with us.

Re:Why P2P

[Drunken+Buddhist]

Did someone forget to inform this senator that we (the US) no longer own the internets?

Re:Why P2P

[kevinNCSU]

Did someone forget to inform this senator that we (the US) no longer own the internets?

Did someone forget to inform you that p2p software generally installs on a machine in a physical location and therefore is subject to the laws and regulations in that location? Just because your machine is able to talk to machines in a different country doesn't mean your machine is somehow above the laws of the country you live in.

Re:Why P2P

[ajs]

Why is this limited to P2P software?

Because almost every other type of unintentional sharing of files (if not all) are already covered by electronic privacy laws.

However, in the case of applications which are designed to share files, there's a legal gray area, where the author can claim that they have no obligation to have disclosed which files were being shared, and that the user consented to sharing their files by installing file sharing software.

This bill would close that loophole.

Re:Why P2P

[geekoid]

The worst thing about reading the article is reading dumb ass posts like yours.

Strike that, the worst thing is people modding up dumb ass posts like your, you posting it is the second worse thing.

Re:Why P2P

[interval1066]

@Drunken Buddhist: "Did someone forget to inform this senator that we (the US) no longer own the internets?"

The US didn't "own" the (sic) "internets". The US ran ICANN, the Internet Corporation for Assigned Names and Numbers, which is the root level domain server system. Important, but its not ownership. There are talks of alternative domain name root systems, but I don't know how far implemented those are. If you control ICANN, you control the internet to a certain extent, but anyone can set up a root name system, and indeed there are private root name servers for companies and other entities that want to manage private name systems all the time.

Re:Why P2P

[commodore64_love]

And open a new one where the FBI (or RIAA investigators) can simply "ask" the program, "What files were shared?", get a convenient generated list, and find all the evidence they need to make your day in court miserable.

Re:Why P2P

[girlintraining]

And open a new one where the FBI (or RIAA investigators) can simply "ask" the program, "What files were shared?", get a convenient generated list, and find all the evidence they need to make your day in court miserable.

And if my computer lies? Nobody said my computer has to be programmed to tell the truth.

Re:Why P2P

Yes, I believe it does.

Re:Why P2P

[fuzzyfuzzyfungus]

It isn't obvious(though it seems that most anything could happen when it lands in the lap of some judge who can just about handle touch-tone phone era technology) that the program would need to keep a permanent list, or even a list of files at all.(or, rather, no more than simple technical necessity dictates today)

Already, most any P2P program will have a list of files to be shared, either explicit or "all files in directories X, Y, Z" stored in a config file so that the user doesn't have to reenter that information every time they start the program. Presumably, a program could comply simply by clearly displaying its default folder shares on first install, and ideally making the option to change them suitably clear. There is no information of law enforcement interest there that wasn't in the config file before, for simple technical reasons.

Re:Why P2P

[CannonballHead]

@AnonymousCoward This is not a text message. This is slashdot. We have an educated readership (and full QERTY or DVORAK keyboards) here, so when you type your message, it is unnecessary to use abbreviations for words, such as "b/c." Please keep Text Message English where it belongs (in text messages).

Re:Why P2P

[commodore64_love]

Those config files get erased over time. For example there's no remaining record that I downloaded Star Wars Episode 2 five years ago using Azureus, since both the movie and *.torrent were deleted..... but maybe this new law will require Azureus to keep that information indefinitely. "Ahhh I see this guy downloaded SW2 on 11/05/2004. Got him."

Re:Why P2P

[Jaysyn]

Great point. If you code something that in fact does just that, I hope you share it :D

Re:Why P2P

[MobyDisk]

Because almost every other type of unintentional sharing of files (if not all) are already covered by electronic privacy laws.

Incorrect. The correct answer is "Because legislators are morons and follow zeitgeist instead of reason."

There are 2 ways to share files: P2P, and client-server. Those are technical terms. If this legislation says that it only applies to P2P, then it just flat-out won't work. Common examples: Backup software or remove diagnostics software.

Re:Why P2P

[TheRealMindChild]

How is this different than having to give up a DNA sample when you are a suspect of a murder?

How about this... don't share files you have no legal right to share.

Re:Why P2P

[Thaelon]

How about, instead, we inject some personal responsibility into the mix? If you work on a computer with sensitive information on it, you're responsible for any and all software you install on it.

It's amazing how much personal responsibility can make up for "gaps" in "policy".

Re:Why P2P

[Mister+Whirly]

Dear everyone - this is Slashdot. Yes, some people will do and say things you don't like here. Get over it.

Re:Why P2P

The current language has absolutely no mention of retention times for the records, or even generating them in the first place. It only focuses on right before and during a P2P application is run, i.e. the user must be informed of what files are shared and consent to it. There is currently no requirement to keep a log, especially for years.

Yes, it could be worthwhile to to follow the debate once it gets on the house floor to make sure this remains so. However, in its current form it doesn't require anything like your hypothetical scenario implies!

Re:Why P2P

[Voyager529]

For example there's no remaining record that I downloaded Star Wars Episode 2 five years ago

There is now.

Re:Why P2P

[Lehk228]

if by "maybe this new law will" you mean "nothing in this law will" then you are correct.

Re:Why P2P

[MrMista_B]

Why would they need to do that when they can just invent a list, and you have no way of proving otherwise?

Re:Why P2P

[gnieboer]

True, all P2P apps have to know what files they are sharing. But here's where I see bill's raison d'etre...

"being 'clear and conspicuous' about which files are being shared and getting user consent to share them"

NOW, when the RIAA sues everyone:
The software maker is free and clear ("We added the consent to share box as mandated by law")
And the person sharing Rocky 17 CAN'T say "I had no idea that file was being shared", which has been a defense in the past.

So (IMHO) when we talk about big lobbying groups, the RIAA would like it, and the software makers are willing to put up with the other provisions because now they are off the hook from the big P2P lawsuit.

Re:Why P2P

then you get to pay huge legal fees to explain to the court how smart (stupid) you are!

Re:Why P2P

[AndrewNeo]

And the person sharing Rocky 17 CAN'T say "I had no idea that file was being shared", which has been a defense in the past.

And now someone using that as a defense will have no excuse, because they'll be informed that they are indeed sharing that file, and if they were lying, well.

Re:Why P2P

[b4dc0d3r]

W

I think you dropped this. I included a newline too. Also, you might check on your shift key, it seems a bit sporadic. Might need to look at your keyboard in general. Good tools make for good communication.

Re:Why P2P

[HTH+NE1]

How is this different than having to give up a DNA sample when you are a suspect of a murder?

My DNA is based on the quadruple-striated octo-helix you filty rotten stinking sameling!

Re:Why P2P

And if my computer lies? Nobody said my computer has to be programmed to tell the truth.

yet

Re:Why P2P

[bill_mcgonigle]

Why is this limited to P2P software?

If ars is accurate, it's not - they revised the definition but it's probably still very broad. There's no such thing as P2P at a network level. To lean on a broken model, this sounds like Layer 7 legislation trying to solve a Layer 2 problem. That and a PEBKAC-layer problem (yeah, really, Waxman said so).

Re:Why P2P

[tsm_sf]

"This text file says you're a bad guy, and they're really difficult to fake."

((apologies to strange brew))

Re:Why P2P

[geekoid]

Computers always tell the truth..programmers lie~

Re:Why P2P

[Tubal-Cain]

To lean on a broken model, this sounds like Layer 7 legislation trying to solve a Layer 2 problem.

Whats wrong at Layer 2?

Re:Why P2P

[Cryogenic+Specter]

What about using old software written before the law takes effect?

Re:Why P2P

[commodore64_love]

>>>don't share files you have no legal right to share.

I'll stop when the copyrights have an expiration date, such that works fall into the public domain. Until that happens the copyright holders are in direct violation of the American People's Authority, which supersedes all other laws, and also the constitutional requirement of a LIMITED copyright.

Re:Why P2P

[bill_mcgonigle]

Whats wrong at Layer 2?

the protocols are fine, but the crimes can be committed from Layer 2 on up, while they're trying to define the crime as being reliant on a Layer 7 application.

Re:Why P2P

[ajs]

And open a new one where the FBI (or RIAA investigators) can simply "ask" the program, "What files were shared?", get a convenient generated list, and find all the evidence they need to make your day in court miserable.

I think you're mis-reading the bill. Can you point me to the provision that requires for remote activity log polling?

Re:Why P2P

[Krneki]

When they are overclocked they become evil, thus they lie!

Re:Why P2P

[ajs]

And the person sharing Rocky 17 CAN'T say "I had no idea that file was being shared", which has been a defense in the past.

And now someone using that as a defense will have no excuse ...

Interesting.

This "person" is named "AndrewNeo". Presumably derived from The Matrix (Neo) and Buffy (Andrew), both characters that dealt with simulacra.

The comment itself is a sophisticated transformation of the original statement which shows a strong grasp of English grammar and even some semantics, but no ability to generate original concepts. It also ends with a poorly constructed sentence fragment, but that's not new on Slashdot ;)

I've seen a number of posts like this today. I wonder how many "AndrewNeos" there are on Slashdot these days....

Judge for yourself, visit http://slashdot.org/~AndrewNeo and tell me if you think this is a human....

Re:Why P2P

NOW, when the RIAA sues everyone in the US

There, fixed that for you. There are country which look at your laws as comical works of fiction.

Re:Why P2P

[2short]

What provisions of the bill in question are you referring to? I see no provision requiring any list accessible to the FBI. It has to tell the user what it is going to share at install time.

The bill is 7 pages, and the portion worth reading is 2. Double spaced, with huge margins. You've probably read more text of comments on this story than there is text in the bill.

Being annoyed when legislators propose weasily laws is reasonable. Assuming laws are weasily may be understandable. But it's dumb to rant on about how weasily a particular law is without making any attempt to determine if it is true.

I've read the bill. I don't see the evil. It just sounds like an obviously good idea: programs that are going to share your files must inform you what they are going to share at install time, and must not prevent you from stopping sharing and uninstalling them.

Re:Why P2P

[blueg3]

Azureus writes that data to a log file, actually.

Also, there's a reasonably good chance the data of the .torrent is still recoverable from unallocated space on your hard drive, although it's rather challenging to prove that you did, in fact, download the data just from the fact that the .torrent is on your system.

Re:Why P2P

[Dan541]

Why would they need the list?

They accuse you, you're guilty end off.

They aren't going to trouble themselves with minor inconveniences such as providing proof or evidence.

Re:Why P2P

Now I'm reminded of this article.

http://hardware.slashdot.org/story/09/08/19/185259/Neural-Networks-Equipped-Robots-Evolve-the-Ability-To-Deceive?art_pos=8

Re:Why P2P

[Philip_the_physicist]

I could not see where the bill required the program to log the files to be shared, it only said that the list had to be shown and approved. ISTM that all that means is that the directory selection dialogue box would have to be shown on start-up. That would be satisfied with one IFDEF containing one function call (to offer this feature without annoying those outside the US who don't want it (because it is in their startup programs, for example)), along with a simple line of text on the download page.

(This assumes that the program is non-malicious, if it is doing anything underhand, of course there would be more difficulty.)

Re:Why P2P

[Philip_the_physicist]

That sounds like a Layer 8 problem.

Re:Why P2P

[AndrewNeo]

Now my whole life has no meaning!

Re:Why P2P

[CannonballHead]

Doh. :)

Spill the beans

[oldhack]

Ok, so who funded this bill and why?

Re:Spill the beans

[mcgrew]

I'd like to know why an "informed P2P users act" doesn't do anything to inform the downloader if the material is ok to download. There are literally hundreds of songs named Scatterbrain. Some are RIAA-label copyrighted, some are indie copyrighted and you have permission to share, some are GPL, and some have been put in the public domain. Of the three kinds of songs only one is illegal to share. So if I ask for "scatterbrain" and it returns five hundred instances of "scatterbrain.mp3", I should have the right to know which 3 out of 4 files is OK to download.

With me it's a moot point, as on the rare occasions I download a song it doesn't go into a shared folder, so it's not going to be re-shared, but if I use a torrent I really don't have this protection.

Technologically infeasable, you say? Then simple, make all noncommercial copying to be non-infringing. Make the record companies stop pretending to "sell" music and go back to selling physical objects: CDs with cover art and liner notes with a higher sound quality than MP3s.

Re:Spill the beans

[ajs]

Ok, so who funded this bill and why?

Almost certainly groups like the RIAA and the MPAA.

Their goal is in ratchet up the personal liability of the users who use these systems. By forcing applications to be much more explicit about what's being shared, they reduce the number of cases they lose against file sharers on the grounds that they didn't know what they were sharing.

Re:Spill the beans

[Smegly]

One possible reason: Makes services like Freenet illegal. For example donating disk space and bandwidth to encrypted files where the user-node does not actually know what they are helping to deliver sounds like it would violate being "'clear and conspicuous' about which files are being shared and getting user consent to share them".

No "Common Carrier" status for P2P nodes here...

Re:Spill the beans

[oldhack]

Sounds plausible - Waxman represents Beverly Hills area and is in the Hollywood's tank.

Re:Spill the beans

[CastrTroy]

As long as you make it clear and consice that anything and everything can be shared, and that the user agrees to this, I see no problem with programs like these operating. What it's really designed to stop is P2P applications getting installed that don't tell the user they are sharing the whole C: drive by default. As long as you tell the user exactly what is happening, and they agree to it, there is no problem.

Re:Spill the beans

[commodore64_love]

>>>Makes services like Freenet illegal.

Ahhh smack! Yes I think you've finally discovered the hidden agenda behind this bill. The U.S. government has systematically been stripping-away the right of anonymity, and Freenet's entire purpose is to keep files anonymous and out-of-government's prying eyes. This bill effectively kills the project by making Freenet illegal.

Re:Spill the beans

[rcolbert]

This is exactly right. The bill is masquerading as an attempt to protect the user, but in reality is trying to remove any form of plausible deniability so that P2P users are easier to prosecute. Did we really think the government cares about P2P users? Of course not. P2P has a dirty reputation on Capitol Hill. I bet that most legislators would sooner presume guilt of a P2P user than a Guantanamo detainee.

Re:Spill the beans

[fuzzyfuzzyfungus]

Freenet could, barring a truly weird judicial interpretation, comply pretty easily.

The only "shared folder" is the folder, of user allocated size, where freenet stores its encrypted chunks. Each of those chunks is one of the shared files. All freenet would have to do is say "When you install freenet, all files in folder X will be shared with other freenet nodes, as well as any files you explicitly upload". The fact that the user does not and cannot figure out what exactly the encrypted chunks are is neither here nor there.

Re:Spill the beans

[Hijacked+Public]

Make the record companies stop pretending to "sell" music and go back to selling physical objects: CDs with cover art and liner notes with a higher sound quality than MP3s.

They could do that now if they thought it was a viable business model. Maybe they don't because they are too heavily invested in the current model's infrastructure, I don't claim to know.

I do know that judging from the audio equipment you see dominating shelves, the masses aren't too picky about sound quality. Decent cover art and liner notes might be something worth returning to, but digital distributors will almost certainly be able to outdo them there (with the exception of providing a physical copy). It will be interesting to see how Apple LPs sell.

Re:Spill the beans

[icebike]

Even more interesting is the provision right up front in section 2.a.2 exempting preloaded software on new computers as long as somewhere in the 40 pages of tiny print the purchaser is told that a back-door sharing program is installed.

So preloaded sharing programs and spyware installed by Sony is ok then...

The bill is 7 pages, people. READ IT.
http://energycommerce.house.gov/Press_111/20090930/hr1319_ains.pdf

Re:Spill the beans

[AmishElvis]

Could you make the argument that this bill would apply to windows and itunes? Both can be set up to share files on your computer.

Re:Spill the beans

[westlake]

So if I ask for "scatterbrain" and it returns five hundred instances of "scatterbrain.mp3", I should have the right to know which 3 out of 4 files is OK to download.

If this worries you, why aren't you downloading directly from the artist's or label's site? The torrent from an unknown and untrusted source is inherently more dangerous.

Re:Spill the beans

[AndrewNeo]

I don't think that's true, as the government itself has been burned several times by having contractors sharing files from internal networks. However, even if it were the case of reducing cases between the RIAA and the public.. how is this bad?

Re:Spill the beans

[HTH+NE1]

With me it's a moot point, as on the rare occasions I download a song it doesn't go into a shared folder, so it's not going to be re-shared, but if I use a torrent I really don't have this protection.

It depends on the torrent client whether it supports "leech mode".

Re:Spill the beans

[mcgrew]

why aren't you downloading directly from the artist's or label's site?

Kind of hard to do when all you know is it's title, even harder when you only know its possible title.

Re:Spill the beans

[geekoid]

No, not really. The bill is being funded ebasue secret government documents keep getting leaks via P2P programmers from the machines of privets contractors.

And having to tell a user what your program does is a good thing. No spin you attempt will change that fact.

Re:Spill the beans

[geekoid]

Maybe you should have kept reading?

There needs to be a reasonable way to determine and remove any software even on a new system.
This is an improvement and it's a good bill.

Re:Spill the beans

[geekoid]

Yes it applies to windows and iTunes.
Well, specific program bundled with windows.

Re:Spill the beans

[icebike]

You have to KNOW about it before you can remove it.

Since its EXEMPTED from even informing you (other than in some fine print in the back of the manual that came with the machine) your average user will not even KNOW about it because all they read (if anything) is the quick start guide.

I read the entire bill. Have you?

Re:Spill the beans

[SeaFox]

Isn't it sad that now whenever any piece of legislation is crafted we automatically assume someone "bought" it and has ulterior motives to it's existence than what the bill would have you believe.

Re:Spill the beans

[ajs]

I don't think that's true, as the government itself has been burned several times by having contractors sharing files from internal networks.

True, but not pertinent. The federal government doesn't pass laws to make software less harmful to itself, it simply bars the use of such software internally.

The RIAA, however, has a tremendous amount of influence of Capitol Hill, and when they need a provision that supports them in court, as long as it doesn't look too terribly blatant, then it goes in.

However, even if it were the case of reducing cases between the RIAA and the public.. how is this bad?

I'll have to re-read. I wasn't aware that I'd used the word "bad". I thought I was just pointing out the obvious source.

Now, you might say that the RIAA having as much pull in Congress as they do is "bad," but that's a judgment call you have to make for yourself.

As for the law... I think this should have been an FCC regulation, but there's no explicit harm done as far as I can tell. Then again, I'm not a lawyer.

Re:Spill the beans

[ajs]

No, not really. The bill is being funded ebasue secret government documents keep getting leaks via P2P programmers from the machines of privets contractors.

Modern browsers come with spell checkers. I suggest using them.

That said, the federal government typically doesn't do that, as I said in a previous post. I could see that being a lever that the RIAA used in pushing this bill along, but I would be shocked to find out that they weren't the primary motivating force, here. This is the RIAA's job for the music industry and they're very good at it.

Re:Spill the beans

[Tubal-Cain]

I'd like to know why an "informed P2P users act" doesn't do anything to inform the downloader if the material is ok to download.

It just has to make sure that you know you are sharing files, not the legal status of those files.

Re:Spill the beans

Only people who read. If you get your "facts" from television then you know they are just looking out for our welfare.

Re:Spill the beans

So do things like sftp fall under p2p? I can't figure if they would be under the definitions.

Re:Spill the beans

If you don't want to get sued for copyright infringement, I suggest you stop infringing copyrights. It's a pretty good solution that works for me.

but oh noes, Congress is evil for taking away your bullshit "I didn't know I was sharing everything in my "My Shared Folder" folder" defense that was never true in the first place.

Re:Spill the beans

[icebike]

Hard to say.

The definition of software covered by this bill includes this exemption:

(B) does not include a program, application, or software designed primarily toâ"
  (i) operate as a server that is accessible over the Internet using the Domain Name System;

So this implies that if you installed ssh server software on the machine, it is designed to operate as a server could claim this exemption.

However, then they put in that nonsense about the Domain Name System. Does this imply that a network based ONLY on numeric IP addresses is forbidden?

If you want to claim server status (and be exempt) you have to have a resolvable name?

Baffling!

Re:Spill the beans

[rcolbert]

If you don't want to get sued for copyright infringement, I suggest you stop infringing copyrights. It's a pretty good solution that works for me.

but oh noes, Congress is evil for taking away your bullshit "I didn't know I was sharing everything in my "My Shared Folder" folder" defense that was never true in the first place.

You don't have to participate in file sharing to know that many of the people who have come under the assault of the MPAA and RIAA legal efforts are generally decent people who have receieved disproportionate attention relative to their alleged crimes. Now you want to arm these McCarthy-like legal teams with more effective ammunition because their present legal recourse is somewhat impotent? Give me a break! BTW - I own every movie and song I posses in any format. I may be a criminal because I have chosen to alter the format for my own convenience. Of course, this is completely legal under fair use, so the evil media companies had to push for the DMCA to make it illegal under certain circumstances due to a technicality. Please, continue to ignore history and reality. DMCA superseding fair use was a noble act. We need more laws drawn up by the big media lobby. Hey, maybe we can even start patenting movies and audio recordings. After all, each new song or film transforms the machine upon which its played.

Re:Spill the beans

[IndustrialComplex]

This computer may be installed with software intended to provide you with the Optimal User Experience. Functions of the software may include, but are not limited to, file creation, file alteration, reporting of usage statistics, management of file systems and other functions necessary to provide the Optimal User Experience.

Re:Spill the beans

[mcgrew]

An "informed P2P users act" ought to inform the user, not inform ON the user.

Do OS-included programs count?

[davidwr]

Do sftpd and Windows File Sharing count? The bill better be carefully worded or the law of unintended consequences and vendors screaming "waitaminuteididn'tknowmyproductqualified" will be the end result.

Re:Do OS-included programs count?

See This discussion

Re:Do OS-included programs count?

[Idiomatick]

I think most laws are written to effect twice the number of people it looks like they are targeting. Then you never use it so that people don't fight it. In the end you are left with the ability to sue or charge any one into oblivion at any point in time.

I can almost guarantee I'm violating a half dozen laws as I type this. I'm sure over the next month if a team of well read lawyers tracked my every movement and inspected my house they could charge me with a few hundred offenses. A society of criminals is easier to control. It may sound paranoid but I doubt anyone here could go a month without doing a few dozen things you could get charged for.

Mod parent up

[argent]

Yeh, that's the important point. Why not just ban spyware, period?

Re:Mod parent up

[ajs]

Yeh, that's the important point. Why not just ban spyware, period?

Spyware violates electronic privacy laws that already exist.

Re:Mod parent up

[commodore64_love]

So is spyware is already "banned" by privacy laws, why do we need this separate P2P legislation? Sorry I can't help being skeptical. The Patriot Act included things nobody knew about, and discovered later after passage, and I'm wondering if this P2P bill has similar "gotchas" hidden inside of it. Like:

- "We caught you P2Ping the latest Linux distro. Per U.S. law we are required to suspend your account until you agree not to use P2P." - MSN

Re:Mod parent up

[MBGMorden]

Notice that this didn't ONLY ban spyware. It had stipulations that state that when a P2P app is installed it clearly indicates what is being shared. This will just prevent Joe Sixpack from installed AwesomeShareItAll v3.1 where it just shares out your entire hard drive without indicating it.

Personally, I just don't see too much evil in this bill.

Re:Mod parent up

[FlyingBishop]

It really doesn't. In fact, it has such broad descriptions of what it does not cover, I'm not sure how this can really apply to anything other than Limewire:

Sec. 4.4.B
(B) does not include a program, application, or software designed primarily toâ"

          i. operate as a server that is accessible over the Internet using the Internet Domain Name system;
          ii. transmit or receive email messages, instant messaging, real-time audio or video communications, or real-time voice communications; or
          iii. provide network or computer securrity, network management, maintenance, diagnostics, technical support or repair, or to detect or prevent fraudulent activities.

While it does technically apply to torrenting Linux distro, someone could trivially code up a client designed for distribution of Linux binaries that would qualify as a maintenance tool, and probably also computer security, as well as technical support or repair without too much trouble.

And if someone happens to prepare a patch that enables general bittorrent...

However, it's not likely to be necessary - the bill basically only allows to programs that automatically start sharing shit on the internet. And I would be really impressed if someone managed to create a torrent by accident.

Re:Mod parent up

[commodore64_love]

Yeah but it will also stop us from using FreeNet and other censorship-resistant, anonymous sharing networks. Read more here:
- http://en.wikipedia.org/wiki/Anonymous_P2P (generalized description)
http://en.wikipedia.org/wiki/Entropy_(anonymous_data_store)
http://en.wikipedia.org/wiki/GNUnet
http://en.wikipedia.org/wiki/I2P

Maybe this act should be called U.S.A. P.A.T.R.I.O.T. A.C.T. - An addendum to stop domestic terrorists* via outlawing anonymous internet usage.

*
* somebody who has a copy of the Constitution or a colonial flag hanging in his garage - see http://www.pa-aware.org/who-are-terrorists/domestic-5.asp

Re:Mod parent up

[DeadPixels]

While the intent seems to be noble (prevent data leaks/security breaches), the impression that I get from TFA is that this is applicable to all P2P software and not just the use of P2P software by the federal government - and that's where I have a problem with this.

First, it requires P2P software vendors to provide "clear and conspicuous" notice about the files being shared by the software and then obtain user consent for sharing them

While I see the thought process behind this - make sure the user knows what they're sharing - I can also put on my tinfoil hat and see how this could be problematic. Seems like it would make an **AA case like shooting fish in a barrel if they can prove that the user acknowledged that he or she was sharing a copyrighted file. Plus there's the whole anonymity thing.

I'd say the intent is good, but the way of going about it could be problematic, especially when the regulation applies to all P2P software and not just that used by the government.

Re:Mod parent up

Commodore, I looked through the bill (all 7 pages of it, and half of which are definitions) and it doesn't make using these services illegal. From my reading, the only impact is software must give clear notifications to the user on what is being shared. It doesn't require identification of what computers you are sharing. So unless you can point to the exact language I'm misunderstanding in the bill, I don't think what you bring-up is really an issue.

Re:Mod parent up

[Bill_the_Engineer]

Yeah but it will also stop us from using FreeNet and other censorship-resistant, anonymous sharing networks. Read more here:

Please explain your position.

How would informing the P2P user about what is being shared on that user's computer prevent the user from using FreeNet and other anonymous sharing networks?

Re:Mod parent up

[Rockoon]

Suppose I stick HideMyIdentity.ZIP on FreeNet. How does a person download this file without getting personal information (such as my IP address, or what other files I am sharing) about me without involving a layer of other FreeNet users who are used to facilitate the transaction?

Isn't that facilitation just a clever way to say that they are sharing the file HideMyIdentity.ZIP in proxy?

I suggest that its accurate to say that when you are using FreeNet that not only are you sharing files on your hard drive marked for sharing, but that you are also sharing the files of every other FreeNet user, and that further you have absolutely no control at all over what those files are. The FreeNet FAQ addresses concerns about sharing child porn/etc by saying that if you truly believed in free speech that then you shouldn't mind, and that if you do mind then don't run FreeNet.

Re:Mod parent up

[cayenne8]

"How would informing the P2P user about what is being shared on that user's computer prevent the user from using FreeNet and other anonymous sharing networks?"

Because they way those networks work is...that no one really knows what is going in and out of their machines. That's how files are traded anonymously, everything is encrypted, and you never know really what is coming in or going out of your node you run. I'm guessing that is the aspect the GP is referring to if this bill is passed.

Re:Mod parent up

[Pinckney]

IANAL, but I don't think it applies because Freenet isn't a "a program, application, or software that is commercially marketed or distributed to the public."

Furthermore, my understanding is that Freenet stores the shared files in a single, encrypted file. Shared files are not stored within the host filesystem, correct? Then it need only notify the user that the encrypted file it uses will be shared, without necessarily notifying the user of the contents. Uploads to Freenet are accomplished with independent software that requires initiation by the user, and is therefore not covered by this law.

Re:Mod parent up

[adolf]

Naah.

Freenet stores its data in encrypted files and refers to them with hashes, right? I mean: It's just files on a filesystem, isn't it? So, all the software has to do to stay in compliance is state which of those files are being shared.

It doesn't state that it must decrypt the files. Or that the content of them must be disclosed. It would just need to report to the user the same stuff that already gets reported to Freenet at large.

Doing so is neither against this bill, nor against the spirit of Freenet, nor in any way any significant technical hurdle to overcome.

(Unless I'm very mistaken, in which case I welcome any corrections.)

Re:Mod parent up

[commodore64_love]

>>>rec.arts.tv, alt.tv.stargate-sg1, alt.tv.stargate-atlantis, , rec.arts.sf.tv

Because I don't WANT some fbi agent somewhere loading-up Freenet, looking at his screen, and saying, "Hmmmm C64love is sharing a copy of Commonsense and other revolutionary-era materials." I don't like being spied on. That's the whole reason why I would use a censorship-resistant, anonymous system.

Re:Mod parent up

[Bill_the_Engineer]

That's how files are traded anonymously, everything is encrypted, and you never know really what is coming in or going out of your node you run. I'm guessing that is the aspect the GP is referring to if this bill is passed.

I believe the law is requiring the user to be notified of what personal files may be shared rather than what is being forwarded.

Re:Mod parent up

[shentino]

That's possibly because you haven't read the fine print yet.

Bear in mind that most legislators are lawyers and we ALL know what kind of stuff those guys can hide in writing.

Re:Mod parent up

[harlows_monkeys]

So is spyware is already "banned" by privacy laws, why do we need this separate P2P legislation?

When spyware uploads your tax return, there is no way that is an accident, and it is also likely that the spyware didn't get on your system with your permission. Spyware is covered by existing laws because it is trying to do something bad.

P2P software is generally on your system because you wanted it there. When it uploads your tax return, it is most likely an accident. The P2P software is not doing something bad--it's doing exactly what you installed it to do. You just botched the configuration, or didn't realize that there was a need to configure it.

Hence, laws against spyware are not applicable. This law isn't about banning P2P. It's about making sure the people who install P2P software are aware of the consequences, so they can use it safely, which is quite different from what the spyware laws do.

Re:Mod parent up

[icebraining]

Files are encrypted, so generally the user cannot easily discover what is in his datastore, and hopefully can't be held accountable for it.

Reasonable ignorance of fact exculpates, except in cases of strict liability -> http://books.google.com/books?id=EidE6uyIfd0C&pg=PA157&lpg=PA157

Re:Mod parent up

[Pinckney]

On reflection, the first clause does apply on account of the "or". It is of course distributed to the public. The remainder stands.

Re:Mod parent up

My understanding is that a Freenet node will store encrypted files that where published by other nodes. The keys needed to decrypt the files are stored on another node, so that the owner of each node will not know what files are being stored on their machine.

Without reading the bill, I see potential issues with a Freenet node storing and sharing files for other machines while the owner of the node does not know what files are physically stored on their machine and being shared.

Re:Mod parent up

[adolf]

Doesn't matter.

The encrypted data exists as files on a hard drive. No great mystery to it.

The software just needs to be up-front about what files those are (nevermind the content of them), and that it's sharing them.

It's a short bill, and written in very plain English. I strongly suggest reading the whole thing.

The bit about file sharing is such:

SEC. 2. CONDUCT PROHIBITED.

(a) Improper Disclosure of Personal Information Without Notice and Consent- It is unlawful for any person who is not an owner or authorized user of a protected computer to cause or induce an owner or authorized user of the protected computer to make files from a protected computer available to another computer through a peer-to-peer file sharing program without--

(1) immediately prior to the installation of such program--

(A) providing clear and conspicuous notice that such program allows files on the protected computer to be available for searching and copying by another computer; and

(B) obtaining the informed consent to the installation of such program from an owner or authorized user of the protected computer; and

(2) immediately prior to initial activation of a file sharing function of such program--

(A) providing clear and conspicuous notice of which files are to be made available to another computer; and

(B) obtaining the informed consent from an owner or authorized user of the protected computer for such files to be made available.

(b) Preventing the Disabling or Removal of Certain Software- It is unlawful for any person who is not an owner or authorized user of a protected computer--

(1) to prevent the reasonable efforts of an owner or authorized user from blocking the installation of a peer-to-peer file sharing program or function thereof; or

(2) to fail to provide a reasonable and effective means to disable or remove from the protected computer any peer-to-peer file sharing program or function thereof that the person caused to be installed on that computer or induced another person to install.

Again, there is no discussion about the content of the files. Just that the user must consent to those files being shared. So what if they're encrypted?

This is about as reasonable as any new legislation that I have ever seen.

Re:Mod parent up

[blackraven14250]

All content is stored on nodes, randomly. You might have one image from a child porn site, and one piece of 7-step bomb making, but you have no idea what you have. It's on your HDD, hashed up and hidden from you.

Re:Mod parent up

[blackraven14250]

Might the 'or' refer to "commerically (marketed or distributed) to the public" rather than "(commercially marketed) or (distributed to the public)"?

Related side not: why do they have to write laws in this way, where nobody can really tell what they're saying??

Re:Mod parent up

[MBGMorden]

I think it's also important to note the simply reality: this law targets the makers of software, not the users. FreeNet could be hosted for download outside US jurisdiction and all is fine.

Unwanted software

[conureman]

I'd like to see criminal penalties for bundling undisclosed and unwanted software with any application. See if that gets past the lobbyists.

Re:Unwanted software

[geekoid]

How many aplication can't be considered P2P? Not many.

Re:Unwanted software

All software is unwanted by sombebody.
E-mail is P2P, all websites are P2P, even your connection to your ISP is P2P.
Except the no one is really a Peer of mine!!
Arn't peers supposed to be EQUAL? There is no such thing as equal!

Re:Unwanted software

Every application that is not P2P. So unless you specifically download software that opens a port on your computer that anyone can enter without supplying a password. Then it is not P2P. With sftp and Windows File Sharing you password protect the opened port so a user must authenticate themselves which creates privacy. If you create an unprotected user and then allow file sharing that is your own fault.

Re:Unwanted software

[MBGMorden]

Who is to judge what's unwanted though? Some people actually want the Google Toolbar that gets included with so many other programs. Many others do not. In a less spyware-ish sounding example, my first copy of AviSynth came bundled with another program, and I must say I am happy it did because it has become a mainstay in my video toolbox.

And who is to judge what constitutes separate software? When I go into the "Custom" screen of an installation program there's a LOT of little checkboxes to look over. I'd had to have to start individually downloading every one of those little options as plugins because ofn an overly broad interpretation of your plan.

Re:Unwanted software

[Dog-Cow]

You are an idiot.

Upon installation, disclose to the user that additional programs are included and ensure there is a way to opt out of the installation of those other programs.

In other words: the user.

Re:Unwanted software

[MBGMorden]

99% of all installers do this already. If that's all that was wanted then the status qou is pretty good. The GP specifically said BUNDLING of programs. Irfanview comes bundled with Google Toolbar. Yes you can opt out of it but that doesn't change the fact that it comes bundled, which by the GP's suggestion would possibly become illegal under such a law.

Re:Unwanted software

Good. This means that the software that is not actually necessary for the software to run, will be checked off.

If you want to try something, then leave it checked.

Unfortunately, this does not hold much weight to software installed that is created outside of the US, if the people have no office in the US (or a country willing to help us out over some illegal, but likely very profitable software).

In terms of unwanted, I'd say it's easy to say any software that collects user information without obvious needs (e.g., Google Maps on an iPhone needs your location to help you go from the "Current Location" so it has a need). The tricky part comes in the trojan style software that serves a purpose, along with their nefarious side-effect.

Re:Unwanted software

[conureman]

What I was suggesting was that all programs have disclosure of the extra superfluous crap that I could then choose to opt into (or not). I don't appreciate sneaking in extra stuff that isn't advertised. BTW I would pay MS a bit extra for Windows if I could get it without IE, but that's something that you know you're getting, so it isn't a sneak. I would like programs to not launch TSRs without authorisation too, but that's another issue. This is actually a problem I only see on other people's computers, as I learned a long time ago to eschew most free software &c.

Re:Unwanted software

Thats why when it reaches the house they have the ability to make revisions silly.

Re:Unwanted software

[Petaris]

Me too. I can't wait to never see another 300 MB HP scanjet driver that installs a 5 MB driver and 295 MB of undisclosed and unwanted crappy software. ;)

Stupid old men.

[Lord+Kano]

How do they expect to enforce this law on companies that produce software outside of the US?

Apparently they still don't understand how this internet thing works.

LK

Re:Stupid old men.

[Eudial]

How do they expect to enforce this law on companies that produce software outside of the US?

Apparently they still don't understand how this internet thing works.

LK

Yeah. The Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes.

Re:Stupid old men.

[conureman]

Track down their IPs. We still have ICBMs.

Re:Stupid old men.

[geekoid]

Apparently you don't understand that you should RTFA before spouting off.

Idiot.

Re:Stupid old men.

[mcgrew]

Simple, if you don't like US law, then don't distribute your wares inside the US. Make sure your download site has a disclaimer "This software contains crap you don't want and can't remove, so US residents need not apply. By clicking 'I agree' I hereby affirm that I am not a US citizen or within US borders. Any of the world's other citizens can feel free to be pwned."

Re:Stupid old men.

[hansamurai]

Apparently they still don't understand how this internet thing works.

Add it to the list which includes: the economy, foreign policy, and Major League Baseball.

Re:Stupid old men.

[commodore64_love]

>>>Track down their IPs. We still have ICBMs.

Yes I'm sure the European Union will be most-happy when the U.S. sends an ICBM to destroy (for example) the Piratbyran office in Sweden. We may discover that the EU has a strength never revealed as they come cruising across the Atlantic, defeat D.C., and add 50 new colonies to their organization.

Re:Stupid old men.

[Lord+Kano]

And how will you compel anyone outside of the jurisdiction of this law to display such a disclaimer?

Re:Stupid old men.

[TheKidWho]

>>Yes I'm sure the European Union will be most-happy when the U.S. sends an ICBM to destroy (for example) the Piratbyran office in Sweden. We may discover that the EU has a strength never revealed as they come cruising across the Atlantic, defeat D.C., and add 50 new colonies to their organization

LOL, The dreams of a Euro Nutjob.

Why don't you go get a job instead of trolling slashdot all day?

Re:Stupid old men.

[MBGMorden]

Eh - if there's one thing the US is still good at it's war. We blow stuff up like it's going out of style. We spend a larger chunk of cash on our military then anyone else, and our air superiority is second to none (don't know if it stands true still but just before the turn of the millennium the US still had a large air force than the rest of the world combined). I'd rather doubt that the EU alone could defeat the US in a military conflict. Honestly I'd say that China by itself has a better chance at it.

Whether or not someone else decided to attack as well during any EU attack would be another matter though.

Re:Stupid old men.

[mcgrew]

No one outside the jurisdiction need display it. My laws don't apply to your citizens unless they want to do business in my country. If you're CEO of a German corporation and you distribute your illegal wares in the US, Germany will likely extradite you (unless Germany is like us and its politicians are easily bribed).

Re:Stupid old men.

[Idiomatick]

Uhh if I live in Sweden I'm expected to know vague laws in the US and abide by them hahaha no. Just ignore the law and nothing will happen, I mean no one even sells p2p software anyways and they rarely even have a defacto owner of the product.

Re:Stupid old men.

[Xiaran]

Ummm. EU member nations have their own nuclear weapons you know.

Re:Stupid old men.

[MBGMorden]

I never said they didn't. We do too though (and we have more of them), but that only means assured mutual destruction. If either group actually resorted to using nuclear weapons then neither would be "adding colonies" at the end. BOTH would be reduced to a smoldering pile of rubble. That makes the use of nukes moot. Any time that both sides have them, neither is likely to use them.

Re:Stupid old men.

[Lord+Kano]

No one outside the jurisdiction need display it. My laws don't apply to your citizens unless they want to do business in my country.

EXACTLY!

LK

Re:Stupid old men.

Eh - if there's one thing the US is still good at it's war. We blow stuff up like it's going out of style. We spend a larger chunk of cash on our military then anyone else, and our air superiority is second to none (don't know if it stands true still but just before the turn of the millennium the US still had a large air force than the rest of the world combined). I'd rather doubt that the EU alone could defeat the US in a military conflict. Honestly I'd say that China by itself has a better chance at it.

Whether or not someone else decided to attack as well during any EU attack would be another matter though.

We are?

Look at the debacles in Iraq and Afghanistan.

Re:Stupid old men.

[MBGMorden]

We are?

Look at the debacles in Iraq and Afghanistan.

Apples to oranges. In both cases we steamrolled over their regular military forces. All we're doing now is sitting over their pissing around with embedded non-organized forces. That's a problem that virtually any occupying force will have when occupying an area that doesn't want you there. Trust me, Iraq and Afghanistan aren't any threat to taking us over.

Re:Stupid old men.

[mcgrew]

I don't worry about Swedish laws, but then I have no reason to. But if I wanted to sell a product to Swedes, I'd damned well better find out what Swedish laws may apply, or they could bite me in the ass.

Re:Stupid old men.

[commodore64_love]

I suspect the moment the U.S. goes to war, I mean a REAL war, and loses access to loans from other countries like europe, the government will collapse under its own weight and no longer be able to buy weapons or pay soldiers to continue the fight. As happened to Rome in the later half of the 400s.

Re:Stupid old men.

[MBGMorden]

Under extensive war-time we have an active draft system in place, which requires citizens to fight (though largely when their home nation is under attack it's not often to hard to convince people to take up arms).

Also, money is an imaginary invention on man. It's merely a tool used to represent actual goods. In "real war" when it really comes down to it what becomes important is more concrete resources. IE, equipment already manufactured and deployed, as well as the natural resources needed to fuel the war machine. The US has a huge reserve of natural resources it it's disposal. Agriculturally we produce a HUGE portion of the world's food, which is a major component of it. IE, when the SHTF in war time you can get away with paying soldiers in very devalued currency, but you can't get out of feeding them.

When you compare existing military resources, the US beats the EU in virtually every category except raw number of soldiers. We have spent nearly twice the money annually building up our military compared the the entire EU combined. Hell the equipment we have just sitting in storage retired is enough to fight a successful war against most countries of the world.

Arrogant, decadent, and with a twisted set of priorities we might be, and our economy has it's troubles, but *militarily*, the US still commands more destructive power than any other single group on the planet.

Re:Stupid old men.

[Schmorgluck]

If you're CEO of a German corporation and you distribute your illegal wares in the US, Germany will likely extradite you (unless Germany is like us and its politicians are easily bribed).

Germany can't extradite its own citizens except to other members of the EU or an international court (the latter requiring a specific law)*, so unless the CEO of your scenario isn't German, the trial would have to take place in Germany.

This would require that Germany also has laws against the deeds involved (note that this would be a requirement for an extradition too**), but given general European rulings about data privacy, and German law in particular (Germany pioneered in addressing the issue, back in 1971), I'd say the case could be valid.

*If you want a source for this, here is mine. Main section, sixth item in the numbered list. You may want to use Babelfish or something like that (I did, my German is quite rusty).

**Ibid. First item in the numbered list.

Re:Stupid old men.

[repapetilto]

Good assessment.

Ummmm

[MikeRT]

even classified government documents have been found on these networks

If they're finding classified documents on the public internet, that means that they have a bigger problem like government employees disregarding security guidelines by putting them on unclassified networks.

Re:Ummmm

[kevinNCSU]

Yea, I get the feeling that's just a sensationalist flag the media likes to wave to make the story more interesting. I think the real reason here is kids installing p2p software without the parents knowledge and the sharing the my documents folder or the whole C: drive including all the parents tax returns and other personal information.

Re:Ummmm

[geekoid]

Actually, most those leaks come from private contractors.

However, this bill specifically address the bigger problem you imply.

Re:Ummmm

[blueZ3]

And I really don't see how this new law is going to prevent that. You can't legislate against ignorance/stupidity. If little Johnny Rotten is using P2P software and it asks him which directory to share and he says c:, I don't think that this law is going to help John Sr. get his SSN back in the bottle.

I'm tempted to wonder if there isn't some ulterior motive here... like since you can't prevent this kind of stupidity, maybe it's a stealth move to outlaw all P2P? Of course, you should never attribute to malice what can be adequately explained by stupidity :-)

Re:Ummmm

[Kjella]

Just because you have multiple problems, doesn't mean you have to tackle them one at a time. Several of the early file sharing apps were intentionally vague, because they figured more content == popularity so they tried to let users share as much as possible with as little effort as possible, hidden away in defaulted checkboxes or EULAs. As usual the legislation is very late though, this might have been useful around napster, kazaa and edonkey but these days most tools are a lot more serious. Not to mention torrents, that don't really have the problem at all. I guess it's just another way of trying to kill off the authors of P2P tools to kill P2P, not that it will be more successful than the last 34234 attempts.

Re:Ummmm

[wiredlogic]

FWIW I've only seen reports of documents marked as high as "confidential" found floating around. That classification is used for disclosures that result in little damage to national secrets.

Re:Ummmm

You know, "yea" and "yeah" are two different words. In your sentence "yea" (sounds like "yay") makes no sense. Look them up in a dictionary if you don't believe me.

I'm sure it will be really effective.

[thewils]

Just like the Theft act prevents Theft.

In Other News...

[bbsguru]

... the installation of viruses and worms on computers you don't won is now illegal. Massive layoffs are expected in the BotNet industry...

Re:In Other News...

[blueZ3]

Wait, what about computers I did win?

Re:In Other News...

[bertoelcon]

In related news, Microsoft is closing doors due to changes in laws rendering Windows illegal.

Re:In Other News...

[CannonballHead]

... the installation of viruses and worms on computers you don't pwn is now illegal.

Much better.

Re:In Other News...

The GP miswrote, it was supposed to say *own*.

The computers that you have owned, on the other hand you can keep.

Re:In Other News...

[conureman]

I thought he meant pwn.

Waste of time

[Shagg]

The same users that are dumb/ignorant enough to share their tax and medical records are the same ones that won't bother to read any "clear and conspicuous" warnings. They'll either not understand it or hit "OK" without reading it. You can't write laws that eliminate stupidity.

Re:Waste of time

Sure you can, force everyone to take some basic scam / computer literacy classes to get a computer permit that lets you use a computer. Then do retests every 5 years or so to make sure people are up to date with the latest information. of course this will never happen and won't solve 100% of the problems but if this law existed and was strictly enforced it would cut down on computer stupidity.

Re:Waste of time

[girlintraining]

You can't write laws that eliminate stupidity.

Doesn't stop them from trying.

Re:Waste of time

[smaddox]

They'll do anything to look like they're worth their salt.

Where is the "goodluckwiththat" tag?

[exabrial]

I guess the bill shows the fundamental lack of understanding of who makes these programs... But since we're making a wishlist, I think they should consider amending the bill to also:

Outlaw neighbor's kids on your lawn
Calling of mean names during recess
Impose regulations on which kids may be beat up on the bus, replacing the current "smallest kid" freemarket system.
Legalize marijuana and outlaw Light Beer.
Outlaw poverty, unhappiness, debt, bad driving and excessively loud cheering at football games.


did I miss anything?

Re:Where is the "goodluckwiththat" tag?

[FooAtWFU]

Outlaw debt? This is the government we're talking about! Get real!

Clearly we should instead establish a federal monopoly on "owing money". Then patriotic government bonds won't have competition from the silly private sector. ;P

Re:Where is the "goodluckwiththat" tag?

[commodore64_love]

What's wrong with decriminalizing marijuana? It's my body and if I want to kill myself using weed (or alcohol or tobacco or overeating), that MY business, not yours.

Re:Where is the "goodluckwiththat" tag?

[mcgrew]

did I miss anything?

Your Haldol, maybe?

Re:Where is the "goodluckwiththat" tag?

[CannonballHead]

What if I don't want health insurance? Why can't that be my business, and not yours?

And what about strange things that people do while on drugs that quite possibly endanger others? Lawyers can already plead "temporary insanity" and get their clients to be treated differently - as though an insane person that likes to kill people is ok and not too dangerous, as opposed to a sane person - I'd hate to see what lawyers do when they start claiming "temporary loss of mental control due to substance contamination" or something.

Sure, maybe it's your body and life and you want to kill yourself using weed... but I don't particularly want to get killed by people, say, on LSD that think they're traveling through a wormhole when in fact they are actually driving a tractor through my house. Or something.

Re:Where is the "goodluckwiththat" tag?

[commodore64_love]

>>>And what about strange things that people do while on drugs that quite possibly endanger others?

We already have laws to imprison those persons. Just because marijuana is decriminalized, doesn't mean it's okay to DUI or physically assault your neighbors. In fact if marijuana ever is decriminalized (like in California) it will be strictly regulated as a prescription drug, along with other dangerous drugs like vicodin, prozac, and morphine.

>>>What if I don't want health insurance? Why can't that be my business, and not yours?

Precisely. If I don't want health insurance, and prefer to die young and pretty, that's MY business not yours.

Re:Where is the "goodluckwiththat" tag?

[WilyCoder]

"Sure, maybe it's your body and life and you want to kill yourself using weed... but I don't particularly want to get killed by people, say, on LSD that think they're traveling through a wormhole when in fact they are actually driving a tractor through my house."

That can happen regardless of the legality of LSD. Outlawing drugs does nothing to prevent their usage. We are 40 years and a trillion dollars in the red over this war on drugs, and drugs are more available and used than ever before.

Re:Where is the "goodluckwiththat" tag?

[Bill_the_Engineer]

We already have laws to imprison those persons. Just because marijuana is decriminalized, doesn't mean it's okay to DUI or physically assault your neighbors.

Unfortunately I know to well how wrong you are. I lost a brother-in-law who was only 16 to a violent criminal under the influence of crystal meth. Despite the overwhelming evidence the defense was able to argue that the murder's judgment was impaired and was only sentenced to 4 years in prison not counting time off for good behavior and the option to serve a portion of the sentence with probation.

In fact if marijuana ever is decriminalized (like in California) it will be strictly regulated as a prescription drug, along with other dangerous drugs like vicodin, prozac, and morphine.

Ha! I've heard many news reports (NPR being one) on how easy it is to get a prescription for marijuana. The medical examination is questionable at best. I would not use California's "regulation" of marijuana as a valid reason to legalize it.

Precisely. If I don't want health insurance, and prefer to die young and pretty, that's MY business not yours.

That's easy to say when you can always "chicken out" of the dying young part and get expensive medical care in the emergency room of your local hospital. It's OK for someone else to pick up the tab as long as you don't.

I'm for the public option. I figured we can spend billions and billions of tax dollars killing other people and fattening the wallets of corporations and banks. Why can't we spend tax money taking care of ourselves? Why because the powerful and rich insurance companies don't want you to have access to free healthcare coverage.

Why do you think the "friendly" insurance companies were all for reform and mandated health insurance, and pursuing a large scale media campaign to kill the "public option"? Because the "reform" will amount to corporate welfare for them, because we would be required to send our money directly to them.

If we can't have federally provided free health insurance, I rather have no change at all.

*chuckle*

[clone53421]

We need a law for this?

Wait a minute, it's not funny anymore.

Re:*chuckle*

it's funny over here.

Ulterior motive?

[Steve+Cox]

It could be that this bill is being passed simply to remove a set of excuses people might use when caught using P2P for sharing copyrighted material - hence the name of the bill.

If the software plainly states that it will be sharing a file with other people, then you cannot say 'I didn't know I was sharing it'. Likewise, you cannot say that it installed without your knowledge nor can you say it installed but you couldn't uninstall it.

This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....

Steve.

Re:Ulterior motive?

[Shagg]

This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....

Bingo!

As we all know, the authors of P2P software are generally very conscientious about following the law. Not to mention the fact that they all fall under US jurisdiction.

Re:Ulterior motive?

[girlintraining]

This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....

Yeah, it's like expecting a terrorist to care his car bomb is taking up two parking spaces.

Re:Ulterior motive?

[BJ_Covert_Action]

Well, in the terrorist's defense, getting a parking ticket right before his final suicide bombing could lower his karma enough to drop the count down to 71 virgins....or something...

Re:Ulterior motive?

[girlintraining]

Well, in the terrorist's defense, getting a parking ticket right before his final suicide bombing could lower his karma enough to drop the count down to 71 virgins....or something...

For the record, nobody says those virgins are girls. They could all be old gay men that smell like old spice.

Re:Ulterior motive?

[westlake]

This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....

The author might not care. But the distributor will.

No downloads from CNET - and - quite possibly - no downloads through Sourceforge or your favorite Linux repository either.

The distributor is exposed and he is likely to have a legally and financially significant presence in the U.S.

He can be reached and he can be hurt.

Re:Ulterior motive?

[iamhigh]

I think you are correct, and I would like to add... Can this senator show me letters from his constituents showing their dire need for this bill passed? Is this really what "the people" want? Didn't think so...

Re:Ulterior motive?

[Burz]

And then there's software like I2P that the user should intentionally conceal on an encrypted system.

Such a law may eventually be interpreted to mean "all shared files should be easily recognizable to police officers".

Re:Ulterior motive?

[geekoid]

Many people do give two hoots about the bill.
Any software that is being distributed througha legal chanel, for example.

There are many P2P apps designed to make a company money. If said company doesn't want to get into trouble they will case.
This applies to iTunes, Several MS programs, Lime Wire, Games etc.

IN case you missed it, P2P is big business.

Re:Ulterior motive?

[Cryogenic+Specter]

Keep in mind though that it does not state that you can not use software that does not include this notice and I would assume that if I download a P2P program that was developed and distributed from China, this would not apply in any way. Or maybe it could come from Sealand... I'm just sayin'...

Re:Ulterior motive?

Eeeeuw! Sometimes text can be as harsh as goatse.

Re:Ulterior motive?

[igotmybfg]

If the software plainly states that it will be sharing a file with other people, then you cannot say 'I didn't know I was sharing it'. Likewise, you cannot say that it installed without your knowledge nor can you say it installed but you couldn't uninstall it.

Couldn't you still claim that someone else installed it on your computer, without your knowledge? For example, your 12 year-old son, who may know more about computers than you, but doesn't have the (legal) capacity to agree to a software license in the first place?

First step to disaster...

[hesaigo999ca]

This will push the scenario that the application should be knowing which files are which, and what is considered sensitive materials,
and will eventually fall upon the program and its creators to block or not block, and unintentionally also legallities associated to
sharing such files.
The creators are not supposed to limit what files are being shared, and definitely not be held accountable if someone uses the app for their own evil purpose, else the creator of the nuclear bomb should be imprisoned for all the deaths in Hiroshima!
This makes no sense, and I see where it is going, hopefully the bill wont pass.

Re:First step to disaster...

[mcgrew]

else the creator of the nuclear bomb should be imprisoned for all the deaths in Hiroshima!

Is it Monday already? Where are all these brain-dead comments coming from? It is not illegal to kill the enemy your country is at war with. You would execute Texas' hangmen? WTF?

What grade are you in, son?

Re:First step to disaster...

[hesaigo999ca]

Did you even read the prior parent post "son", you sound like you just read mine, without checking the post previous. I am also saying that it makes no sense to charge the creator of the nuclear bomb
with the deaths, when someone else dropped it on hiroshima.... do you know how to read???

Because the files being encrypted are sensitive materials, they might try to push the legislation (however misinformed) to being that the creators of the application are responsible for
making sure the files are not leaked else they face legal recourse... so if the creator of the bomb
should not be held accountable for the deaths of his creation, then why should the creator of this app be held accountable if someone is too stupid to enable the proper encryption schema?

Liar, Liar.

[girlintraining]

The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved.

Sure it is. Now, how about taking a closer look;

the term "peer-to-peer file sharing program" means[...]
to designate files available for transmission to another computer
to transmit files directly to another computer; and
to request the transmission of files from another computer.

Well, that's basically "using the internet". And using the definition of "protected computer", if you can add a tcp/ip stack to your toaster, it's a protected computer. So what will it be illegal to do using anything with a microprocessor and can communicate with the outside world? Also, "authorized user" -- I suspect a lot of EULAs are going to be updated so that every company that has a piece of networkable software installed on your system is now also an authorized user. Unintended consequences are a bitch, aren't they? Your system is now legally required to be insecure and full of backdoors. ...prevent the reasonable efforts of an owner or authorized user from blocking the installation [of a] program or function thereof

So installing is now okay. 'Using' not available for comment. So we can still f*ck with it at the operating system level, or neuter it in memory -- messing with the code after installation or during runtime isn't covered. Oops.

to fail to provide a reasonable and effective means to disable or remove from the protected computer...[excessive legalese deleted]

Translation: Installers should come with uninstallers. We need a law for this? And without a definition of what "reasonable and effective" constitutes -- well, need I say more? Anyone try uninstalling Norton Antivirus lately? It's quicker just to nuke the drive from orbit, and it's the only way to be sure you got everything. Can I expect federal pound me in the ass prison time for all the Norton executives? No? Why -- oh, right... they're rich. But you there, little open source developer -- we know you're evil. I mean, you don't even have a brand identity!

Yeah... this ends well.

Re:Liar, Liar.

[commodore64_love]

the term "peer-to-peer file sharing program" means[...]
to designate files available for transmission to another computer
to transmit files directly to another computer; and
to request the transmission of files from another computer.

Well, that's basically "using the internet"

WOW that was really informative. Thanks. Now everybody raise their hands if they still think government is good and trustworthy? (looks around). Yeah me neither. This act sounds like it will seriously hamper my use of my computer.

Re:Liar, Liar.

[mcgrew]

Translation: Installers should come with uninstallers. We need a law for this?

Since installers DO need uninstallers and many software houses either don't provide an uninstaller, or provide one that doesn't work, I'd say HELL YES. The law should not protect me from myself, but it SHOULD protect me from YOU.

Anyone try uninstalling Norton Antivirus lately?

I think a lot of folks would love to see their CEO and board in jail. If a law mandating effective uninstallers were passed, you'd see an easily removable Norton in record time.

Can I expect federal pound me in the ass prison time for all the Norton executives? No? Why -- oh, right... they're rich.

Then stop voting for candidates funded by the rich (i.e., Democrats and Republicans) and start voting for candidates from the other three major parties. And tell al your friends, relatives, and drunks at your neighborhood bar. Wringing your hands and saying "oh noes" isn't going to change anything.

Re:Liar, Liar.

The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved.

Sure it is. Now, how about taking a closer look;

the term "peer-to-peer file sharing program" means[...]
to designate files available for transmission to another computer
to transmit files directly to another computer; and
to request the transmission of files from another computer.

Why didn't you post the entire defintion directly from the proposed bill rather than use second-hand paraphrasing?

24 (4) the term "covered file-sharing program"-
1 (A) means a program, application, or soft
2 ware that is commercially marketed or distrib
3 uted to the public and that enables-
4 (i) a file or files on the computer on
5 which such program is installed to be des
6 ignated as available for searching and
7 copying to one or more other computers;
8 (ii) the searching of files on the com
9 puter on which such program is installed
10 and the copying of any such file to another
11 computerâ"
12 (I) at the initiative of such other
13 computer and without requiring any
14 action by an owner or authorized user
15 of the computer on which such pro
16 gram is installed; and
17 (II) without requiring an owner
18 or authorized user of the computer on
19 which such program is installed to
20 have selected or designated another
21 computer as the recipient of any such
22 file; and
23 (iii) an owner or authorized user of
24 the computer on which such program is in
25 stalled to search files on one or more other

1 computers using the same or a compatible
2 program, application, or software, and
3 copy such files to such owner or user's
4 computer; and
5 (B) does not include a program, applica
6 tion, or software designed primarily to-
7 (i) operate as a server that is acces
8 sible over the Internet using the Internet
9 Domain Name system;
10 (ii) transmit or receive email mes
11 sages, instant messaging, real-time audio
12 or video communications, or real-time voice
13 communications; or
14 (iii) provide network or computer se
15 curity, network management, maintenance,
16 diagnostics, technical support or repair, or
17 to detect or prevent fraudulent activities.

I emphasized the parts that are inconsistent with your interpretation. So it looks like email, web browsing, and a lot of other internet applications are explicitly exempted from this bill!

Re:Liar, Liar.

[vivaelamor]

Well, that's basically "using the internet". And using the definition of "protected computer", if you can add a tcp/ip stack to your toaster, it's a protected computer.

You may be interested to know what a protected computer actually is. The bill even references the relevant section of the relevant code as the definition of protected computer.

Mod Parent Down

[geekoid]

People should not be modded up for not reading the article.

Re:Mod Parent Down

[interkin3tic]

What is this "article" you speak of? "reading?" What's the point of this thread? Where am I? Why aren't I wearing pants? Where is the porn?

Why am I being modded down rather than up?

Re:Mod Parent Down

[Red+Flayer]

Why aren't I wearing pants? Where is the porn?

I don't understand. If you don't know where the porn is, why are you not wearing any pants?

Dude, you are seriously messed up.

Find the porn, THEN lose the pants. Otherwise your mom is going to walk in on you, pantsless (you, not your mom, I hope) and reading slashdot. NOT a pretty sight (or site, for that matter, but we love slashdot BECAUS of its foibles, not in spite of them).

Re:Mod Parent Down

If you can read slashdot with your pants on, you're a stronger man than I am.

Ooh - Keep talking nerdy to me!

What is P2P ?

[artg]

Surely all internet hosts are peers. So this applies to anything that communicates. Not that that's a bad thing : people should understand (and be informed enough to understand) what their software is sharing.

Re:What is P2P ?

The government is legislating buzzwords. Next thing will be (hopefully) the official classification of what P2P software is. I work at a place that creates a piece of software called a Point to Point server (P2P Server). This software could not be used for a purpose more dissimilar to consumer "P2P" software. Would a politician know the difference? Probably not. Honestly, if they're wanting to go this route, filesharing developers will just change the behaviour enough to where it defies the "soft" defination of the term they give it. Unless it's literally everything that goes from one point to another, in which case they'll implement a broadcast/multicast method of distribution.

Blizzard uses P2P, so does this affect Warden?

[Kligat]

If they use a P2P program to distribute an update to it, does that mean it would become illegal as an unforeseen effect? Their EULA would be as valid as the EULA for a P2P program for which the bill was targeted.

Re:Blizzard uses P2P, so does this affect Warden?

You agree to a TOS which says that Blizzard can install and run whatever they want on your box. I'm doubt this law will have any impact whatsoever on that.

Or on anything for that matter. This sounds like more pointless Washington bullshit.

Re:Blizzard uses P2P, so does this affect Warden?

[Aladrin]

But this bill specifically regulates P2P software, which Blizzard is installing. They will have to abide by this law, like it or not. That means that every file that is 'shared', they will have to inform the user and get confirmation.

Heck, maybe that'll mean Blizzard fights this for us.

Re:Blizzard uses P2P, so does this affect Warden?

If it installs any inconspicuous, unwanted software, then yes. Otherwise, no.

It doesn't share ANY files other than the WoW patch file, which it makes pretty clear by showing a list of everyone downloading it.

Of course, the file system scanner they use to scan for cheats may be in that list, but I could see an argument that it is installed with WoW to protect it from DMCA violations rather than installed with the P2P updater.

Re:Blizzard uses P2P, so does this affect Warden?

[ScytheBlade1]

They don't use a P2P program to update Warden, they primarily update it via the launcher and/or at client connection time. They have pushed a warden update via their patching process once, but the EULA and ToU that you agreed to state that they are allowed to do so.

Second, Warden shares nothing with Blizzard aside from a single byte: is this user currently running blacklisted software, or not. People get their panties in a twist because it read (..and then hashed, and the compared hashes..) window titles at one point in time, but it never actually sent that data back to Blizzard - the most that was (and is) ever sent is essentially a "are you guilty" bit.

Re:Blizzard uses P2P, so does this affect Warden?

[Lehk228]

no, they got their panties twisted because they were busted using WoWGlider, the rest were just excuses to distract from their cheating and make it look like blissard was the bad guy. kind of like a teenager yelling that his parents violated his privacy when they grounded him for having a bag of pot and a bong hidden in his room.

Re:Blizzard uses P2P, so does this affect Warden?

[ScytheBlade1]

No. The only files that Blizzard ever "shares" are patches, which are tied to an independent executable. For every patch, there is a new executable, with a matching name for the patch, displaying that file name in multiple places. For example, "WoW-0.3.0.10522-enUS-ptr-patch.exe" is the patch and "WoW-0.3.0.10522-enUS-ptr-downloader.exe" is the downloader for that patch. I would believe that qualifies as "Informing the P2P User" but IANAL. After all, the most they ever "share" is a single file at a time and which file that is... should be pretty obvious.

Re:Blizzard uses P2P, so does this affect Warden?

Warcraft isn't P2P software. The peers don't connect directly but rather to a server which then passes along information. The only part that uses P2P protocols is the Blizzard Downloader which doesn't also install Warden. The only change Blizzard *might* have to make would be to make it explicit that their Downloader utilizes P2P protocols, assuming it doesn't state that already.

Relevant Quote

[Kindgott]

"Anyone who says that the solution is to educate the users hasn't ever met an actual user."
-- Bruce Schneier

Re:Relevant Quote

They are users trying to educate other users. Kinda funny when you think about it.

What all does this apply to?

[BlueKitties]

Does this mean it's illegal for me to write software for personal (or in-house company) use, without abiding by these rules? What if I want to write the software for a personal project, and I release the sourcode? Does this mean I can officially break the law by typing code into a text file?

Re:What all does this apply to?

No, read the bill. It is primarily aimed at "commercial entities", which is defined on page 4 of the PDF. So this doesn't apply at all to a person or company writing programs for their own use. It only really applies if you write a P2P program and sell it or otherwise distribute it as part of some commerical venture.

Re:What all does this apply to?

[Schmorgluck]

Nope. You may not want to bother reading TFA, but several people posted excerpts around here. What part of "distributed to the public" did you not understand?

Re:What all does this apply to?

[sowth]

How is releasing source code not distributing to the public? Or do you think he was going to only release it to himself?

My questions are: since this law requires a whole bunch of notices at install, will it require changes to package managers? If a user installs a p2papp package, won't apt-get have to prompt the user with a question--at the very least "do you understand? (y/n)" What if they write more "informed" laws like this? Will it nullify the convenience of using a package manager in the first place if you have to read a thousand notices and reply yes, I understand to each one?

~500 voices != representation

~500 voices speaking for 360 Million, and this is what you get.

watch out for amendments

[HHacim]

I have a sneaking suspicion that the mpaa or riaa are going to get an amendment into this bill that will "stop piracy". I mean, a bill that pertains to p2p and doesn't include such an amendment, what's the chances of that?

scare tactics

[samantha]

Simply scaring people about P2P may be one goal. But I doubt it. Scare them, pass legislation, then more regulation to ensure the bugaboo, largely made up to begin with, does not happen. It is a wedge to allow the government more control of software. And, considering the source, thoroughly in the interest of the movie and record industry. It also makes the control-freaks unhappy about anything that gives any real power to the "consumer" happy. It is worded so that oppose seem to be in favor of insecure computers. Clever but OPPOSE anyway.

Why?

[Butterwaffle+Biff]

Why is this a law? Certainly there are other laws on the book that make fraud and misleading advertising criminal? Why not set the attorney general loose on the most egregious offenders? This is exactly what's wrong with politicians these days: they think that writing more laws is the answer. If it's not already, the saying that "Not knowing the law is no excuse for breaking it," is going to be a joke. Sure, if you are writing malware you might guess that you are breaking the law. But what about all the new corner cases and bureaucracy that this new law introduces? Is there really no burden at all on people engaging in honest activities?

Re:Why?

[Schmorgluck]

Disclaimer: not only IANAL, but I'm from a "civil law" country (France) while the matter at hand is about the USA, a "common law" country. As a result, the rest of this post may be misinformed or biased, despite my best attempts at avoiding it by way of prudent wording and documentation on the fly. Please don't be too harsh on my possible inaccuracies.

Laws don't actually pile up on each others, but rather modify the corpus of applicable texts at a given moment (sometimes adding to it, sometimes removing from it, sometimes replacing or rewording parts of it). Now, if I get it right, the official and ultimate reference for federal laws in the USA are the United States Statutes at Large, which indeed seems like quite an impressive mass of paper. It seems like turning all of it into a code is a sisyphesque task due to the way laws are voted in Congress.

As I understand it, acts passed in Congress are formulated as "The activity X is now prohibited" or "The activity Y is no longer prohibited" and stuff like that, with the addition of some definitions, and sometimes a time scope and other precisions. Which makes apparently for rather legible texts when voted, but leads to a lot of work for the Law Revision Counsel to handle the repercussions in order to maintain the United States Code in a coherent and accurate form. This may be what gives the USA's law an air of being bloated.

In civil law legal systems, the texts voted by parliamentaries tend to be more along the line of "In code A, book B, chapter C, paragraph D, the following alineas are modified as such [follows a list of modifications]". Not very legible, but at least it results in the Codes being maintained as they go. It's not that, at times, it doesn't need some refreshing, some rewording, in order to keep the whole coherent: a Code is more legible if it is homogeneous in terminology and phrasing. When it is felt like needed for a given part of a code, a text is voted to proceed to the modifications, normally without changing the meaning of the articles of law. Normally.

Because all this has its drawbacks too, as the technicity of the voted texts, and the resulting lack of legibility, cause representatives to not always fully understand what they vote. This is the cause of the recent blunder in France about Scientology: the law had been changed while it wasn't supposed to be, the text voted was meant to reword the parts of the Penal Code reguarding the sentencing of crimes commited by legal persons. The law previously stated that an organization guilty of fraud could be sentenced to dissolution. An tiny error in the rewording made this no longer possible, and due to the high volume and technicity of the text, no one noticed in the Parliament that something had been changed.

What I mean is voting a new law doesn't necessarily complexify the Law, and trying to simplify the Law can sometimes cause a mess. Yeah, right, that's what I meant to say from the beginning. I think. Can't remember, I've got a bit sidetracked by those fascinating considerations about comparative law.

As for your first question about why a law is needed for the matter at hand, well, it's because it apparently wasn't covered by any existing law, and nulla poena sine lege, like they say.

Re:Why?

[Butterwaffle+Biff]

Most of the text of laws I have seen are for the state, not the federal government, but they read much more like your latter example (e.g., "the text of Article 8 shall be superseded by..."). In any event, your argument that the acts are not really increasing the size of the actual law doesn't ring true to me. For example, the federal law by which I am governed consists of 18 volumes, each 1300-1500 pages in length (as of 2006). Supplements are issued until the next release in 2012. You might be able to read 23000+ pages but could you keep it all in mind every day as you live your life? Now add in the state laws for your home state. And those you visit. And any foreign countries you might care to see. However we got here, the end result is unknowable by any single person much less every average citizen.

As for whether this particular law is needed, I would argue that the Computer Fraud and Abuse Act, 18 U.S.C. 1030 (the "CFAA") which was passed in 1984 (Hello, Orwell!) covers most if not all of the acts the "Informed P2P" law covers. As others have pointed out, its true intent is most likely to criminalize all peer-to-peer communication to make some group's life simpler (e.g., the MPAA/RIAA or government intelligence services) at the expense of everyone who uses peer-to-peer software for legitimate purposes.

Re:Why?

[Schmorgluck]

Sorry for this late answer. I felt lazy at first, but I didn't feel like letting this discussion pending. You deserve an answer, because you make several interesting points.

Most of the text of laws I have seen are for the state, not the federal government, but they read much more like your latter example (e.g., "the text of Article 8 shall be superseded by...").

I'm not sure I understand what you are stating here. Do you mean acts are more technical on the state level than on the federal level, or do you mean my perception of how acts are generally formulated in the USA is erroneous? I'm genuinely curious.

In any event, your argument that the acts are not really increasing the size of the actual law doesn't ring true to me.

I think I've been unclear. I meant that acts do not necessarily increase the volume of laws. I aknowledge that most do, though. And it may be the case here. It's probably the case.

For example, the federal law by which I am governed consists of 18 volumes, each 1300-1500 pages in length (as of 2006). Supplements are issued until the next release in 2012. You might be able to read 23000+ pages but could you keep it all in mind every day as you live your life? Now add in the state laws for your home state. And those you visit. And any foreign countries you might care to see. However we got here, the end result is unknowable by any single person much less every average citizen.

Yeah, that's a difficult point in general philosophy of law. The average citizen is not expected to know all the specifics of laws, yet normally you just need to understand the general principles to stay within the law*. Which imposes to the lawmaker to keep a general coherence in law. Ideally, I mean. Yeah, ideally (*sigh*).

Anyway, ordinarily most people don't have to wonder in their daily activities are legal or not. Social conventions make it rather obvious. The law at hand here, however, only affects a specific activity, and people who trade in it. The risk of confusion is not in cause here, because laymen are not affected. Now, the problem is that programming is a trade that, nowadays, many people can exert. But it's still a specific activity, with its specific rules.

As for whether this particular law is needed, I would argue that the Computer Fraud and Abuse Act, 18 U.S.C. 1030 (the "CFAA") which was passed in 1984 (Hello, Orwell!) covers most if not all of the acts the "Informed P2P" law covers.

Now that is a better argument: is this act useful? Was it necessary? Does it make law better in general? A famous French jurist, Portalis once told that "there shouldn't be useless laws", because "they weaken the necessary ones". So yeah, the question of the utility of this law is relevant. I'm not aknowledged enough in US laws to make any meaningful statement about this, though.

* Actually, there's a point I find confusing, it's the age of consent in the USA. It varies by state, and its legal formulation is not always clear. In a webcomic I read that is set in Massachusets, the question has been raised when a twenty-something guy dates a not-quite-eighteen girl, and he asks her if she's "jailbait". My being interested in Law made me look up Massachusets' law on that matter. It's incomprehensible. I can't figure out if they could have had sex legally. Probably, but it's unclear. The notion of "chaste life" is kinda confusing. No wonder most people in the USA assume "under 18"="illegal". It's not that simple, but it keeps you out of trouble in the whole of the USA.

Hmm...

[theotherbastard]

Wasn't there that story a while back about some government docs getting shared out on some P2P network? Want to bet that the guilty party(s) just shared out their whole drive not knowing what it would do.

Wait for it, my story gets better, when confronted they must have swore up and down that they didn't share anything on their PC and that the *evil* P2P software must have a mind of it's own. (Pay attention during the install? Check the configs? Read the documentation? HA!)

Now, we have this being pushed into an act because it's apparently the latest "hot topic" to protect people from paying attention to what they are actually doing on the computer. Especially while they are at work.

Spyware is not illegal: here's the problem.

[argent]

The article explains "how" they limited it to P2P software, but not *why*. After all, there's no goddamn reason ANY software should be allowed to install backdoors and dead-man switches and rootkits and other malicious components on your computer.

Sony, Valve, and others... including arguably Microsoft and Apple, include or have included in their software components that are indistinguishable from certain kinds of Spyware except for the fact that they're installed by a program that "needs" to install them.

I suspect that if the drafters of this bill actually tried to REALLY block all spyware then they'd get hit by massive lobbying from the industry arguing that the rules would ban "anti cheating" programs installed by online games, and "tilt switches" in kernels and drivers, because... let's face it... they SHOULD.

THAT is the dirty laundry they're worried about. There's LOTS of software that for dubious reasons is installing crap it has no bloody business installing. The question is, why the hell Congress thinks they have to let the bastards get away with it.

Aimed at Freenet?

[acid06]

Apparently, this bill is actually aimed at things such as the Freenet Project.
On Freenet, you actually don't know what is stored on your own computer (and thus, what you're sharing) as everything is encrypted.
Apparently, this effectively outlaws Freenet.

Re:Aimed at Freenet?

[Lehk228]

no, it's not. Freenet could easily bypass this by notifying the user that "c:\program files\freenet\data.bin is being shared"

Re:Aimed at Freenet?

[acid06]

I really think this wouldn't be acceptable.
It's like saying that a filesharing application in Linux could just tell the user that it will share parts of /dev/hda.

I'm pretty sure they'd just rule this as a technical workaround and it wouldn't stand in court.

Re:Aimed at Freenet?

I'm pretty sure they'd just rule this as a technical workaround and it wouldn't stand in court.

Well since the stated intent of the bill is to have the user informed, and that would be part of any judicial review of the law, it's possible but not necessarily probable.

I honestly think the basic intent of this law is to require P2P software to better inform the users of what the software does and ensure user consent before any bits move. I can imagine that persecution complexes would be fairly common among Freenet users, but if this law's purpose was to target Freenet directly, yet still stubtly, the language would be include prohibitions against distributed encrypted packages residing on a computer, etc...

I know many on Slashdot have a distrust and disrespect for governments in general, but if you read the actual bill you'd see it's fairly straight-forward, and it's hard to hide secret clauses in just 7 pages.

Blown out of proportion

This is a tempest in a teapot. The bill (I know, I know, I read the FTA *and* the bill? I must be new here) states that it is limited to "protected computers" as defined in section 1030(e)(2) of 23 title 18, United States Code.

The short version is this is only applicable to government, financial and medical (HIPA) systems. This has no bearing or effect on personal or corporate owned systems. If a user of a protected system installs violating software it makes the software vendor a criminal. Whether that is a good or bad thing...

Re:Blown out of proportion

[vivaelamor]

Mod parent up and read more about protected computers.

Henry Waxman: Nostrildomus

[Coolhand2120]

We can trust Henry! HE IS Nostrildomus http://images.google.com/images?hl=en&resnum=0&q=henry%20waxman&um=1&ie=UTF-8&sa=N&tab=wi

What consititues extra software?

[westyvw]

So if I want to get Ktorrent, which is torrent for KDE, and it pulls KDE in with it, does it need to tell me its installing KDE? Does the package manager need to tell me? On most distro's this information is available, so you will see it being added, but who is responsible for alerting the user? If I get all of KDE, which includes Kget, it has a torrent manager included, so does it need to warn me during the install about what it does and where it shares?

How about KDE 4 and Shared Desktops, or Opera and its social server?

and what country are we talking about?

"This week the House Energy and Commerce Committee passed the 'Informed P2P User Act' and has sent it along to the full House for consideration."
House sounds like some goverment thingy, just that the message forgets to tell what country is in question.

YHBT, HAND

[conureman]

Good god what have I done?
Sorry about that, I knew the joke was in poor taste, but posted anyway. Anyone have a viable alternative?

A Better Idea

[psych0fred]

Why don't they just require people have licenses before they can own or operate computers. It's stupid people who don't know how to use technology that are spreading viruses, malware, and unintentionally sharing files like corporate or government documents containing private information. It's the people that are the problem. It's not like there will be hoards of people who will be prosecuted with this law. A law is only as good as your ability to enforce it, and people who want to get software on your machine and not recognition for the software they create can skirt this law with ease.

Re:A Better Idea

[KingAlanI]

Drivers licenses certainly haven't gotten rid of all the bleeping morons who I have to share the road with...:(

Re:A Better Idea

[sowth]

Yeah, people should have to be certified by Microsoft before they are allowed to use a computer. It'll be great to "educate" people about the wonderful Microsoft. Oh, that special training stuff you were talking about? I guess we'll throw that in somewhere. People should really learn not to install evil viral GPL software anyway, and those open source people are pirate criminal thieves! They don't even buy their software, so they must be stealing it. They make me mad. As an added benefit, if anyone should choose to use an OS other than the "One True OS"(tm), their license will be taken away. Cheer for your benevolent dictator kids! Yay Microsoft!

Oh wait, this isn't what you intended? Do you really think your plan would turn out any other way? If the user interface wasn't designed in a "press a button, execute untrusted code" way, we probably wouldn't have half the problems we do now.

Making things secure requires leadership, starting with the OS developer, then the application developer, then geeks who help "friends" with their computer. If you don't have knowledgeable leadership starting at the top with a bent toward security policies, then computers will not be secure. Why make things insecure by default? Why would a P2P program share everything by default?

It used to be you'd be flamed into the ground in Linux forums for logging into root to do much of anything. Network facing apps which downloaded and executed programs were unheard of. Now many distros automatically set up users unlimited sudo access, so they may as well be root.

Microsoft has always been much worse. "You want this network app to automatically download and execute code? Sounds like a great idea, it'll be in our next version." Microsoft only pretends to care about security now because they seem to be losing some marketshare because of it. As soon as the heat wears off, they won't care again. If enough people kept on them, like getting a child to do its chores, it may not be a problem. But it is, especially since most users don't care about security.

This is why we need strong leadership who is out for the public good. They will push the people to do the right thing even when it is inconvenient, or even painful. Poor leadership like we have been seeing leads to easily rooted boxes and highly inefficient computer programs. Programs which require the user to conform to the program instead of the other way around.

Pigeon-holing laws which restrict how programs are supposed to work, such as in the article won't solve anything either. They'll just impede innovation while the real abusers will just play with technicalities, really.

Plus, why make the ban on "surreptitious installs" and on warnings about what data will be shared only P2P apps? Which by looking at the pdf, it makes me think rsync when run by a script would be included as a "covered file sharing program." Look at section 4.4. Yet other programs are not covered. What about a video game (or audio CD) which tries to install rootkits? Have they passed any laws against those? Even if they did, it wouldn't protect you if the person who made your program is a psychopathic asshole. That is the real problem: you have to trust who writes your programs, otherwise you can't trust your computer.

Still gotta ask: why limit that to P2P?

[argent]

It had stipulations that state that when a P2P app is installed it clearly indicates what is being shared.

So why limit that to P2P? After all people accidentally share stuff out through Windows file shares, FTP shares, and web shares on a regular basis.

Legislators must be bored. Legislate less, please

[mykos]

What's with Congress and their constant attempts to pass unenforceable measures over the last century or two?

More ammunition for the RIAA?

My inner conspiracy theorist is telling me this is another way to pin down people caught filesharing. The RIAA and other organizations can now use this bill to argue that you specifically knew what you were sharing. It takes the doubt out of filesharing litigation. I wonder why the bill got such widespread support...

What planet do they live on?

[Hurricane78]

So they think that by passing a bill that declares evil bad, they will stop those who ignored the rules of good and bad in the first place?

Yeah right. Next up: A bill that puts persons who successfully committed suicide into jail!

Memo to all programmers

[sowth]

From: President and CEO
To: All programmers

So, if you write a program, never intending it to be used on a "protected computer", and some idiot installs it on one, you can be arrested? Wonderful law. So, how is this different than writing the law to say "all computers" instead?

Do you really want to risk going to jail? Maybe you'd better take out any features of your program which define it as a "covered file sharing program" until legal has verified you put in all the correct notices and such, okay?