House Committee Passes "Informed P2P User Act"

An anonymous reader writes "This week the House Energy and Commerce Committee passed the 'Informed P2P User Act' and has sent it along to the full House for consideration. The bill, which appears to have heavy support on both sides of the political fence, simply states that P2P software must not install extra software or prevent users from removing it, in addition to being 'clear and conspicuous' about which files are being shared and getting user consent to share them. 'Rep. Henry Waxman (D-CA), the powerful committee chairman, opened the markup session by warning about "the danger of inadvertent sharing of sensitive information through the use, or misuse, of certain file sharing programs. Tax returns, medical files, and even classified government documents have been found on these networks. The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved."'"

Why P2P

[AnotherBlackHat]

Why is this limited to P2P software?

Re:Why P2P

[ZekoMal]

Because then companies like Sony couldn't screw with us.

Re:Why P2P

[kevinNCSU]

Did someone forget to inform this senator that we (the US) no longer own the internets?

Did someone forget to inform you that p2p software generally installs on a machine in a physical location and therefore is subject to the laws and regulations in that location? Just because your machine is able to talk to machines in a different country doesn't mean your machine is somehow above the laws of the country you live in.

Re:Why P2P

[ajs]

Why is this limited to P2P software?

Because almost every other type of unintentional sharing of files (if not all) are already covered by electronic privacy laws.

However, in the case of applications which are designed to share files, there's a legal gray area, where the author can claim that they have no obligation to have disclosed which files were being shared, and that the user consented to sharing their files by installing file sharing software.

This bill would close that loophole.

Re:Why P2P

[commodore64_love]

And open a new one where the FBI (or RIAA investigators) can simply "ask" the program, "What files were shared?", get a convenient generated list, and find all the evidence they need to make your day in court miserable.

Re:Why P2P

[girlintraining]

And open a new one where the FBI (or RIAA investigators) can simply "ask" the program, "What files were shared?", get a convenient generated list, and find all the evidence they need to make your day in court miserable.

And if my computer lies? Nobody said my computer has to be programmed to tell the truth.

Re:Why P2P

[Mister+Whirly]

Dear everyone - this is Slashdot. Yes, some people will do and say things you don't like here. Get over it.

Re:Why P2P

[Voyager529]

For example there's no remaining record that I downloaded Star Wars Episode 2 five years ago

There is now.

Re:Why P2P

[gnieboer]

True, all P2P apps have to know what files they are sharing. But here's where I see bill's raison d'etre...

"being 'clear and conspicuous' about which files are being shared and getting user consent to share them"

NOW, when the RIAA sues everyone:
The software maker is free and clear ("We added the consent to share box as mandated by law")
And the person sharing Rocky 17 CAN'T say "I had no idea that file was being shared", which has been a defense in the past.

So (IMHO) when we talk about big lobbying groups, the RIAA would like it, and the software makers are willing to put up with the other provisions because now they are off the hook from the big P2P lawsuit.

Re:Why P2P

[b4dc0d3r]

W

I think you dropped this. I included a newline too. Also, you might check on your shift key, it seems a bit sporadic. Might need to look at your keyboard in general. Good tools make for good communication.

Spill the beans

[oldhack]

Ok, so who funded this bill and why?

Re:Spill the beans

[mcgrew]

I'd like to know why an "informed P2P users act" doesn't do anything to inform the downloader if the material is ok to download. There are literally hundreds of songs named Scatterbrain. Some are RIAA-label copyrighted, some are indie copyrighted and you have permission to share, some are GPL, and some have been put in the public domain. Of the three kinds of songs only one is illegal to share. So if I ask for "scatterbrain" and it returns five hundred instances of "scatterbrain.mp3", I should have the right to know which 3 out of 4 files is OK to download.

With me it's a moot point, as on the rare occasions I download a song it doesn't go into a shared folder, so it's not going to be re-shared, but if I use a torrent I really don't have this protection.

Technologically infeasable, you say? Then simple, make all noncommercial copying to be non-infringing. Make the record companies stop pretending to "sell" music and go back to selling physical objects: CDs with cover art and liner notes with a higher sound quality than MP3s.

Re:Spill the beans

[ajs]

Ok, so who funded this bill and why?

Almost certainly groups like the RIAA and the MPAA.

Their goal is in ratchet up the personal liability of the users who use these systems. By forcing applications to be much more explicit about what's being shared, they reduce the number of cases they lose against file sharers on the grounds that they didn't know what they were sharing.

Re:Spill the beans

[Smegly]

One possible reason: Makes services like Freenet illegal. For example donating disk space and bandwidth to encrypted files where the user-node does not actually know what they are helping to deliver sounds like it would violate being "'clear and conspicuous' about which files are being shared and getting user consent to share them".

No "Common Carrier" status for P2P nodes here...

Re:Spill the beans

[CastrTroy]

As long as you make it clear and consice that anything and everything can be shared, and that the user agrees to this, I see no problem with programs like these operating. What it's really designed to stop is P2P applications getting installed that don't tell the user they are sharing the whole C: drive by default. As long as you tell the user exactly what is happening, and they agree to it, there is no problem.

Re:Spill the beans

[fuzzyfuzzyfungus]

Freenet could, barring a truly weird judicial interpretation, comply pretty easily.

The only "shared folder" is the folder, of user allocated size, where freenet stores its encrypted chunks. Each of those chunks is one of the shared files. All freenet would have to do is say "When you install freenet, all files in folder X will be shared with other freenet nodes, as well as any files you explicitly upload". The fact that the user does not and cannot figure out what exactly the encrypted chunks are is neither here nor there.

Re:Spill the beans

[icebike]

Even more interesting is the provision right up front in section 2.a.2 exempting preloaded software on new computers as long as somewhere in the 40 pages of tiny print the purchaser is told that a back-door sharing program is installed.

So preloaded sharing programs and spyware installed by Sony is ok then...

The bill is 7 pages, people. READ IT.
http://energycommerce.house.gov/Press_111/20090930/hr1319_ains.pdf

Re:Spill the beans

[SeaFox]

Isn't it sad that now whenever any piece of legislation is crafted we automatically assume someone "bought" it and has ulterior motives to it's existence than what the bill would have you believe.

Do OS-included programs count?

[davidwr]

Do sftpd and Windows File Sharing count? The bill better be carefully worded or the law of unintended consequences and vendors screaming "waitaminuteididn'tknowmyproductqualified" will be the end result.

Unwanted software

[conureman]

I'd like to see criminal penalties for bundling undisclosed and unwanted software with any application. See if that gets past the lobbyists.

Re:Unwanted software

[Dog-Cow]

You are an idiot.

Upon installation, disclose to the user that additional programs are included and ensure there is a way to opt out of the installation of those other programs.

In other words: the user.

Stupid old men.

[Lord+Kano]

How do they expect to enforce this law on companies that produce software outside of the US?

Apparently they still don't understand how this internet thing works.

LK

Ummmm

[MikeRT]

even classified government documents have been found on these networks

If they're finding classified documents on the public internet, that means that they have a bigger problem like government employees disregarding security guidelines by putting them on unclassified networks.

Re:Ummmm

[kevinNCSU]

Yea, I get the feeling that's just a sensationalist flag the media likes to wave to make the story more interesting. I think the real reason here is kids installing p2p software without the parents knowledge and the sharing the my documents folder or the whole C: drive including all the parents tax returns and other personal information.

Re:Ummmm

[Kjella]

Just because you have multiple problems, doesn't mean you have to tackle them one at a time. Several of the early file sharing apps were intentionally vague, because they figured more content == popularity so they tried to let users share as much as possible with as little effort as possible, hidden away in defaulted checkboxes or EULAs. As usual the legislation is very late though, this might have been useful around napster, kazaa and edonkey but these days most tools are a lot more serious. Not to mention torrents, that don't really have the problem at all. I guess it's just another way of trying to kill off the authors of P2P tools to kill P2P, not that it will be more successful than the last 34234 attempts.

I'm sure it will be really effective.

[thewils]

Just like the Theft act prevents Theft.

In Other News...

[bbsguru]

... the installation of viruses and worms on computers you don't won is now illegal. Massive layoffs are expected in the BotNet industry...

Re:In Other News...

[blueZ3]

Wait, what about computers I did win?

Re:In Other News...

[CannonballHead]

... the installation of viruses and worms on computers you don't pwn is now illegal.

Much better.

Waste of time

[Shagg]

The same users that are dumb/ignorant enough to share their tax and medical records are the same ones that won't bother to read any "clear and conspicuous" warnings. They'll either not understand it or hit "OK" without reading it. You can't write laws that eliminate stupidity.

Re:Waste of time

[girlintraining]

You can't write laws that eliminate stupidity.

Doesn't stop them from trying.

Where is the "goodluckwiththat" tag?

[exabrial]

I guess the bill shows the fundamental lack of understanding of who makes these programs... But since we're making a wishlist, I think they should consider amending the bill to also:

Outlaw neighbor's kids on your lawn
Calling of mean names during recess
Impose regulations on which kids may be beat up on the bus, replacing the current "smallest kid" freemarket system.
Legalize marijuana and outlaw Light Beer.
Outlaw poverty, unhappiness, debt, bad driving and excessively loud cheering at football games.


did I miss anything?

Ulterior motive?

[Steve+Cox]

It could be that this bill is being passed simply to remove a set of excuses people might use when caught using P2P for sharing copyrighted material - hence the name of the bill.

If the software plainly states that it will be sharing a file with other people, then you cannot say 'I didn't know I was sharing it'. Likewise, you cannot say that it installed without your knowledge nor can you say it installed but you couldn't uninstall it.

This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....

Steve.

Re:Ulterior motive?

[girlintraining]

This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....

Yeah, it's like expecting a terrorist to care his car bomb is taking up two parking spaces.

Re:Ulterior motive?

[westlake]

This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....

The author might not care. But the distributor will.

No downloads from CNET - and - quite possibly - no downloads through Sourceforge or your favorite Linux repository either.

The distributor is exposed and he is likely to have a legally and financially significant presence in the U.S.

He can be reached and he can be hurt.

Re:Mod parent up

[ajs]

Yeh, that's the important point. Why not just ban spyware, period?

Spyware violates electronic privacy laws that already exist.

Liar, Liar.

[girlintraining]

The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved.

Sure it is. Now, how about taking a closer look;

the term "peer-to-peer file sharing program" means[...]
to designate files available for transmission to another computer
to transmit files directly to another computer; and
to request the transmission of files from another computer.

Well, that's basically "using the internet". And using the definition of "protected computer", if you can add a tcp/ip stack to your toaster, it's a protected computer. So what will it be illegal to do using anything with a microprocessor and can communicate with the outside world? Also, "authorized user" -- I suspect a lot of EULAs are going to be updated so that every company that has a piece of networkable software installed on your system is now also an authorized user. Unintended consequences are a bitch, aren't they? Your system is now legally required to be insecure and full of backdoors. ...prevent the reasonable efforts of an owner or authorized user from blocking the installation [of a] program or function thereof

So installing is now okay. 'Using' not available for comment. So we can still f*ck with it at the operating system level, or neuter it in memory -- messing with the code after installation or during runtime isn't covered. Oops.

to fail to provide a reasonable and effective means to disable or remove from the protected computer...[excessive legalese deleted]

Translation: Installers should come with uninstallers. We need a law for this? And without a definition of what "reasonable and effective" constitutes -- well, need I say more? Anyone try uninstalling Norton Antivirus lately? It's quicker just to nuke the drive from orbit, and it's the only way to be sure you got everything. Can I expect federal pound me in the ass prison time for all the Norton executives? No? Why -- oh, right... they're rich. But you there, little open source developer -- we know you're evil. I mean, you don't even have a brand identity!

Yeah... this ends well.

Re:Liar, Liar.

[mcgrew]

Translation: Installers should come with uninstallers. We need a law for this?

Since installers DO need uninstallers and many software houses either don't provide an uninstaller, or provide one that doesn't work, I'd say HELL YES. The law should not protect me from myself, but it SHOULD protect me from YOU.

Anyone try uninstalling Norton Antivirus lately?

I think a lot of folks would love to see their CEO and board in jail. If a law mandating effective uninstallers were passed, you'd see an easily removable Norton in record time.

Can I expect federal pound me in the ass prison time for all the Norton executives? No? Why -- oh, right... they're rich.

Then stop voting for candidates funded by the rich (i.e., Democrats and Republicans) and start voting for candidates from the other three major parties. And tell al your friends, relatives, and drunks at your neighborhood bar. Wringing your hands and saying "oh noes" isn't going to change anything.

Mod Parent Down

[geekoid]

People should not be modded up for not reading the article.

Re:Mod parent up

[commodore64_love]

So is spyware is already "banned" by privacy laws, why do we need this separate P2P legislation? Sorry I can't help being skeptical. The Patriot Act included things nobody knew about, and discovered later after passage, and I'm wondering if this P2P bill has similar "gotchas" hidden inside of it. Like:

- "We caught you P2Ping the latest Linux distro. Per U.S. law we are required to suspend your account until you agree not to use P2P." - MSN

Relevant Quote

[Kindgott]

"Anyone who says that the solution is to educate the users hasn't ever met an actual user."
-- Bruce Schneier

Re:Mod parent up

[MBGMorden]

Notice that this didn't ONLY ban spyware. It had stipulations that state that when a P2P app is installed it clearly indicates what is being shared. This will just prevent Joe Sixpack from installed AwesomeShareItAll v3.1 where it just shares out your entire hard drive without indicating it.

Personally, I just don't see too much evil in this bill.

Re:Mod parent up

[Bill_the_Engineer]

Yeah but it will also stop us from using FreeNet and other censorship-resistant, anonymous sharing networks. Read more here:

Please explain your position.

How would informing the P2P user about what is being shared on that user's computer prevent the user from using FreeNet and other anonymous sharing networks?

Aimed at Freenet?

[acid06]

Apparently, this bill is actually aimed at things such as the Freenet Project.
On Freenet, you actually don't know what is stored on your own computer (and thus, what you're sharing) as everything is encrypted.
Apparently, this effectively outlaws Freenet.

Re:Mod parent up

[Pinckney]

IANAL, but I don't think it applies because Freenet isn't a "a program, application, or software that is commercially marketed or distributed to the public."

Furthermore, my understanding is that Freenet stores the shared files in a single, encrypted file. Shared files are not stored within the host filesystem, correct? Then it need only notify the user that the encrypted file it uses will be shared, without necessarily notifying the user of the contents. Uploads to Freenet are accomplished with independent software that requires initiation by the user, and is therefore not covered by this law.

Re:Mod parent up

[adolf]

Naah.

Freenet stores its data in encrypted files and refers to them with hashes, right? I mean: It's just files on a filesystem, isn't it? So, all the software has to do to stay in compliance is state which of those files are being shared.

It doesn't state that it must decrypt the files. Or that the content of them must be disclosed. It would just need to report to the user the same stuff that already gets reported to Freenet at large.

Doing so is neither against this bill, nor against the spirit of Freenet, nor in any way any significant technical hurdle to overcome.

(Unless I'm very mistaken, in which case I welcome any corrections.)