US Lawmakers Set Sights On P2P Programs

← Back to Stories (view on slashdot.org)

US Lawmakers Set Sights On P2P Programs

Posted by kdawson on Friday February 26, 2010 @04:51AM from the noes-of-the-camel dept.

After the FTC sent letters to 100 organizations warning them that their data is being leaked on P2P networks — and now has requested detailed operational data from at least a subset of those organizations — it was pretty likely that anti-P2P legislation would get proposed. Two senators have introduced the P2P Cyber Protection and Informed User Act, which "...would prohibit peer-to-peer file-sharing programs from being installed without the informed consent of the authorized computer user. The legislation would also prohibit P2P software that would prevent the authorized user from blocking the installation of a P2P file-sharing program and/or disabling or removing any P2P file-sharing program. Software developers would be required to clearly inform users when their files are made available to other peer-to-peer users under legislation introduced Feb. 24 by Sens. Amy Klobuchar, D-Minn., and John Thune, R-S.D."

39 of 180 comments (clear)

Min score:

Reason:

Sort:

Either I'm retarded (given) or this makes no sense by Em+Emalb · 2010-02-26 04:53 · Score: 2, Informative

"...would prohibit peer-to-peer file-sharing programs from being installed without the informed consent of the authorized computer user. The legislation would also prohibit P2P software that would prevent the authorized user from blocking the installation of a P2P file-sharing program and/or disabling or removing any P2P file-sharing program.
They speak English on What?

--
Sent from your iPad.
Actually anti-spam/botnet? by BadAnalogyGuy · 2010-02-26 04:56 · Score: 5, Insightful

Most well-known P2P software is deliberately installed. And users are told where their shared files will be.
So how would P2P software be installed without consent? Perhaps spambots and other nefarious malware?
That makes this less "P2P-related" and more anti-spam. And that's a good thing, I think.
1. Re:Actually anti-spam/botnet? by BadAnalogyGuy · 2010-02-26 04:59 · Score: 2, Funny
  
  Windows phone home
  Ouch.
2. Re:Actually anti-spam/botnet? by Monkeedude1212 · 2010-02-26 05:06 · Score: 2, Informative
  
  It does. Though you can opt to use the mirror - though they only recommend it if the P2P Services don't work for various reasons.
3. Re:Actually anti-spam/botnet? by Monkeedude1212 · 2010-02-26 05:16 · Score: 5, Funny
  
  Most well-known P2P software is deliberately installed. And users are told where their shared files will be.
  So how would P2P software be installed without consent?
  Happens at work all the time. The users are not authorized to install P2P Software, but it happens. Managers get administrative rights to the computers under their controls, they get lazy with permissions and give their underlings local admins... And before you know it we get a few hundred calls to ISOHunt.
  Then we drop in a couple canisters of Tear Gas, have the exits swarmed with armed IT Technicians, and shove the offenders into the back of our Van. Hellz yeah. ...
  Sigh... Do you fantasize about your job?
4. Re:Actually anti-spam/botnet? by NeutronCowboy · 2010-02-26 05:36 · Score: 4, Insightful
  
  I don't know. I'm hugely suspicious of this, for two reasons: Congress has a nasty habit of not understanding the technological ramifications of their legislation. And when they do make legislation where they understand the ramifications, it's generally for the purpose of making sure that corporations don't have their business models cut out from underneath them.
  While on the face of it, the bill seems alright (don't hide what your program does), I don't understand why it's specifically targeting P2P programs. Wouldn't it make sense to have the bill simply say "software should never be installed without the users consent" and "software should not be misleading in their activities"? What bothers me is the insistence from the two politicians that P2P programs somehow present an inherent privacy and security risk. I'm putting on my tinfoil hat here for a second, but I'm guessing that this has to be read in the larger context that P2P software is bad in general, and should be tightly regulated.
  I don't like where this is going. As the bill reads, it won't solve any problem that currently exists, and assumes something dangerous: that a specific type of software is somehow worse than others. I'm expecting that these two politicians will soon propose bills that restrict peer-to-peer connectivity in general (goodbye net neutrality) and legislate what software can and cannot do (goodbye software startups written by a single person).
  
  --
  Those who can, do. Those who can't, sue.
Re:Either I'm retarded (given) or this makes no se by ig88b · 2010-02-26 04:56 · Score: 4, Insightful

I had to read it a couple times too. They're basically trying to prevent "hidden" p2p software.
Legislate a technical solution. by Kuroji · 2010-02-26 04:56 · Score: 3, Insightful

Because it's worked so well in the past, when some idiot is breaking the rules to install some sort of software that they're already not allowed to install...
What's next, are we going to legislate against games being installed on workplace computers?
1. Re:Legislate a technical solution. by Kuroji · 2010-02-26 05:03 · Score: 2, Insightful
  
  I would wager money that the majority of those organizations have rules against installing unauthorized programs on their computers, specifically P2P software in many cases.
  Those rules.
2. Re:Legislate a technical solution. by StikyPad · 2010-02-26 05:03 · Score: 4, Funny
  
  What's next, are we going to legislate against games being installed on workplace computers?
  God, I hope so. I'll change my title to Computer, and file a lawsuit the next time my superiors start playing their little reindeer games.
  
  --
  https://www.eff.org/https-everywhere
Re:Either I'm retarded (given) or this makes no se by Bagels · 2010-02-26 04:57 · Score: 5, Insightful

Basically, it sounds like there's two things here. Blocking P2P software that interferes with other P2P software in a malware-esque fashion, and enforcing clear notifications that shared files are, well, shared. Seems dumb, but a lot of folks out there don't realize that if they share "My Documents," everything from their tax records to their secret porn stash is going to be on the web for all and sundry to download. This hits home particularly hard for gov't employees, considering some of the sensitive stuff that's leaked through LimeWire and the like over the years.

--
--- Bwah?
Re:Either I'm retarded (given) or this makes no se by BhaKi · 2010-02-26 04:59 · Score: 5, Insightful

Simple, mate. It just means you'll no longer be able to say "OMG! I had no idea that my computer was sharing that movie" in court.

--
The largest prime factor of my UID is 263267.
Why limit it to P2P programs? by Dr_Barnowl · 2010-02-26 05:02 · Score: 5, Insightful

As far as I'm concerned they should extend it further. It seems like a
good set of principles, why limit it to programs that communicate across
a network?
It should be prohibited to install ANY program on a computer without the
informed consent of the user. And programs that remove other programs,
or block the operation of other programs, without the user being informed,
should also be illegal.
Of course, this would cover some of the DRM techniques that block
disk image emulation, and probably a few other DRM techniques.
And yes, any program that serves your files up to the internet shouldn't
do it without your consent. Until recently, that would have included
Windows file sharing....
1. Re:Why limit it to P2P programs? by tepples · 2010-02-26 05:08 · Score: 2, Insightful
  
  It should be prohibited to install ANY program on a computer without the informed consent of the user.
  But how many times should the user be required to give consent for a software distribution that comprises dozens or thousands of packages? Operating system distributions like Ubuntu and Fedora come to mind.
2. Re:Why limit it to P2P programs? by QRDeNameland · 2010-02-26 05:42 · Score: 2, Funny
  
  Since the user is installing the software, isn't that consent? I don't know about *informed* consent, but that seems impossible to measure unless software distributors have to test the users to make sure they know what they are doing.
  This seems to be an appropriate illustration of that point.
  
  --
  Momentarily, the need for the construction of new light will no longer exist.
3. Re:Why limit it to P2P programs? by tepples · 2010-02-26 07:34 · Score: 2, Informative
  
  Also, among Linux geeks, it is common knowledge that a GNU/Linux system comes with third-party software that most people expect to be present (e.g. Apache, KDE).
  You mean like Transmission, a BitTorrent client? Or Samba, a set of tools for sharing files in a way compatible with Windows? Or Ubuntu One, which allows users to back up files to a 2 GB online space (or, in a future version, across the local network) and share some of these backed-up files? All of these are included with the Ubuntu distribution of GNU/Linux, and both are "P2P" software.
4. Re:Why limit it to P2P programs? by mcgrew · 2010-02-26 08:32 · Score: 2, Insightful
  
  Since the user is installing the software, isn't that consent?
  The user of the computer is not necessarily the OWNER of the computer. The computer on my desk at work belongs to my employer, and he has every right to forbid me from installing P2P, or any other software he doesn't want on it.
  And should my next door neighbor be able to visit me at my house and say "can I use your PC for a minute" and install Kazaa or Windows on it without my permission?
  
  --
  Free Martian Whores!
This is so stupid my eye is twitching. by jtownatpunk.net · 2010-02-26 05:10 · Score: 2, Interesting

First of all, I find it hard to believe that it isn't already illegal to surreptitiously install software on someone's computer. And even more illegal to install software that steals data.
Second, if that's not already illegal, why are they making a law that only targets one specific type of software?
Either the entire plan is utterly ignorant or this is a "foot in the door" to outlaw P2P. Either way, I think our government has more important issues to deal with right now.
1. Re:This is so stupid my eye is twitching. by misexistentialist · 2010-02-26 09:55 · Score: 2, Insightful
  
  It's typical for the legislature to justify its full-time existence by passing laws in response to singular high-profile events (usually named after a pathetic victim), and to design the laws to prevent the event from happening by restricting individual freedom.
  
  In this case there was a lazy/stupid government employee who leaked information via p2p by sharing his entire drive, so lawmakers respond with a broad law that will result in millions of dollars being spent and the course of history being changed rather than let the one employee be fired (along with any supervisors and IT workers who didn't enforce computer security policies). I'm sure the idea of making all p2p software illegal was brought up, but they probably ran into difficulties coming up with a legal definition that didn't outlaw internet browsers too. Between child porn and terrorist communication it's only a matter of time before they ban it anyway.
Re:Either I'm retarded (given) or this makes no se by choongiri · 2010-02-26 05:11 · Score: 2, Informative

Yeah, that's a total mind-fuck of a paragraph. My attempt at parsing it: would prohibit peer-to-peer file-sharing programs { from being installed without the informed consent of the authorized computer user } and { that would prevent the authorized user from { blocking the installation of a P2P file-sharing program } and/or { disabling or removing any P2P file-sharing program. } }
Yep. Everything can be fixed with new laws. by Hazelfield · 2010-02-26 05:12 · Score: 2, Interesting

So we're looking at a law that requries P2P software to inform about what P2P means and demand explicit consent from the user (which everyone will doubtlessly click away as readily as we dismiss EULAs, i.e. as soon as we've found the right button).

To me it looks like a cheap and easy way of making it look like you're solving a problem. Doesn't say anything about the severity of that problem or the efficiency of the solution, but you can't get everything I suppose.
Re:Either I'm retarded (given) or this makes no se by poetmatt · 2010-02-26 05:17 · Score: 4, Insightful

That's how I read this too. However, the devil is in the details, which we don't have.
Given that a: usually a bill is introduced with opposite meaning to the statement of the bill if it's done by a bad politician and that b: it could be about the above but introduce some other issues, I'll hold my breath. I also can't find this act anywhere, other than it being mentioned as "to be introduced".
This is a type of bill that could easily be subverted by bad interests depending on who influences it.
Minus p2p by Strilanc · 2010-02-26 05:22 · Score: 4, Interesting

If you remove 'p2p' from this, it almost makes sense. Not allowing software to stealth-install or block uninstallation? Why isn't that already a law?
1. Re:Minus p2p by julesh · 2010-02-26 05:36 · Score: 2, Informative
  
  If you remove 'p2p' from this, it almost makes sense. Not allowing software to stealth-install or block uninstallation? Why isn't that already a law?
  Here in the UK, it _almost_ is. The Computer Misuse Act 1990 states:
  
  (a) he does any act which causes an unauthorised modification of the contents of any computer; and
  (b) at the time when he does the act he has the requisite intent and the requisite knowledge.
  (2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing--
  (a) to impair the operation of any computer;
  (b) to prevent or hinder access to any program or data held in any computer; or
  (c) to impair the operation of any such program or the reliability of any such data.
  (3) The intent need not be directed at--
  (a) any particular computer;
  (b) any particular program or data or a program or data of any particular kind; or
  (c) any particular modification or a modification of any particular kind.
  (4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.
  
  The only problem is the requirement that you have to know the modification is unauthorised before you can be prosecuted. In practice, this means that people who intentionally install malware on systems can be prosecuted, but malware authors generally can't (unless, of course, they're the same person).
How is this bad? by Khisanth+Magus · 2010-02-26 05:27 · Score: 2, Insightful

I dislike the government as much as anyone, particularly their views on "piracy"...but I don't really see what is wrong with this law. It prohibits P2P software from being installed without your consent, and forces that P2P software to tell you what it is sharing with other people. How are these bad?
1. Re:How is this bad? by Dunbal · 2010-02-26 06:13 · Score: 2
  
  How are these bad?
  Because the government has no business getting between me and my computer, just like my OS has no business letting things install themselves without my permission. It took redmond a while to realize that opening up the user's computer for access by the WORLD was a "bad idea", and finally they have made the default "no permission" unless authorized.
  That stupid people STILL click on anything, open any attachment, and naively load all sorts of programs onto their machines is not something the government should prevent. Just like they shouldn't be watching over your shoulder every minute to make sure you don't kill yourself.
  If I WANT to load a program, I will - be there a law against it or NOT. Criminalizing it with laws that are prohibitively expensive to actually enforce is a waste of taxpayer resources. With 2 wars going on and all the social problems in the world, they can't think of anything better to do with public funds?
  The ONLY use for a law like this is finding something to charge a person with ONCE HE HAS ALREADY BEEN ARRESTED/SEARCHED for a different reason. "Oh we seized your laptop to search it because you [fit the profile|were the next randomly selected person to be searched|we felt like it] and we didn't find any child pornography or evidence of money laundering, which is what we were looking for. HOWEVER we DID notice while going through your Windows Registry that at one point you had P2P program XYZ installed. This is an illegal program, and for that reason you are being arrested - put your hands behind your back...
  
  --
  Seven puppies were harmed during the making of this post.
2. Re:How is this bad? by wjousts · 2010-02-26 07:26 · Score: 2, Insightful
  
  How are these bad?
  Because the government has no business getting between me and my computer
  How are they getting between you and your computer? You can still install P2P programs, just those programs will have to tell you that they are P2P (not a problem for a program that only does P2P, but some other programs use P2P for updates that users might not understand) and tell you what they are sharing.
Re:Either I'm retarded (given) or this makes no se by icebike · 2010-02-26 05:28 · Score: 4, Insightful

I had to read it a couple times too. They're basically trying to prevent "hidden" p2p software.
Exactly, or drive by installed P2P software that shares your entire disk just because you wanted a torrent of the latest OpenSUSE distro.
While this in itself would be commendable, these things end up being a gloss of what really gets implemented in regulation. What starts out looking like protection for the consumer is really a ploy to remove plausible deniablity as a defense.
Further, such a bill would do nothing when Little Billy, who is an authorized user of Mom's machine, gives away the family tax returns while trying to get the next level of Wonder Rabbit to download by clicking thru that popup warning.
There are already laws prohibiting unauthorized used of a computer, and the government already knows exactly who the bot masters and spam masters are, yet they walk around untouched while the "real criminals" are sued into poverty for sharing a song. Do we really need more unenforceable laws prohibiting what is already prohibited?

--
Sig Battery depleted. Reverting to safe mode.
Reminds me of casablanca by voss · 2010-02-26 05:32 · Score: 4, Funny

Senator: Im shocked...SHOCKED theres p2p sharing going on
Senator's Son: Hey dad I just finished updating your music collection
Senator: Great!
Re:the guv'mint by hitmark · 2010-02-26 05:39 · Score: 2, Insightful

good luck getting doctors, engineers, or something similar to drop their well payed jobs and go into politics.

--
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Re:Either I'm retarded (given) or this makes no se by AlamedaStone · 2010-02-26 05:47 · Score: 4, Funny

Inept sharing is different from unauthorized access. Inept sharing means that other do have authorization to access the documents.
Yes, and with this law, we would finally make it illegal to be inept! Problem solved.

--
"All these years believing you're the signified monkey, only to find out you're just a big hunk of nobody cares."
Re:Either I'm retarded (given) or this makes no se by Anonymous Coward · 2010-02-26 05:47 · Score: 5, Insightful

But why have a law restricted to p2p software? Wouldn't it make more sense to prohibit this sort of hidden installation of any software?
Re:Either I'm retarded (given) or this makes no se by meustrus · 2010-02-26 05:49 · Score: 3, Insightful
Seems to me like this just does two things:
- Software requires explicit user consent to install.
- Software requires explicit user consent to share files.
The first seems like common sense for all software, not just P2P (if it already existed, this provision would be redundant). If the law also clearly defined the difference between an "update" and "new software," it might prevent Microsoft from pushing out WGA as an automatic update. It could also provide legal provision against a specific hacker activity, installing malware, rather than the blanket DMCA provision against unauthorized computer access (which could be playful and/or harmless, whereas silently installing software almost never is).
As for the second one, I once installed Shareaza, and found eventually that it had downloaded a lot of high profile pirated software, presumably to share on the network and increase download speeds for other users. The program itself showed no indication of where these files came from, or how to remove them or stop sharing them. In the process, it implicated my as a copyright infringer without my intent, or even any benefit from the usage of the pirated software. Obviously there are more problems with technically illiterate people, but even a technical person could be bamboozled by the right program into sharing sensitive documents or participating in illegal activities. Again, these are actions most used by nefarious hackers.
So, it's a law that should, in effect, provide real, useful provisions against hackers. It is not banning P2P as a technology, nor is it even targeting the sharing of copyrighted materials AFAIK.
--
I sometimes ask revealing, often ignorant-seeming questions. Maybe they're harder to answer than you think.
User accountability by HydroPhonic · 2010-02-26 06:11 · Score: 2, Insightful

is what this law tries to ensure. No more users complaining ignorance of what their programs are "making available"... Definitely a boon for *AA organizations....
Re:Why stifle progress? by petermgreen · 2010-02-26 06:32 · Score: 2, Interesting

Bittorrent is an awesome protocol. It's a leap technologically from the old server/client download model
Not really, peer to peer in general and bittorrent in particular is a reaction to a few things
1: upside-down pricing models that make end users upstream essentially free but hosting bandwidth expensive.
2: trying to get central warez hubs off on the technicality that they aren't actually distributing the warez.
3: the lack of multicast on the regular internet.
Technically IMO pushing content unnessaceraly through users very limited upstreams is a majoor step backwards,

--
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Watch For Riders by IonOtter · 2010-02-26 06:51 · Score: 2, Interesting

This bill in and of itself doesn't seem so bad? Pretty stock, kinda blah, a bit silly that such a thing is being seen as requiring a law?
But there's two potential paths.
1. This could be used to add more charges to spammers once they get caught. Stacking the offenses, so to speak, which is fine by me, really?
2. This is a "gimme" bill, one that's sure to pass because it's so simple and palatable. At least until they start tacking on riders, anyway? Now you've got a mild bill that has a few dozen rabid hyenas stapled to it, that nobody wants to try and kill. "Think of the Children" bills are notorious for this.

--
[End Of Line]
Re:Either I'm retarded (given) or this makes no se by Anonymous Coward · 2010-02-26 06:52 · Score: 2, Funny

MS would block that law.
Re:Either I'm retarded (given) or this makes no se by HungryHobo · 2010-02-26 08:15 · Score: 2, Interesting

Why the focus on P2P?
Surely it would be better to target all malware writers who silently install ANY software on your computer and use your bandwidth without your knowledge.
Is it really better if it's an FTP server the malware installs rather than a bittorrent client?
I bet hollywood are behind this by JustNiz · 2010-02-26 10:20 · Score: 2, Interesting

Superficially this is just yet more legislation that demonstrates how little our legislators actually understand the issue or the tech involved.
My guess is that this is actually a well-reasoned step by the music & movie industries to make non-technical people (including legislators) incorrectly beleive that P2P itself (which is just an internet protocol) is somehow intrinsically bad. It makes their next step, trying to convince lawmakers to make any/all P2P illegal, easier if they are misled first.