US Lawmakers Set Sights On P2P Programs

After the FTC sent letters to 100 organizations warning them that their data is being leaked on P2P networks — and now has requested detailed operational data from at least a subset of those organizations — it was pretty likely that anti-P2P legislation would get proposed. Two senators have introduced the P2P Cyber Protection and Informed User Act, which "...would prohibit peer-to-peer file-sharing programs from being installed without the informed consent of the authorized computer user. The legislation would also prohibit P2P software that would prevent the authorized user from blocking the installation of a P2P file-sharing program and/or disabling or removing any P2P file-sharing program. Software developers would be required to clearly inform users when their files are made available to other peer-to-peer users under legislation introduced Feb. 24 by Sens. Amy Klobuchar, D-Minn., and John Thune, R-S.D."

Actually anti-spam/botnet?

[BadAnalogyGuy]

Most well-known P2P software is deliberately installed. And users are told where their shared files will be.

So how would P2P software be installed without consent? Perhaps spambots and other nefarious malware?

That makes this less "P2P-related" and more anti-spam. And that's a good thing, I think.

Re:Actually anti-spam/botnet?

[Monkeedude1212]

Most well-known P2P software is deliberately installed. And users are told where their shared files will be.

So how would P2P software be installed without consent?

Happens at work all the time. The users are not authorized to install P2P Software, but it happens. Managers get administrative rights to the computers under their controls, they get lazy with permissions and give their underlings local admins... And before you know it we get a few hundred calls to ISOHunt.

Then we drop in a couple canisters of Tear Gas, have the exits swarmed with armed IT Technicians, and shove the offenders into the back of our Van. Hellz yeah. ...

Sigh... Do you fantasize about your job?

Re:Actually anti-spam/botnet?

[NeutronCowboy]

I don't know. I'm hugely suspicious of this, for two reasons: Congress has a nasty habit of not understanding the technological ramifications of their legislation. And when they do make legislation where they understand the ramifications, it's generally for the purpose of making sure that corporations don't have their business models cut out from underneath them.

While on the face of it, the bill seems alright (don't hide what your program does), I don't understand why it's specifically targeting P2P programs. Wouldn't it make sense to have the bill simply say "software should never be installed without the users consent" and "software should not be misleading in their activities"? What bothers me is the insistence from the two politicians that P2P programs somehow present an inherent privacy and security risk. I'm putting on my tinfoil hat here for a second, but I'm guessing that this has to be read in the larger context that P2P software is bad in general, and should be tightly regulated.

I don't like where this is going. As the bill reads, it won't solve any problem that currently exists, and assumes something dangerous: that a specific type of software is somehow worse than others. I'm expecting that these two politicians will soon propose bills that restrict peer-to-peer connectivity in general (goodbye net neutrality) and legislate what software can and cannot do (goodbye software startups written by a single person).

Re:Either I'm retarded (given) or this makes no se

[ig88b]

I had to read it a couple times too. They're basically trying to prevent "hidden" p2p software.

Legislate a technical solution.

[Kuroji]

Because it's worked so well in the past, when some idiot is breaking the rules to install some sort of software that they're already not allowed to install...

What's next, are we going to legislate against games being installed on workplace computers?

Re:Legislate a technical solution.

[StikyPad]

What's next, are we going to legislate against games being installed on workplace computers?

God, I hope so. I'll change my title to Computer, and file a lawsuit the next time my superiors start playing their little reindeer games.

Re:Either I'm retarded (given) or this makes no se

[Bagels]

Basically, it sounds like there's two things here. Blocking P2P software that interferes with other P2P software in a malware-esque fashion, and enforcing clear notifications that shared files are, well, shared. Seems dumb, but a lot of folks out there don't realize that if they share "My Documents," everything from their tax records to their secret porn stash is going to be on the web for all and sundry to download. This hits home particularly hard for gov't employees, considering some of the sensitive stuff that's leaked through LimeWire and the like over the years.

Re:Either I'm retarded (given) or this makes no se

[BhaKi]

Simple, mate. It just means you'll no longer be able to say "OMG! I had no idea that my computer was sharing that movie" in court.

Why limit it to P2P programs?

[Dr_Barnowl]

As far as I'm concerned they should extend it further. It seems like a
good set of principles, why limit it to programs that communicate across
a network?

It should be prohibited to install ANY program on a computer without the
informed consent of the user. And programs that remove other programs,
or block the operation of other programs, without the user being informed,
should also be illegal.

Of course, this would cover some of the DRM techniques that block
disk image emulation, and probably a few other DRM techniques.

And yes, any program that serves your files up to the internet shouldn't
do it without your consent. Until recently, that would have included
Windows file sharing....

Re:Either I'm retarded (given) or this makes no se

[poetmatt]

That's how I read this too. However, the devil is in the details, which we don't have.

Given that a: usually a bill is introduced with opposite meaning to the statement of the bill if it's done by a bad politician and that b: it could be about the above but introduce some other issues, I'll hold my breath. I also can't find this act anywhere, other than it being mentioned as "to be introduced".

This is a type of bill that could easily be subverted by bad interests depending on who influences it.

Minus p2p

[Strilanc]

If you remove 'p2p' from this, it almost makes sense. Not allowing software to stealth-install or block uninstallation? Why isn't that already a law?

Re:Either I'm retarded (given) or this makes no se

[icebike]

I had to read it a couple times too. They're basically trying to prevent "hidden" p2p software.

Exactly, or drive by installed P2P software that shares your entire disk just because you wanted a torrent of the latest OpenSUSE distro.

While this in itself would be commendable, these things end up being a gloss of what really gets implemented in regulation. What starts out looking like protection for the consumer is really a ploy to remove plausible deniablity as a defense.

Further, such a bill would do nothing when Little Billy, who is an authorized user of Mom's machine, gives away the family tax returns while trying to get the next level of Wonder Rabbit to download by clicking thru that popup warning.

There are already laws prohibiting unauthorized used of a computer, and the government already knows exactly who the bot masters and spam masters are, yet they walk around untouched while the "real criminals" are sued into poverty for sharing a song. Do we really need more unenforceable laws prohibiting what is already prohibited?

Reminds me of casablanca

[voss]

Senator: Im shocked...SHOCKED theres p2p sharing going on
Senator's Son: Hey dad I just finished updating your music collection
Senator: Great!

Re:Either I'm retarded (given) or this makes no se

[AlamedaStone]

Inept sharing is different from unauthorized access. Inept sharing means that other do have authorization to access the documents.

Yes, and with this law, we would finally make it illegal to be inept! Problem solved.

Re:Either I'm retarded (given) or this makes no se

But why have a law restricted to p2p software? Wouldn't it make more sense to prohibit this sort of hidden installation of any software?

Re:Either I'm retarded (given) or this makes no se

[meustrus]

Seems to me like this just does two things:

• Software requires explicit user consent to install.
• Software requires explicit user consent to share files.

The first seems like common sense for all software, not just P2P (if it already existed, this provision would be redundant). If the law also clearly defined the difference between an "update" and "new software," it might prevent Microsoft from pushing out WGA as an automatic update. It could also provide legal provision against a specific hacker activity, installing malware, rather than the blanket DMCA provision against unauthorized computer access (which could be playful and/or harmless, whereas silently installing software almost never is).

As for the second one, I once installed Shareaza, and found eventually that it had downloaded a lot of high profile pirated software, presumably to share on the network and increase download speeds for other users. The program itself showed no indication of where these files came from, or how to remove them or stop sharing them. In the process, it implicated my as a copyright infringer without my intent, or even any benefit from the usage of the pirated software. Obviously there are more problems with technically illiterate people, but even a technical person could be bamboozled by the right program into sharing sensitive documents or participating in illegal activities. Again, these are actions most used by nefarious hackers.

So, it's a law that should, in effect, provide real, useful provisions against hackers. It is not banning P2P as a technology, nor is it even targeting the sharing of copyrighted materials AFAIK.