When last we spoke to you, back in May, about HR 1319, it had recently been introduced and was just having a hearing. The bill’s sponsors want you, the consumer, to be protected from software that can share the private and valuable files on your computer with others via the network. The original bill, in name only, focussed on P2P file sharing software, but the language of the bill actually did very little to limit its scope. Today, Public Knowledge has obtained the bill’s new language and tomorrow the bill will be marked up in full Committee, likely with little complaint.
Except for ours.
The “manager’s amendment” of the bill replaces the entire previous bill’s language. Bills usually get this process at a subcommittee level, but this one didn’t. It was introduced, had a hearing, and now we’re at full committee markup without a subcommittee markup. It happens.
There are many changes to the bill, but fundamentally, the same problems persist:
Legislating Software Design: The bill is aimed at a specific technology and kind of application instead of simple non-tech-focussed consumer protection and disclosure principles. Instead it’s aimed at legislating the design and workings of common software. It’s the exact kind of thing that has all kinds of unintended and unforeseeable consequences.
Over / Under Inclusive Definition: No matter how narrow the definition of “covered file-sharing program” may seem, it’s going to include more and less than is intended or desirable. Over inclusive: bill would include basic operating systems like Windows 7 and Mac OS X that enable file sharing; iTunes shares media files as well. Under inclusive: bill would not include applications that simply upload the entirety of a user’s hard drive to the web.
“Initial Activation” Needs Clarification: The amendment, just like the previous bill, requires the software to notify the user at installation and “initial activation of a file sharing function.” The problem remains that there are a number of interpretations of what this means, here are three: A. The first time an application is installed and launched; B. Every time the application is launched; or C. Every time the feature is enabled. Unless the language is made clear, developers not wanting to incur penalties will err on the side of notice, which means the most notifications.
Applies to Software Already Written: Software that has already been written and is still being distributed, but not maintained by a developer or manufacturer may fall prey to the provisions of this bill. Unless otherwise exempted, this would require developers to update their older software at great cost, unless they wanted incur penalty of law.
Interferes with User and Administrator Choice: This bill would require a fundamental change in how much software operates. Users, especially system administrators, make informed choices about the applications that will meet their needs — especially those that “just run” without user interaction. In many cases, how an application installs, launches, and operates behind the scenes is part of their decision, and this bill would interfere with how they run their systems.
At the moment, there doesn’t seem to be a lot of angst over this language. We haven’t heard that developers or software manufacturers are putting up much, if any fight over this language, even though many operating systems offer filesharing, some even turned on by default. I’m really not sure how those commercial developers of scripts and behind the scenes daemons are going to manage with this new regulation. Oddly enough, it may be that the P2P app devs are the most equipped to not running afoul of this bill, as an industry leader testified that they probably already comply.
You can tune into the markup in the House Energy and Commerce Committee and we’ll probably have some tweet updates, so stay tuned.
Tastes Great, Less Filling?
I just read the text of this bill. “full of sound and fury; signifying nothing”
I can’t think of a current scenario that this would stop. Nothing. Software installation, by its very procedure, is “opt in.” Knowingly installing a peer-to-peer file sharing program is, as it turns out, knowingly installing a peer-to-peer file sharing program. Configuring a file-sharing program to share a particular file, or all files in a particular directory is doing exactly that with intention.
So what does this bill do exactly, in real terms, as it would apply to software today or yesterday? It’s hard to object to something that does nothing, so I don’t expect much push-back; except now we Americans (and lawmakers) will think we’ve accomplished something (when we have not) and that we’re somehow safer tomorrow than we were yesterday (when we are not). Meanwhile, as Alex as pointed out, we’ve left a bucketload of questions and interpretation issues for future developers to worry about.
This whole thing started because people found private or sensitive material on the P2P networks earlier this year. After this bill passes, I say with all certainty that next year we will find that it will not have affected that problem one iota.
Robb Topolski
coincidence
“unintended and unforeseeable consequences”
Isn’t that what Time Warner and Comcast are [incorreclty] claiming as the inherent issue with Net Neutrality? Perhaps there’s a way to inform the public with a comparison between these two topics.
P2P bill should take measures against piracy
The P2P bill should do more than prevent unknowing sharing. It should also require P2P programs not to try to hide their activities — either from the user or the network operator. (P2P programs often start up in the background and act as “bandwidth vampires;” they also can sap resources from businesses’ networks and/or jeopardize proprietary company information.) They should be required not to operate on networks where they are prohibited by policy (e.g. networks where life-and-death emergency VoIP calls might be garbled or blocked by P2P). And they should be required not to defeat network security devices such as firewalls. (Many P2P programs engage in an activity known as “firewall punching,” which creates security breaches in network firewalls.) These activities are just as dangerous as “leaking” random files. Finally, measures should be instituted to prevent these programs from being used for piracy of intellectual property — which is what they were originally designed for and which is their most common use today.
Yawn!
Brett (ISP),
You can operate your network and enforce against P2P program operators provided such prohibitions and enforcement is disclosed (it is, in your case) and reasonable (you and I debate this, but I defer to your experienced call for your particular network).
P2P programs run in the background because they are background activities. They’re not very interactive. Ironically, efforts by ISPs to block them or slow them actually results in P2P tasks taking longer to complete. Fortunately, this doesn’t work often and in so much as it does, it doesn’t exacerbate the problem.
But, as you know, you don’t need to decrypt packets or block ports to know one is running. They have a distinct pattern of flows and volumes.
Your anti-P2P crusade, however, is nonsense. Why should an ISP who permits P2P care about firewall punching, which is designed to overcome obstacles in residential firewalls and is a method used by other programs like Skype?
Robb Topolski
Bill of Attainder
Point four would make it an ex-post-facto law, and invalidate it if the courts choose to uphold the U.S. Constitution. (You never know).