The House Energy & Commerce Committee is scheduled to mark up tomorrow a bill dubbed the Informed P2P User Act (H.R. 1319) that aims to prevent accidental file-sharing by mandating the display of clear warnings during the installation and usage of P2P software. Critics, however, fear that the final bill might end up going much further, regulating FTP clients, web browsers and even complete operating systems.
The bill could also have implications for anyone trying to leverage P2P for video distribution via solutions like the Octoshape Flash plug-in that was used by CNN.com to handle the Obama inauguration livestream traffic. The irony of the whole controversy is that much of the support for H.R. 1319 has been motivated by an almost religious disdain for just one file-sharing program in particular.
The Informed P2P User Act, which was introduced by Rep. Mary Bono Mack (R-CA) in March, is supposed to prevent so-called inadvertent file-sharing, which has in the past resulted in the leaking of Social Security numbers, tax returns and even classified government documents. Inadvertent file-sharing is usually caused by users accidentally sharing their documents folder or even their entire hard disk with everyone connected to the same P2P network. The bill would force makers of P2P software to inform users about its file-sharing capabilities and get their informed consent before installing the software in question. Users would also have to acknowledge that they know what they’re about to do before sharing any file. Sounds reasonable, doesn’t it?
It would be, except the bill defines P2P applications as anything that “designate(s) files available for transmission to another computer” as well as transmits and receives files. Of course, the same can be said for FTP clients — or your browser, for that matter. “There’s little in this definition that limits the scope to an actual p2p application,” wrote Alex Curtis from Public Knowledge, and Declan McCullagh from CNet agreed: “Every copy of Windows, GNU/Linux, and Mac OS X sold in recent memory includes a command-line FTP client fitting that definition.” And the current definition would also affect P2P streaming solutions and BitTorrent clients, even though there is virtually no risk that anyone would share his Social Security number through downloading a torrent or accessing a P2P video stream.
One of the most vocal supporters of the bill is the Progress and Freedom Foundation’s Thomas Snydor, who’s testified before Congress numerous times about the subject. At the center of all of his testimonies is one single file-sharing client: LimeWire. Snydor alleges that the application has been intentionally designed to “prey on the weak” by tricking people into unknowingly sharing files.
He has repeatedly singled out functions of LimeWire that could lead to accidental file-sharing, claiming in his most recent testimony (PDF) that he was able to simulate the accidental sharing of almost 17,000 sensitive files “just by installing LimeWire 5.2.8.” Snydor had to backtrack later and admit that this was only possible because he prepared the PC by installing a previous version of LimeWire, enabling document sharing (an option hidden in a sub-menu that’s labeled with a clear warning message and takes six clicks to activate) and then uninstalling the earlier version before once again installing the client. LimeWire chairman Mark Gorton called the result of these actions in an interview with ComputerWeek “a highly misleading picture of reality.”
Of course, one might be able to argue that LimeWire could be doing a better job to prevent even such highly unlikely cases of accidental file-sharing. But do we really need a new bill for that? Even Thomas Snydor has difficulties justifying one. As he said in his most recent testimony, “[E]xisting laws already provide the authority needed to send a blunt and powerful message that would deter distributors of piracy-adapted file-sharing programs from causing further inadvertent sharing.”