The Energy and Commerce comittee recently passed the "Informed P2P User Act" and has sent it on to the full House for consideration. The Act is intended to protect computer users from inadvertently sharing confidential or personal information. However, this Act has been criticized as merely "feel good" legislation that provides no actual benefit.Congresswoman Mary Bono Mack first brought the Act in March 5, 2009. The purpose of the Act is "To prevent the inadvertent disclosure of information on a computer through the use of certain ‘peer-to-peer’ file sharing software without first providing notice and obtaining consent from the owner or authorized user of the computer."
While this sounds like a noble goal, the unintended consequences of this bill make it bad legislation.
A little background
One of the primary concerns prompting this Act is the leaking of confidential government information. This past year, classified information regarding the President's Marine One helicopter was leaked on the Internet. The source of the leak was a peer-to-peer program downloaded and installed onto a government computer. Another recent leak involved Secret Service details for the First Family. This involved sensitive information regarding Presidential motorcade routes and safe houses for the First Family.
Peer-to-peer software is used to share music, movies, and many other files on the Internet (think Bittorrent, Usenet, etc). However, sometimes software can end up sharing a majority of the users files, including private or sensitive information. The bill suggests that people using these peer-to-peer applications are often unaware of what they are actually sharing with the rest of the online community.
The Informed P2P User Act requires the following from software vendors. First, it requires clear and conspicuous notice. Prior to "initial activation", the P2P software must notify the user which of his or her files are subject to search and copy by other computers (lack of clarity on this point described in PK's crticisms below). The software then must obtain informed consent from the users. Second, the Act prevents devious or disingenuous tactics by software vendors. Secret or surreptitious installs are prohibited. The user must also have the ability to remove or disable the software.
The Act's goals appear logical in the abstract, however, there are several flaws when you try to apply the language to the reality of software. Essentially, the act aims to control the practical functioning of software, as opposed to simply trying to propose reasonable consumer disclosure requirements. Public Knowledge has identified five potential problems with the Act:
"1. Legislating Software Design: The bill is aimed at a specific technology and kind of application instead of simple non-tech-focussed consumer protection and disclosure principles. Instead it’s aimed at legislating the design and workings of common software. It’s the exact kind of thing that has all kinds of unintended and unforeseeable consequences.
2. Over / Under Inclusive Definition: No matter how narrow the definition of “covered file-sharing program” may seem, it’s going to include more and less than is intended or desirable. Over inclusive: bill would include basic operating systems like Windows 7 and Mac OS X that enable file sharing; iTunes shares media files as well. Under inclusive: bill would not include applications that simply upload the entirety of a user’s hard drive to the web.
3. “Initial Activation” Needs Clarification: The amendment, just like the previous bill, requires the software to notify the user at installation and “initial activation of a file sharing function.” The problem remains that there are a number of interpretations of what this means, here are three: A. The first time an application is installed and launched; B. Every time the application is launched; or C. Every time the feature is enabled. Unless the language is made clear, developers not wanting to incur penalties will err on the side of notice, which means the most notifications.
4. Applies to Software Already Written: Software that has already been written and is still being distributed, but not maintained by a developer or manufacturer may fall prey to the provisions of this bill. Unless otherwise exempted, this would require developers to update their older software at great cost, unless they wanted incur penalty of law.
5. Interferes with User and Administrator Choice: This bill would require a fundamental change in how much software operates. Users, especially system administrators, make informed choices about the applications that will meet their needs — especially those that “just run” without user interaction. In many cases, how an application installs, launches, and operates behind the scenes is part of their decision, and this bill would interfere with how they run their systems."
