An anonymous reader writes "This week the House Energy and Commerce Committee passed the 'Informed P2P User Act' and has sent it along to the full House for consideration. The bill, which appears to have heavy support on both sides of the political fence, simply states that P2P software must not install extra software or prevent users from removing it, in addition to being 'clear and conspicuous' about which files are being shared and getting user consent to share them. 'Rep. Henry Waxman (D-CA), the powerful committee chairman, opened the markup session by warning about "the danger of inadvertent sharing of sensitive information through the use, or misuse, of certain file sharing programs. Tax returns, medical files, and even classified government documents have been found on these networks. The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved."'"
So is spyware is already "banned" by privacy laws, why do we need this separate P2P legislation? Sorry I can't help being skeptical. The Patriot Act included things nobody knew about, and discovered later after passage, and I'm wondering if this P2P bill has similar "gotchas" hidden inside of it. Like:
- "We caught you P2Ping the latest Linux distro. Per U.S. law we are required to suspend your account until you agree not to use P2P." - MSN
Notice that this didn't ONLY ban spyware. It had stipulations that state that when a P2P app is installed it clearly indicates what is being shared. This will just prevent Joe Sixpack from installed AwesomeShareItAll v3.1 where it just shares out your entire hard drive without indicating it.
Personally, I just don't see too much evil in this bill.
Yeah but it will also stop us from using FreeNet and other censorship-resistant, anonymous sharing networks. Read more here:
Please explain your position.
How would informing the P2P user about what is being shared on that user's computer prevent the user from using FreeNet and other anonymous sharing networks?
IANAL, but I don't think it applies because Freenet isn't a "a program, application, or software that is commercially marketed or distributed to the public."
Furthermore, my understanding is that Freenet stores the shared files in a single, encrypted file. Shared files are not stored within the host filesystem, correct? Then it need only notify the user that the encrypted file it uses will be shared, without necessarily notifying the user of the contents. Uploads to Freenet are accomplished with independent
Freenet stores its data in encrypted files and refers to them with hashes, right? I mean: It's just files on a filesystem, isn't it? So, all the software has to do to stay in compliance is state which of those files are being shared.
It doesn't state that it must decrypt the files. Or that the content of them must be disclosed. It would just need to report to the user the same stuff that already gets reported to Freenet at large.
Doing so is neither against this bill, nor against the spirit of Freenet, nor in any way any significant technical hurdle to overcome.
(Unless I'm very mistaken, in which case I welcome any corrections.)
Because almost every other type of unintentional sharing of files (if not all) are already covered by electronic privacy laws.
However, in the case of applications which are designed to share files, there's a legal gray area, where the author can claim that they have no obligation to have disclosed which files were being shared, and that the user consented to sharing their files by installing file sharing software.
And open a new one where the FBI (or RIAA investigators) can simply "ask" the program, "What files were shared?", get a convenient generated list, and find all the evidence they need to make your day in court miserable.
And if my computer lies? Nobody said my computer has to be programmed to tell the truth.
True, all P2P apps have to know what files they are sharing. But here's where I see bill's raison d'etre...
"being 'clear and conspicuous' about which files are being shared and getting user consent to share them"
NOW, when the RIAA sues everyone: The software maker is free and clear ("We added the consent to share box as mandated by law") And the person sharing Rocky 17 CAN'T say "I had no idea that file was being shared", which has been a defense in the past.
So (IMHO) when we talk about big lobbying groups, the RIAA would like it, and the software makers are willing to put up with the other provisions because now they are off the hook from the big P2P lawsuit.
Did someone forget to inform this senator that we (the US) no longer own the internets?
Did someone forget to inform you that p2p software generally installs on a machine in a physical location and therefore is subject to the laws and regulations in that location? Just because your machine is able to talk to machines in a different country doesn't mean your machine is somehow above the laws of the country you live in.
I think you dropped this. I included a newline too. Also, you might check on your shift key, it seems a bit sporadic. Might need to look at your keyboard in general. Good tools make for good communication.
I'd like to know why an "informed P2P users act" doesn't do anything to inform the downloader if the material is ok to download. There are literally hundreds of songs named Scatterbrain. Some are RIAA-label copyrighted, some are indie copyrighted and you have permission to share, some are GPL, and some have been put in the public domain. Of the three kinds of songs only one is illegal to share. So if I ask for "scatterbrain" and it returns five hundred instances of "scatterbrain.mp3", I should have the righ
Almost certainly groups like the RIAA and the MPAA.
Their goal is in ratchet up the personal liability of the users who use these systems. By forcing applications to be much more explicit about what's being shared, they reduce the number of cases they lose against file sharers on the grounds that they didn't know what they were sharing.
Even more interesting is the provision right up front in section 2.a.2 exempting preloaded software on new computers as long as somewhere in the 40 pages of tiny print the purchaser is told that a back-door sharing program is installed.
So preloaded sharing programs and spyware installed by Sony is ok then...
Isn't it sad that now whenever any piece of legislation is crafted we automatically assume someone "bought" it and has ulterior motives to it's existence than what the bill would have you believe.
As long as you make it clear and consice that anything and everything can be shared, and that the user agrees to this, I see no problem with programs like these operating. What it's really designed to stop is P2P applications getting installed that don't tell the user they are sharing the whole C: drive by default. As long as you tell the user exactly what is happening, and they agree to it, there is no problem.
The only "shared folder" is the folder, of user allocated size, where freenet stores its encrypted chunks. Each of those chunks is one of the shared files. All freenet would have to do is say "When you install freenet, all files in folder X will be shared with other freenet nodes, as well as any files you explicitly upload". The fact that the user does not and cannot figure out what exactly the encrypted chunks are is neit
Do sftpd and Windows File Sharing count? The bill better be carefully worded or the law of unintended consequences and vendors screaming "waitaminuteididn'tknowmyproductqualified" will be the end result.
Upon installation, disclose to the user that additional programs are included and ensure there is a way to opt out of the installation of those other programs.
even classified government documents have been found on these networks
If they're finding classified documents on the public internet, that means that they have a bigger problem like government employees disregarding security guidelines by putting them on unclassified networks.
Yea, I get the feeling that's just a sensationalist flag the media likes to wave to make the story more interesting. I think the real reason here is kids installing p2p software without the parents knowledge and the sharing the my documents folder or the whole C: drive including all the parents tax returns and other personal information.
Just because you have multiple problems, doesn't mean you have to tackle them one at a time. Several of the early file sharing apps were intentionally vague, because they figured more content == popularity so they tried to let users share as much as possible with as little effort as possible, hidden away in defaulted checkboxes or EULAs. As usual the legislation is very late though, this might have been useful around napster, kazaa and edonkey but these days most tools are a lot more serious. Not to mention
The same users that are dumb/ignorant enough to share their tax and medical records are the same ones that won't bother to read any "clear and conspicuous" warnings. They'll either not understand it or hit "OK" without reading it. You can't write laws that eliminate stupidity.
I guess the bill shows the fundamental lack of understanding of who makes these programs... But since we're making a wishlist, I think they should consider amending the bill to also:
Outlaw neighbor's kids on your lawn
Calling of mean names during recess
Impose regulations on which kids may be beat up on the bus, replacing the current "smallest kid" freemarket system.
Legalize marijuana and outlaw Light Beer.
Outlaw poverty, unhappiness, debt, bad driving and excessively loud cheering at football games.
Outlaw debt? This is the government we're talking about! Get real!
Clearly we should instead establish a federal monopoly on "owing money". Then patriotic government bonds won't have competition from the silly private sector.;P
It could be that this bill is being passed simply to remove a set of excuses people might use when caught using P2P for sharing copyrighted material - hence the name of the bill.
If the software plainly states that it will be sharing a file with other people, then you cannot say 'I didn't know I was sharing it'. Likewise, you cannot say that it installed without your knowledge nor can you say it installed but you couldn't uninstall it.
This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....
This will push the scenario that the application should be knowing which files are which, and what is considered sensitive materials, and will eventually fall upon the program and its creators to block or not block, and unintentionally also legallities associated to sharing such files. The creators are not supposed to limit what files are being shared, and definitely not be held accountable if someone uses the app for their own evil purpose, else the creator of the nuclear bomb should be imprisoned for all the
The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved.
Sure it is. Now, how about taking a closer look;
the term "peer-to-peer file sharing program" means[...] to designate files available for transmission to another computer to transmit files directly to another computer; and to request the transmission of files from another computer.
Well, that's basically "using the internet". And using the definition of "protected computer", if you can add a tcp/ip stack to your toaster, it's a protected computer. So what will it be illegal to do using anything with a microprocessor and can communicate with the outside world? Also, "authorized user" -- I suspect a lot of EULAs are going to be updated so that every company that has a piece of networkable software installed on your system is now also an authorized user. Unintended consequences are a bitch, aren't they? Your system is now legally required to be insecure and full of backdoors....prevent the reasonable efforts of an owner or authorized user from blocking the installation [of a] program or function thereof
So installing is now okay. 'Using' not available for comment. So we can still f*ck with it at the operating system level, or neuter it in memory -- messing with the code after installation or during runtime isn't covered. Oops.
to fail to provide a reasonable and effective means to disable or remove from the protected computer...[excessive legalese deleted]
Translation: Installers should come with uninstallers. We need a law for this? And without a definition of what "reasonable and effective" constitutes -- well, need I say more? Anyone try uninstalling Norton Antivirus lately? It's quicker just to nuke the drive from orbit, and it's the only way to be sure you got everything. Can I expect federal pound me in the ass prison time for all the Norton executives? No? Why -- oh, right... they're rich. But you there, little open source developer -- we know you're evil. I mean, you don't even have a brand identity!
Translation: Installers should come with uninstallers. We need a law for this?
Since installers DO need uninstallers and many software houses either don't provide an uninstaller, or provide one that doesn't work, I'd say HELL YES. The law should not protect me from myself, but it SHOULD protect me from YOU.
Anyone try uninstalling Norton Antivirus lately?
I think a lot of folks would love to see their CEO and board in jail. If a law mandating effective uninstallers were passed, you'd see an easily removable N
Apparently, this bill is actually aimed at things such as the Freenet Project [freenetproject.org].
On Freenet, you actually don't know what is stored on your own computer (and thus, what you're sharing) as everything is encrypted.
Apparently, this effectively outlaws Freenet.
Why P2P (Score:5, Insightful)
Why is this limited to P2P software?
Mod parent up (Score:2, Interesting)
Yeh, that's the important point. Why not just ban spyware, period?
Re: (Score:3, Informative)
Yeh, that's the important point. Why not just ban spyware, period?
Spyware violates electronic privacy laws that already exist.
Re: (Score:3, Interesting)
So is spyware is already "banned" by privacy laws, why do we need this separate P2P legislation? Sorry I can't help being skeptical. The Patriot Act included things nobody knew about, and discovered later after passage, and I'm wondering if this P2P bill has similar "gotchas" hidden inside of it. Like:
- "We caught you P2Ping the latest Linux distro. Per U.S. law we are required to suspend your account until you agree not to use P2P." - MSN
Re: (Score:3, Insightful)
Notice that this didn't ONLY ban spyware. It had stipulations that state that when a P2P app is installed it clearly indicates what is being shared. This will just prevent Joe Sixpack from installed AwesomeShareItAll v3.1 where it just shares out your entire hard drive without indicating it.
Personally, I just don't see too much evil in this bill.
Re: (Score:3, Insightful)
Please explain your position.
How would informing the P2P user about what is being shared on that user's computer prevent the user from using FreeNet and other anonymous sharing networks?
Re: (Score:3, Interesting)
IANAL, but I don't think it applies because Freenet isn't a "a program, application, or software that is commercially marketed or distributed to the public."
Furthermore, my understanding is that Freenet stores the shared files in a single, encrypted file. Shared files are not stored within the host filesystem, correct? Then it need only notify the user that the encrypted file it uses will be shared, without necessarily notifying the user of the contents. Uploads to Freenet are accomplished with independent
Re:Mod parent up (Score:5, Insightful)
Naah.
Freenet stores its data in encrypted files and refers to them with hashes, right? I mean: It's just files on a filesystem, isn't it? So, all the software has to do to stay in compliance is state which of those files are being shared.
It doesn't state that it must decrypt the files. Or that the content of them must be disclosed. It would just need to report to the user the same stuff that already gets reported to Freenet at large.
Doing so is neither against this bill, nor against the spirit of Freenet, nor in any way any significant technical hurdle to overcome.
(Unless I'm very mistaken, in which case I welcome any corrections.)
Parent
Mod Parent Down (Score:3, Insightful)
People should not be modded up for not reading the article.
Re:Why P2P (Score:5, Insightful)
Parent
Re:Why P2P (Score:5, Insightful)
Why is this limited to P2P software?
Because almost every other type of unintentional sharing of files (if not all) are already covered by electronic privacy laws.
However, in the case of applications which are designed to share files, there's a legal gray area, where the author can claim that they have no obligation to have disclosed which files were being shared, and that the user consented to sharing their files by installing file sharing software.
This bill would close that loophole.
Parent
Re:Why P2P (Score:4, Insightful)
And open a new one where the FBI (or RIAA investigators) can simply "ask" the program, "What files were shared?", get a convenient generated list, and find all the evidence they need to make your day in court miserable.
And if my computer lies? Nobody said my computer has to be programmed to tell the truth.
Parent
Re:Why P2P (Score:5, Insightful)
True, all P2P apps have to know what files they are sharing. But here's where I see bill's raison d'etre...
"being 'clear and conspicuous' about which files are being shared and getting user consent to share them"
NOW, when the RIAA sues everyone:
The software maker is free and clear ("We added the consent to share box as mandated by law")
And the person sharing Rocky 17 CAN'T say "I had no idea that file was being shared", which has been a defense in the past.
So (IMHO) when we talk about big lobbying groups, the RIAA would like it, and the software makers are willing to put up with the other provisions because now they are off the hook from the big P2P lawsuit.
Parent
Re:Why P2P (Score:4, Funny)
For example there's no remaining record that I downloaded Star Wars Episode 2 five years ago
There is now.
Parent
Re:Why P2P (Score:5, Insightful)
Did someone forget to inform this senator that we (the US) no longer own the internets?
Did someone forget to inform you that p2p software generally installs on a machine in a physical location and therefore is subject to the laws and regulations in that location? Just because your machine is able to talk to machines in a different country doesn't mean your machine is somehow above the laws of the country you live in.
Parent
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
W
I think you dropped this. I included a newline too. Also, you might check on your shift key, it seems a bit sporadic. Might need to look at your keyboard in general. Good tools make for good communication.
Spill the beans (Score:5, Interesting)
Re: (Score:3, Interesting)
I'd like to know why an "informed P2P users act" doesn't do anything to inform the downloader if the material is ok to download. There are literally hundreds of songs named Scatterbrain. Some are RIAA-label copyrighted, some are indie copyrighted and you have permission to share, some are GPL, and some have been put in the public domain. Of the three kinds of songs only one is illegal to share. So if I ask for "scatterbrain" and it returns five hundred instances of "scatterbrain.mp3", I should have the righ
Re:Spill the beans (Score:4, Insightful)
Ok, so who funded this bill and why?
Almost certainly groups like the RIAA and the MPAA.
Their goal is in ratchet up the personal liability of the users who use these systems. By forcing applications to be much more explicit about what's being shared, they reduce the number of cases they lose against file sharers on the grounds that they didn't know what they were sharing.
Parent
Re:Spill the beans (Score:5, Informative)
Even more interesting is the provision right up front in section 2.a.2 exempting preloaded software on new computers as long as somewhere in the 40 pages of tiny print the purchaser is told that a back-door sharing program is installed.
So preloaded sharing programs and spyware installed by Sony is ok then...
The bill is 7 pages, people. READ IT.
http://energycommerce.house.gov/Press_111/20090930/hr1319_ains.pdf [house.gov]
Parent
Re: (Score:3, Insightful)
Isn't it sad that now whenever any piece of legislation is crafted we automatically assume someone "bought" it and has ulterior motives to it's existence than what the bill would have you believe.
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
The only "shared folder" is the folder, of user allocated size, where freenet stores its encrypted chunks. Each of those chunks is one of the shared files. All freenet would have to do is say "When you install freenet, all files in folder X will be shared with other freenet nodes, as well as any files you explicitly upload". The fact that the user does not and cannot figure out what exactly the encrypted chunks are is neit
Do OS-included programs count? (Score:4, Interesting)
Do sftpd and Windows File Sharing count? The bill better be carefully worded or the law of unintended consequences and vendors screaming "waitaminuteididn'tknowmyproductqualified" will be the end result.
Unwanted software (Score:4, Insightful)
I'd like to see criminal penalties for bundling undisclosed and unwanted software with any application. See if that gets past the lobbyists.
Re: (Score:2)
How many aplication can't be considered P2P? Not many.
Re: (Score:3, Insightful)
You are an idiot.
Upon installation, disclose to the user that additional programs are included and ensure there is a way to opt out of the installation of those other programs.
In other words: the user.
Stupid old men. (Score:4, Insightful)
How do they expect to enforce this law on companies that produce software outside of the US?
Apparently they still don't understand how this internet thing works.
LK
Re: (Score:2)
How do they expect to enforce this law on companies that produce software outside of the US?
Apparently they still don't understand how this internet thing works.
LK
Yeah. The Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes.
Re: (Score:2)
Track down their IPs. We still have ICBMs.
Ummmm (Score:5, Insightful)
If they're finding classified documents on the public internet, that means that they have a bigger problem like government employees disregarding security guidelines by putting them on unclassified networks.
Re: (Score:3, Insightful)
Re: (Score:2)
Actually, most those leaks come from private contractors.
However, this bill specifically address the bigger problem you imply.
Re: (Score:3, Interesting)
Just because you have multiple problems, doesn't mean you have to tackle them one at a time. Several of the early file sharing apps were intentionally vague, because they figured more content == popularity so they tried to let users share as much as possible with as little effort as possible, hidden away in defaulted checkboxes or EULAs. As usual the legislation is very late though, this might have been useful around napster, kazaa and edonkey but these days most tools are a lot more serious. Not to mention
I'm sure it will be really effective. (Score:3, Funny)
Just like the Theft act prevents Theft.
In Other News... (Score:5, Funny)
Re: (Score:3, Funny)
Wait, what about computers I did win?
Re: (Score:3, Funny)
... the installation of viruses and worms on computers you don't pwn is now illegal.
Much better.
Waste of time (Score:3, Insightful)
The same users that are dumb/ignorant enough to share their tax and medical records are the same ones that won't bother to read any "clear and conspicuous" warnings. They'll either not understand it or hit "OK" without reading it. You can't write laws that eliminate stupidity.
Where is the "goodluckwiththat" tag? (Score:2, Interesting)
Outlaw neighbor's kids on your lawn
Calling of mean names during recess
Impose regulations on which kids may be beat up on the bus, replacing the current "smallest kid" freemarket system.
Legalize marijuana and outlaw Light Beer.
Outlaw poverty, unhappiness, debt, bad driving and excessively loud cheering at football games.
Re: (Score:2)
Outlaw debt? This is the government we're talking about! Get real!
Clearly we should instead establish a federal monopoly on "owing money". Then patriotic government bonds won't have competition from the silly private sector. ;P
*chuckle* (Score:2)
We need a law for this?
Wait a minute, it's not funny anymore.
Ulterior motive? (Score:5, Insightful)
It could be that this bill is being passed simply to remove a set of excuses people might use when caught using P2P for sharing copyrighted material - hence the name of the bill.
If the software plainly states that it will be sharing a file with other people, then you cannot say 'I didn't know I was sharing it'. Likewise, you cannot say that it installed without your knowledge nor can you say it installed but you couldn't uninstall it.
This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....
Steve.
Re: (Score:3, Informative)
This is of course, only possible if the writers of P2P software actually give two hoots about the bill.....
The author might not care. But the distributor will.
No downloads from CNET - and - quite possibly - no downloads through Sourceforge or your favorite Linux repository either.
The distributor is exposed and he is likely to have a legally and financially significant presence in the U.S.
He can be reached and he can be hurt.
First step to disaster... (Score:2)
This will push the scenario that the application should be knowing which files are which, and what is considered sensitive materials,
and will eventually fall upon the program and its creators to block or not block, and unintentionally also legallities associated to
sharing such files.
The creators are not supposed to limit what files are being shared, and definitely not be held accountable if someone uses the app for their own evil purpose, else the creator of the nuclear bomb should be imprisoned for all the
Liar, Liar. (Score:4, Insightful)
The purpose of H.R. 1319 is to reduce inadvertent disclosures of sensitive information by making the users of this software more aware of the risks involved.
Sure it is. Now, how about taking a closer look;
the term "peer-to-peer file sharing program" means[...]
to designate files available for transmission to another computer
to transmit files directly to another computer; and
to request the transmission of files from another computer.
Well, that's basically "using the internet". And using the definition of "protected computer", if you can add a tcp/ip stack to your toaster, it's a protected computer. So what will it be illegal to do using anything with a microprocessor and can communicate with the outside world? Also, "authorized user" -- I suspect a lot of EULAs are going to be updated so that every company that has a piece of networkable software installed on your system is now also an authorized user. Unintended consequences are a bitch, aren't they? Your system is now legally required to be insecure and full of backdoors. ...prevent the reasonable efforts of an owner or authorized user from blocking the installation [of a] program or function thereof
So installing is now okay. 'Using' not available for comment. So we can still f*ck with it at the operating system level, or neuter it in memory -- messing with the code after installation or during runtime isn't covered. Oops.
to fail to provide a reasonable and effective means to disable or remove from the protected computer...[excessive legalese deleted]
Translation: Installers should come with uninstallers. We need a law for this? And without a definition of what "reasonable and effective" constitutes -- well, need I say more? Anyone try uninstalling Norton Antivirus lately? It's quicker just to nuke the drive from orbit, and it's the only way to be sure you got everything. Can I expect federal pound me in the ass prison time for all the Norton executives? No? Why -- oh, right... they're rich. But you there, little open source developer -- we know you're evil. I mean, you don't even have a brand identity!
Yeah... this ends well.
Re: (Score:3, Interesting)
Translation: Installers should come with uninstallers. We need a law for this?
Since installers DO need uninstallers and many software houses either don't provide an uninstaller, or provide one that doesn't work, I'd say HELL YES. The law should not protect me from myself, but it SHOULD protect me from YOU.
Anyone try uninstalling Norton Antivirus lately?
I think a lot of folks would love to see their CEO and board in jail. If a law mandating effective uninstallers were passed, you'd see an easily removable N
Relevant Quote (Score:5, Insightful)
"Anyone who says that the solution is to educate the users hasn't ever met an actual user."
-- Bruce Schneier
Aimed at Freenet? (Score:5, Interesting)
On Freenet, you actually don't know what is stored on your own computer (and thus, what you're sharing) as everything is encrypted.
Apparently, this effectively outlaws Freenet.