US Lawmakers Set Sights On P2P Programs 180
After the FTC sent letters to 100 organizations warning them that their data is being leaked on P2P networks — and now has requested detailed operational data from at least a subset of those organizations — it was pretty likely that anti-P2P legislation would get proposed. Two senators have introduced the P2P Cyber Protection and Informed User Act, which "...would prohibit peer-to-peer file-sharing programs from being installed without the informed consent of the authorized computer user. The legislation would also prohibit P2P software that would prevent the authorized user from blocking the installation of a P2P file-sharing program and/or disabling or removing any P2P file-sharing program. Software developers would be required to clearly inform users when their files are made available to other peer-to-peer users under legislation introduced Feb. 24 by Sens. Amy Klobuchar, D-Minn., and John Thune, R-S.D."
Actually anti-spam/botnet? (Score:5, Insightful)
Most well-known P2P software is deliberately installed. And users are told where their shared files will be.
So how would P2P software be installed without consent? Perhaps spambots and other nefarious malware?
That makes this less "P2P-related" and more anti-spam. And that's a good thing, I think.
Re:Either I'm retarded (given) or this makes no se (Score:4, Insightful)
Legislate a technical solution. (Score:4, Insightful)
Because it's worked so well in the past, when some idiot is breaking the rules to install some sort of software that they're already not allowed to install...
What's next, are we going to legislate against games being installed on workplace computers?
Re:Either I'm retarded (given) or this makes no se (Score:5, Insightful)
Re:Either I'm retarded (given) or this makes no se (Score:5, Insightful)
Why limit it to P2P programs? (Score:5, Insightful)
As far as I'm concerned they should extend it further. It seems like a
good set of principles, why limit it to programs that communicate across
a network?
It should be prohibited to install ANY program on a computer without the
informed consent of the user. And programs that remove other programs,
or block the operation of other programs, without the user being informed,
should also be illegal.
Of course, this would cover some of the DRM techniques that block
disk image emulation, and probably a few other DRM techniques.
And yes, any program that serves your files up to the internet shouldn't
do it without your consent. Until recently, that would have included
Windows file sharing....
Re:Legislate a technical solution. (Score:3, Insightful)
I would wager money that the majority of those organizations have rules against installing unauthorized programs on their computers, specifically P2P software in many cases.
Those rules.
Re:Why limit it to P2P programs? (Score:3, Insightful)
It should be prohibited to install ANY program on a computer without the informed consent of the user.
But how many times should the user be required to give consent for a software distribution that comprises dozens or thousands of packages? Operating system distributions like Ubuntu and Fedora come to mind.
Re:Either I'm retarded (given) or this makes no se (Score:5, Insightful)
That's how I read this too. However, the devil is in the details, which we don't have.
Given that a: usually a bill is introduced with opposite meaning to the statement of the bill if it's done by a bad politician and that b: it could be about the above but introduce some other issues, I'll hold my breath. I also can't find this act anywhere, other than it being mentioned as "to be introduced".
This is a type of bill that could easily be subverted by bad interests depending on who influences it.
How is this bad? (Score:3, Insightful)
Re:Either I'm retarded (given) or this makes no se (Score:5, Insightful)
I had to read it a couple times too. They're basically trying to prevent "hidden" p2p software.
Exactly, or drive by installed P2P software that shares your entire disk just because you wanted a torrent of the latest OpenSUSE distro.
While this in itself would be commendable, these things end up being a gloss of what really gets implemented in regulation. What starts out looking like protection for the consumer is really a ploy to remove plausible deniablity as a defense.
Further, such a bill would do nothing when Little Billy, who is an authorized user of Mom's machine, gives away the family tax returns while trying to get the next level of Wonder Rabbit to download by clicking thru that popup warning.
There are already laws prohibiting unauthorized used of a computer, and the government already knows exactly who the bot masters and spam masters are, yet they walk around untouched while the "real criminals" are sued into poverty for sharing a song. Do we really need more unenforceable laws prohibiting what is already prohibited?
Re:Actually anti-spam/botnet? (Score:5, Insightful)
I don't know. I'm hugely suspicious of this, for two reasons: Congress has a nasty habit of not understanding the technological ramifications of their legislation. And when they do make legislation where they understand the ramifications, it's generally for the purpose of making sure that corporations don't have their business models cut out from underneath them.
While on the face of it, the bill seems alright (don't hide what your program does), I don't understand why it's specifically targeting P2P programs. Wouldn't it make sense to have the bill simply say "software should never be installed without the users consent" and "software should not be misleading in their activities"? What bothers me is the insistence from the two politicians that P2P programs somehow present an inherent privacy and security risk. I'm putting on my tinfoil hat here for a second, but I'm guessing that this has to be read in the larger context that P2P software is bad in general, and should be tightly regulated.
I don't like where this is going. As the bill reads, it won't solve any problem that currently exists, and assumes something dangerous: that a specific type of software is somehow worse than others. I'm expecting that these two politicians will soon propose bills that restrict peer-to-peer connectivity in general (goodbye net neutrality) and legislate what software can and cannot do (goodbye software startups written by a single person).
Re:the guv'mint (Score:3, Insightful)
good luck getting doctors, engineers, or something similar to drop their well payed jobs and go into politics.
Re:Either I'm retarded (given) or this makes no se (Score:5, Insightful)
But why have a law restricted to p2p software? Wouldn't it make more sense to prohibit this sort of hidden installation of any software?
Re:Either I'm retarded (given) or this makes no se (Score:3, Insightful)
Seems to me like this just does two things:
The first seems like common sense for all software, not just P2P (if it already existed, this provision would be redundant). If the law also clearly defined the difference between an "update" and "new software," it might prevent Microsoft from pushing out WGA as an automatic update. It could also provide legal provision against a specific hacker activity, installing malware, rather than the blanket DMCA provision against unauthorized computer access (which could be playful and/or harmless, whereas silently installing software almost never is).
As for the second one, I once installed Shareaza, and found eventually that it had downloaded a lot of high profile pirated software, presumably to share on the network and increase download speeds for other users. The program itself showed no indication of where these files came from, or how to remove them or stop sharing them. In the process, it implicated my as a copyright infringer without my intent, or even any benefit from the usage of the pirated software. Obviously there are more problems with technically illiterate people, but even a technical person could be bamboozled by the right program into sharing sensitive documents or participating in illegal activities. Again, these are actions most used by nefarious hackers.
So, it's a law that should, in effect, provide real, useful provisions against hackers. It is not banning P2P as a technology, nor is it even targeting the sharing of copyrighted materials AFAIK.
The devil is in the details (Score:1, Insightful)
First, has anyone actually read the language in the proposal? Do you think that the actual legislation is going to fit so nicely into the way its being described or do you realize that other law makers are going to add their own language and objectives when the law is passed? In the language of government what constitutes a P2P file sharing application?
If I'm a researcher, student or small, open source or independent developer that creates a new P2P "file sharing" protocol or prototype does that mean unless I specifically include notification or a feature the government feels complies with their regulations, that I become a criminal?
I guess my main concern is that the more we go forward with these "protection laws" the more, we as developers are becoming limited and I worry going forward am I going to need a background in law to write code?
The RIAA is clapping for a reason friends.
User accountability (Score:2, Insightful)
Re:How is this bad? (Score:3, Insightful)
How are these bad?
Because the government has no business getting between me and my computer
How are they getting between you and your computer? You can still install P2P programs, just those programs will have to tell you that they are P2P (not a problem for a program that only does P2P, but some other programs use P2P for updates that users might not understand) and tell you what they are sharing.
Re:Why limit it to P2P programs? (Score:3, Insightful)
Since the user is installing the software, isn't that consent?
The user of the computer is not necessarily the OWNER of the computer. The computer on my desk at work belongs to my employer, and he has every right to forbid me from installing P2P, or any other software he doesn't want on it.
And should my next door neighbor be able to visit me at my house and say "can I use your PC for a minute" and install Kazaa or Windows on it without my permission?
Re:This is so stupid my eye is twitching. (Score:3, Insightful)
In this case there was a lazy/stupid government employee who leaked information via p2p by sharing his entire drive, so lawmakers respond with a broad law that will result in millions of dollars being spent and the course of history being changed rather than let the one employee be fired (along with any supervisors and IT workers who didn't enforce computer security policies). I'm sure the idea of making all p2p software illegal was brought up, but they probably ran into difficulties coming up with a legal definition that didn't outlaw internet browsers too. Between child porn and terrorist communication it's only a matter of time before they ban it anyway.