Curtailing Unintended File Sharing May Take an Act of Congress

Gone are those innocent days at the turn of the century when the worst accusations being leveled at peer-to-peer (P2P) file-sharing networks were that they facilitated the unauthorized swapping of Metallica songs among tech-savvy teenage boys. The interminable hullabaloo over Napster seemed like ancient history in early May when the House Subcommittee on Commerce, Trade, and Consumer Protection convened a hearing to discuss the Informed P2P User Act (H.R. 1319), which was crafted in the wake of the discovery of documents on P2P networks that raise strong privacy and even national security concerns.

The act, written and sponsored by Rep. Mary Bono Mack, R-Calif., aims to “prevent the inadvertent disclosure of information on a computer … without first providing notice and obtaining consent from the owner or authorized user of the computer.” Congress seemed particularly alarmed by the discovery of a set of blueprints for President Obama’s official helicopter, Marine One, that were found on a P2P network and an investigation by the Today show that uncovered thousands of tax returns, student loan applications, and credit reports that had inadvertently found their way online.

Subcommittee Chairman Rep. Bobby Rush, D-Ill., spoke out about such privacy and security concerns at the hearing on May 5. “Too often,” he said, “when consumers download [P2P] programs onto their computers with the intent of sharing and downloading certain files on the network, they are unaware that they are also sharing other files they otherwise want to keep private.”

Bono Mack added that self-regulation of P2P software was no longer a credible solution. “Any set of voluntary best practices put forth by the P2P industry can no longer be seen as credible,” she said. “To paraphrase Groucho Marx, he said, ‘You want me to believe you and your voluntary measures instead of my own two eyes?’”

Bono Mack may have been aiming her remarks in large part at Lime Wire, LLC, one of the primary targets of the legislation. In a written response, company chairman Mark Gorton attempted to assure the House panel that its updated software, LimeWire 5, “does not share any file of any type without explicit permission from the user.” Still, the subcommittee seemed undeterred in forging ahead with the bill.

One major front of opposition to the Informed P2P User Act has come from a coalition of technology industry groups who say I the act, as written, might go too far. In a letter addressed to Bono Mack, four trade groups—the Computer & Communications Industry Association, TechAmerica, NetCoalition, and the Internet Commerce Coalition—asserted that the bill “would broadly apply to many different applications and Web sites that appear to be beyond the intended scope of the bill.”

The coalition contends that the bill’s definition of “peer-to-peer file sharing program” could be interpreted to apply to email providers, internet access servers, instant messaging applications, social networking sites, cloud computing services, space shifting technologies, and web browsers. The authors of the letter are concerned that the legislation will cause undue burden on both the designers and the users of these technologies, since “the vast majority of applications that utilize distributed computers to deliver or assist in the delivery of content do not contain the kind of recursive file-sharing features that the legislation seems intended to address.”

David Sohn, senior policy counsel for the Center for Democracy and Technology, concurs that the definition of P2P technology in the bill is broad and may have unintended consequences. “If this legislation is applied to certain technologies, users may be faced with a constant stream of dialog boxes for consent to release information that doesn’t seem to need it,” he says. “And parts of the legislation could require users to read disclosure statements at the time of installation of their operating system—but, of course, most peoples’ computers come with the operating systems already installed.”

Sohn says the broadness of the language may also have a chilling effect on the development of software: “Developers, especially the small companies and individuals out there, may not know how to comply with these complicated regulations, and won’t have the means to hire legal counsel to figure it out.”

The bill is currently under review by the House subcommittee, which could address the concerns of the technology industry coalition and its allies in a revision to the bill this summer.