In response to some incidents in which peer-to-peer (P2P) file sharing caused sensitive information to show up on computers that it shouldn't be on, Congress reasonably decided to hold hearings in anticipation of actions it might take that would prevent future compromises. Unfortunately, one of the actions that Congress has taken is to consider passage of the most useless law imaginable.
One positive result of the hearings was the call by the chairman of the House Oversight and Government Reform Committee for a ban on the use P2P software on all government and contractor computers and networks. That would be useful, and enforceable, legislation. But apparently Rep. Mary Bono Mack wanted to show voters that she is protecting their interests as well. She demonstrated this concern by introducing the laughably pointless Informed P2P User Act (HR 1319) .
At first glance, the law seems logical. It requires vendors of P2P software to clearly explain to users whether and how their files will be shared, to clearly inform them about which files are being made available for searching and sharing, and to give users the opportunity to explicitly agree to any file sharing.
But how will this play out in reality? Vendors will incorporate new language to satisfy most of the law in the boilerplate of their user agreements. I don't think I'm making a controversial statement if I say that the vast majority of users do not bother to read software licensing terms before clicking "I agree" and getting on with the installation. I assume that readers of this column are more computer savvy than the general population, but how often do you thoroughly review terms of service and default settings on new software settings?
OK, so the general principles of file sharing are likely to be glossed over by most users. But they still will have the opportunity to confirm which of their files they will allow to be shared. Once again, though, things look different when theory meets reality. Very few users are likely to go through all of their files and specify which ones they want shared. They are more likely to just agree to "All" when presented with an option.
But aren't I being too harsh? Wouldn't this law give users the chance to say whether their files will be shared at all, and isn't that something worth legislating? Well, yes, it would do that. But there is no need for it. A lot of people who install P2P software do so in order to get data from other people and have no interest in making their own data available. They are able to do this now, without Mack Bono's law, because every P2P software package I have ever seen makes it abundantly clear how to do this.
In short, there is nothing in the law that actually makes P2P file sharing more secure. If anything, it would expose people to more liability because they would be agreeing to terms that acknowledge the sharing of files. For example, if music files are unknowingly in the shared directories, the MPAA can now claim that the sharing was purposeful. If there was any intellectual property or secret data in the directories, any thefts of the data from any source will no longer be crimes, because the data is available to the general public. Likewise, people and companies can sue each other for intentional breaches, because they theoretically acknowledged the sharing of the data.
Two ongoing cases demonstrate that people don't review terms of service and similar information, even when it really matters. In one case, software designed to protect children by monitoring their online activity actually collects data that is then sold to marketers. The Sentry and FamilySafe software sold by EchoMatrix Inc. feed data into the company's data mining service . While EchoMatrix hides the data collection to a certain extent, parents who research the tool adequately can uncover it.
Similarly, McAfee and Symantec embed very troubling automatic renewal terms into their terms of service when you purchase or renew the software online . Although the state of New York has fined the companies for unfair business practices, the terms still exist and people continue to be ignorant of them, simply because they choose not to read terms of service.
Given a record that suggests that users do not pay attention to the information available in licensing agreements, why does Bono Mack believe that her proposed law would improve the security of P2P file sharing?
This law will probably be passed. Passage is likely to make members of Congress feel that they demonstrated that they understand the Internet and are helping to protect it. The reality is that they have once again shown their ignorance and wasted a great deal of time and effort. In the greatest irony, Bono Mack is not only not protecting the average citizen, but also solidifying their legal liability for any loss.
This story, "Opinion: P2P law would do nothing but make Congress feel good" was originally published by Computerworld.