P2P bill could regulate Web browsers, FTP clients

Legislation in the U.S. House of Representatives to regulate peer-to-peer networks goes a bit further than its sponsors may have intended.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
3 min read

news analysis The U.S. House of Representatives has scheduled a hearing Tuesday to examine a bill that would force peer-to-peer applications to provide specific notice to consumers that their files might be shared.

The hearing before a House Energy subcommittee comes about a month after reports that specifications about the helicopter used as Marine One may have been leaked through a P2P network. Meanwhile, a second House committee is probing whether LimeWire or another P2P application was responsible.

Tuesday's hearing is expected to focus on a bill introduced in March by Rep. Mary Bono Mack, a California Republican. The catch: while it appears intended to target only P2P applications, the measure sweeps in Web browsers, FTP applications, instant messaging utilities, and other common programs too.

Bono's Informed P2P User Act says that it will be "unlawful" for P2P software to cause files to be made available unless two rules are followed. First, the utility's installation process must provide "clear and conspicuous notice" of its features and obtain the user's "informed consent." Second, the program must step through that notice-and-consent process every time it runs.

Her bill defines P2P applications as software that lets files be marked for transfer, transferred, and received. (The exact wording: "to designate files available for transmission to another computer; to transmit files directly to another computer; and to request the transmission of files from another computer.")

Every copy of Windows, GNU/Linux, and Mac OS X sold in recent memory includes a command-line FTP client fitting that definition but lacking the proposed warning. Does that mean that Microsoft, the Free Software Foundation, and Apple could be fined for "unlawful" activities? If the definition stretches to include the rsync utility and open-source software too, will volunteer maintainers and foreign citizens have to comply?

Another example: Web browsers could also be regulated and subject to Federal Trade Commission enforcement action unless "informed consent" is obtained each time the desktop icon is double-clicked. (Every Web browser allows the user to "designate" files to be uploaded--ever post a photo?--and request that files be downloaded.)

It's true that forcing compliance--at least for those programmers who are paying attention to legislative proclamations from the U.S. Congress--shouldn't be too difficult. A few warning messages and click-here-to-continue dialog boxes would suffice.

Still, the argument that a particular piece of proposed legislation could be worse is no argument at all. What the bill's drafters may not appreciate is that the Internet is, by definition, a peer-to-peer network. Restricting its P2Pishness, for lack of a better term, is difficult to do with restricting Internet access completely.

The point here is not that LimeWire and its rivals are without risk; misconfiguration probably would expose sensitive files to the public.

It's more that software is uniquely malleable, difficult to define, and better overseen by West Coast coders voluntarily adding warning messages than East Coast lawyers making it illegal not to do so.

The U.S. Supreme Court failed to reach a consensus about regulating obscenity a generation ago; do we really think that computer code today won't be equally slippery?