News Stay informed about the latest enterprise technology news and product updates.

P2P file-sharing software notification bill passes in U.S. House

The U.S. House passed H.R.1319, which requires P2P file-sharing software makers to provide notice and obtain user consent upon installation and activation.

The U.S. House passed H.R. 1319 on Tuesday, a bill that targets peer-to-peer (P2P) file-sharing software. Sponsored by Congresswoman Mary Bono Mack (R-Calif.), the Informed P2P User Act is meant to "prevent the inadvertent disclosure of information on a computer through the use of certain 'peer-to-peer' file sharing software without first providing notice and obtaining consent from the owner or authorized user of the computer."

The passage of the bill comes in the wake of the introduction of an act to reduce P2P file-sharing security risks by U.S. Rep. Edolphus Towns (D-N.Y.).

P2P file-sharing security has been at issue in several high-profile data breaches this year, including the leak of Supreme Court Justice Stephen Breyer's personal financial information. As senior news writer Linda Tucci reported last month, P2P file sharing also exposed secret congressional investigations at the House Ethics Committee. Earlier this year, Boston University reported a data breach of ROTC information that came through a P2P file-sharing software application.

"Too many consumers don't realize that by using P2P software, they could be exposing all of their personal files -- from family photos to bank account information -- to complete strangers on their network," said Congresswoman Mack. "Industry has failed to effectively respond in a way that will keep Americans safe online. This legislation takes a common sense -- and needed -- approach that will ensure that users are aware of what personal files are at risk when they use P2P file-sharing programs."

Unintentional data sharing is already covered by numerous electronic privacy laws, like the Electronic Communications Privacy Act. Peer-to-peer privacy for users of file-sharing applications has been a legal gray area up to this point. Manufacturers of file-sharing software could argue that they were under no obligation to disclose which files were shared or that consent had been given by the owner of the PC upon installation.

If signed into law, the Informed P2P User Act would make it illegal for anyone who isn't the owner of a computer or authorized by said owner to share files without authorization. Specifically, H.R. 1319 requires "conspicuous notice" before the installation of P2P software that the application will make local files searchable and, before activation, which files will be made available. Software modifications or upgrades are excluded from these notice and consent requirements.

Violations of the Informed P2P User Act would be treated as a violation of the rule defining unfair or deceptive practices under the Federal Trade Commission Act. The law includes provisions that prohibit construing this act to supersede or limit any other federal or state law.

The Informed P2P User Act defines "protected computer" in a way that includes a computer used by a financial institution, by the federal government or by someone involved in or in a way that affects interstate, foreign commerce or communication. As the law stands, such a broad definition could extend its P2P privacy constraints well beyond government or financial offices. Further, H.R. 1319's definition for a protected computer extends to machines located outside of the United States if it is used in a way that affects U.S. interstate or foreign commerce.

Representative Cliff Stearns (R-Fla.), voiced strong criticism of software distributors. "As a believer in the power of the free market, I'm willing to afford commercial interest the opportunity to simply self-regulate," he said. "However, the distributors of file-sharing software have proven they are either unable or unwilling to handle their affairs without intervention. This bill is a logical consequence."

As with every law passed by the House of Representatives, H.R. 1319 will now have to be voted upon in the U.S. Senate. Unlike the Federal data breach notification law that also passed the House yesterday, there aren't multiple bills in the Senate that have bipartisan support.

In its current form, H.R. 1319 has the potential to impact providers of P2P technology (like Skype) and their customers, regardless of the relevance of these applications to file sharing. In the most generic sense, a P2P network is simply a communications model that has proven useful for exchanging large files online.

"No doubt part of the bill aims to discourage the use of file-sharing techniques that may infringe on copyrights as well as make users vulnerable to certain types of inadvertent file sharing," said Marc Rothenberg, executive director of the Electronic Privacy Information Center, in his testimony to Congress. "There is some risk that the bill would also discourage the use of file-sharing techniques that do not raise such concerns. More generally, it appears to be posting a warning sign on a very wide variety of applications that most likely have little to do with the sponsor's concern."

Let us know what you think about the story; email

Dig Deeper on Industry-specific requirements for compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.