House Commerce Committee Approves Informed P2P User Act

September 30, 2009. The House Commerce Committee (HCC) amended and approved HR 1319 [LOC | WW], the "Informed P2P User Act" by voice vote.

The HCC approved an amendment in the nature of a substitute [7 pages in PDF] that replaces the bill as introduced. For a summary of the bill as introduced by Rep. Mary Bono (R-CA) on March 5, 2009, see story titled "House Commerce Committee to Mark Up Informed P2P User Act" in TLJ Daily E-Mail Alert No. 1,992, September 29, 2009.

Rep. Mary BonoRep. Bono (at right) stated "Too many people aren't aware of the risks associated with using popular peer-to-peer file-sharing programs ... When users login to these P2P programs, they could be inadvertently sharing ALL of their personal information with everyone else on the network, including tax returns, financial records, personal messages and family photos. The problem of inadvertent file-sharing has gone on for too long and has already compromised millions of personal files, in addition to our national security." See, release.

Rep. Henry Waxman (D-CA), the Chairman of the full Committee, wrote in his opening statement that "We are all too familiar with the danger of inadvertent sharing of sensitive information through the use, or misuse, of certain file sharing programs. Tax returns, medical files, and even classified government documents have been found on these networks.

Rep. Joe Barton (R-TX), the ranking Republican on the HCC, wrote in his opening statement that "Despite some effort by some in the industry, there has been no consensus solution developed to address the problem. H.R 1319 establishes a clear notice-and-consent regime."

The amendment in the nature of a substitute makes significant changes. The bill as introduced covered anyone who causes or induces, not just the maker of the software. The amended version applies only to a "covered entity", which means "a commercial entity that develops a covered file-sharing program" and a "commercial entity that disseminates or distributes a covered file-sharing program and is owned or operated by the commercial entity that developed the covered file-sharing program".

Also, the bill as introduced contained an overbroad definition of "peer-to-peer file sharing program" that would have encompassed more programs than those that have resulted in inadvertent file sharing that harms the user's privacy or security. The amended version tightens the definition, and enumerates several types of programs that are excluded.

The bill as amended first mandates a notice and consent regime. This includes both notice to users that their files can be copied, and notice of which copies can be copied. It provides as follows:

"It is unlawful for any covered entity to install on a protected computer or offer or make available for installation or download on a protected computer a covered file-sharing program unless such program--
   (A) immediately prior to the installation or downloading of such program -- (i) provides clear and conspicuous notice that such program allows files on the protected computer to be made available for searching and copying to one or more other computers; and (ii) obtains the informed consent to the installation of such program from an owner or authorized user of the protected computer; and
   (B) immediately prior to initial activation of a file-sharing function of such program -- (i) provides clear and conspicuous notice of which files on the protected computer are to be made available for searching and copying to another computer; and (ii) obtains the informed consent from an owner or authorized user of the protected computer for such files to be made available for searching and copying to another computer."

The amendment also adds a provision regarding pre-installed software. The above quoted requirement does not apply to the "installation of a covered file-sharing program on a computer prior to the first sale of such computer to an end user, provided that notice is provided to the end user who first purchases the computer that such a program has been installed on the computer."

Next, the bill as amended prohibits the blocking of peer to peer software installation, as well as failing to provide users an effective means to uninstall its peer to peer software. It provides as follows:

"It is unlawful for any covered entity--
   (1) to prevent the reasonable efforts of an owner or authorized user of a protected computer from blocking the installation of a covered file-sharing program or file-sharing function thereof; or
   (2) to prevent an owner or authorized user of a protected computer from having a reasonable means to either -- (A) disable from the protected computer any covered file-sharing program; or (B) remove from the protected computer any covered file-sharing program that the covered entity caused to be installed on that computer or induced another individual to install."