Extra Feeds & Services »

Home / Blogs

Congress and Peer-to-Peer Filesharing

  • Nov 20, 2009 6:37 AM PST
  • Comments: 0
  • Views: 1,443
Print Comment
By Steven Bellovin
Steven Bellovin

Some members of Congress have gotten extremely upset about peer-to-peer filesharing. Even the New York Times has editorialized about the issue. The problem of files leaking out is a real one, but the bills are misguided.

Fundamentally, the real issue is that files are being shared without the user intending that result. This is not a weakness unique to peer-to-peer software; more or less any mechanism for publishing files can do that. The real problem is that the targeted software—whatever it is; the news stories full of outrage haven't identified which package or packages are implicated—is bad software, either because they share files the user hadn't intended or because they make it too hard for the user to understand what will happen. Given the sub rosa nature of much peer-to-peer software, perhaps this is not surprising; developing good software is remarkably difficult. Perhaps Congress should instead decriminalize sharing of music and video…

I digress. The real issue I'm addressing is bad legislation. Quite apart from my general concerns, the bills are just poorly drafted.

The first bill, H.R. 1319, is in many ways more reasonable: it mandates notice to the user of what is happening, and bars software that is difficult to remove. However, it stumbles badly when trying to define peer-to-peer software:

the term `peer-to-peer file sharing program' means computer software that allows the computer on which such software is installed--

(A) to designate files available for transmission to another computer;

(B) to transmit files directly to another computer; and

(C) to request the transmission of files from another computer.

As best I can tell, any web browser is covered by that definition.

The newer bill, H.R. 4098, does a much better job on a workable definition, though it's fun to try to twist it into knots, too. I particularly like the way software "designed primarily to operate as a server that is accessible over the Internet using the Internet Domain Name system" is not covered; who would have thought that the DNS had such mystical shielding properties?

The problem with H.R. 4098 is that it bans the wrong thing. Yes, NASA's use of BitTorrent would be permitted because it is "instrumental in completing a particular task or project that directly supports the agency's overall mission", but NASA employees probably wouldn't be allowed to download such files on their home computers because the bill seeks to block "the download, installation, or use by Government employees and contractors of such software on home or personal computers as it relates to telework and remotely accessing Federal computers, computer systems, and networks". In other words, you can either view such files or you can save the government money by using your own computer to work from home.

I should add a personal disclaimer: I, like most professors in the sciences and engineering, receive substantial government grants and contracts; that technically makes me a government contractor, as best I can tell. Am I covered? My students who receive stipends from such grants?

For those who are wondering if this bill is really just another ploy by a paid shill for the content industry, campaign finance records do not seem to support the notion. According to OpenSecrets.org, while Rep. Towns (the introducer) did indeed receive considerable campaign funding from from PACs associated with content owners, he has also received a lot of money from PACs associated with companies like Verizon that have not been particularly sympathetic to the content industry's demands. I do not think that that claim is supported by the data.

Overall, what we have here is too much firepower being aimed in the wrong direction. If the incidents are taking place from home computers, the solution is to provide government employees with the government-owned equipment—and government-provided software, support, and system administration—to let them do their jobs properly. Using poorly managed or maintained machines carries many more security risks than just peer-to-peer software; I could make a very good case that such software is the least of the security problems. If the incidents have taken place on office computers, the issue is really a management problem: employees are making more than the normal and acceptable de minimus personal use of their employer's equipment. There is also likely a problem with the quality of systems administration in such organizations. Again, those issues pose many more risks. These are real problems; focusing on peer-to-peer software won't address them.

Written by Steven Bellovin, Professor of Computer Science at Columbia University. Visit the blog maintained by Steven Bellovin here.

Related topics: DNS, P2P, Policy & Regulation

Get a weekly summary of postings to CircleID:

 Master Feed (more feeds)      Twitter      Mobile
Bookmark / Email This Post
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

VIPR: New Developments in the VoIP Market

  • Feb 03, 2010
  • Comments: 1

Driver's License for Web Users… Bad Idea

  • Feb 03, 2010
  • Comments: 1

Domain Name Security Gains Prominence in German-Speaking World

  • Feb 02, 2010
  • Comments: 0

Domain Name Registry and Registrar Separation Now Probably Going to Be a Policy Debate

  • Feb 02, 2010
  • Comments: 0

DNSSEC: Will Microsoft Have Enough Time?

  • Jan 29, 2010
  • Comments: 0
View More

Related News

The US House Passes Cybersecurity Bill

  • Feb 04, 2010
  • Comments: 0

Obama Reinforces Belief in Net Neutrality

  • Feb 02, 2010
  • Comments: 1

ACTA Moving Forward in "Secrecy"

  • Jan 29, 2010
  • Comments: 0

AFNIC Invites Network Managers to Prepare for the Signing of the DNS Root in May 2010

  • Jan 28, 2010
  • Comments: 0

DNS, Content Providers Including Google and Neustar Propose Extending DNS Protocol

  • Jan 28, 2010
  • Comments: 1
View More

Other Topics

Access Providers Broadband Censorship Cloud Computing Cyberattack Cybercrime Cybersquatting Data Center DNS DNSSEC Domain Names Domain Registries Email Enum ICANN Internet Governance Internet Protocol IP Addressing IPTV IPv6 Law Malware Mobile Multilinguism Net Neutrality P2P Policy & Regulation Privacy Regional Registries Security Spam Telecom Top-Level Domains VoIP Web White Space Whois Wireless
View More



Industry Updates – Sponsored Posts

ICANN and Cybersecurity: Hot Topics at The First Ever .ORG Forum

  • By PIR
  • Views: 483

Neustar Releases UltraDNS Report Center

Neustar Launches Initiative to Enhance DNS With Faster, More Secure Updates

Nominum Announces "DNSSEC Made Easy" Solutions

.ORG Highlighted for Success in Fighting Phishing

  • By PIR
  • Views: 1,777

Afilias' Matt Pounsett Elected Director-at-Large for DNS-OARC

eComm 2009: Discussions on Restructuring Global Telecoms

.ORG Wins WebAward for Website Redesign and Selected as a Finalist for the NonProfit PR Awards

  • By PIR
  • Views: 1,649

Vertical Integration: A View from the Bottom Up

  • By PIR
  • Views: 1,965

NeuStar Expands UltraDNS Network Infrastructure in Europe

Nominum CEO: Commercial vs. Open Source - Let Customers Choose

Ben Scott and Free Press in the Network Age

Supernova Interview: David Isenberg

Jon Peha, Chief Technologist, FCC, on the National Broadband Plan

Nominum Broadens Intelligent DNS Impact With SKYE Cloud Services

Afilias Managed DNS Services Adds SiteCertain to Keep Watch on Your Web Site

Registry/Registrar Vertical Integration: The Registrant Pays the Check

  • By PIR
  • Views: 2,940

DNSstuff.com Launches Industry's First Mail Server Test Center

Afilias Seeks New TLD Partners

Growing Global Adoption of Nominum's Intelligent DNS Spells Obsolescence for Legacy DNS Systems

View More