We’ve noted here before (link link link) the significant threats to privacy posed by some commercial P2P software providers who enable massive copyright infringement. Today a U.S. House subcommittee held a hearing on two data privacy bills, one of which seeks better disclosure of file-sharing risks on P2P networks, a bill I mentioned at a Distributed Computing Industry Association (DCIA) conference at the Consumer Electronics Show earlier this year.

The House Commerce Subcommittee on Commerce, Trade and Consumer Protection is considering HR-1319, the Informed P2P User Act, a bill by subcommittee member Mary Bono Mack (R-CA) and 35 bipartisan cosponsors. (Click here for a video archive of today’s hearing and links to all witness testimony.)

I’m the first to express hesitation about new regulation, particularly when technology is involved. As Business Software Alliance Pres.-CEO Robert Holleyman testified today, it’s critical that government allow technological innovation to proceed. But it’s also true that Congress for nearly a decade now, in numerous committees, has been raising concerns about identity theft, vulnerability of medical records, and other risks related to file-sharing software, with little apparent reduction in risk.

Subcommittee Chairman Bobby Rush (D-IL) noted how long Congress has been dealing with this, suggesting some frustration at the failure of the P2P industry’s failure at self-regulation. The problem with self-regulation? All of the legitimate work by legitimate actors in the P2P space has been tarnished by a few bad apples whose shared business model is reliant on as many files being shared by users as possible.

At its core, HR-1319 calls on the Federal Trade Commission to regulate P2P providers to ensure they aggressively inform users of risks and make it easy for them to limit or forbid sharing of their files. There is a long history of P2P providers who profit from infringement of copyrighted works trying lots of tricks to have consumers — often inadvertently — sharing more rather than less. That often includes tax returns, medical records, personal photos, and other sensitive files from businesses when an employee uses a P2P program on a company-owned computer for personal infringing use.

The Progress & Freedom Foundation’s Tom Sydnor co-authored two compelling studies on these tricks, one while at the U.S. Patent & Trademark Office and the other at PFF. His testimony today showed how self-regulation is clearly not working, and how at least one bad actor continues to be deceptive.

That bad actor’s trade association representative in Washington, Marty Lafferty, also testified today. Marty and his team at DCIA have kindly had me speak at some of their conferences, as alluded to above. They seem well-intentioned, and have lots of interesting and dynamic members. But in watching the hearing today, it seems DCIA has been put in an awkward place, at least as far as how it is to be perceived here in Washington, which is of course the most important thing to a trade association. The organization is finding itself in a bind, in essence taking a bullet for a member that has demonstrated repeatedly that it not only has little concern for the rights of creators and copyright owners, but that it has little concern for members of Congress, who are simply trying to protect their constituents from serious harm.

If I were a DCIA member who used file-sharing technology — as I always say when speaking, a technology that like any technology is not good or evil, it just is — for legal, legitimate purposes in a way that respected both the ownership rights of copyright owners and the personal privacy concerns of consumers, I’d be a bit unhappy at seeing my business model tarnished by those not trying to do the right thing.

As for HR-1319, member after member of Congress praised its introduction today. Ranking Member Radanovich (R-CA) called the privacy violations of those with troublesome P2P on their computers “atrocities.” Rep. Barrow (D-GA) said “we have truth in lending, truth in labeling, it’s time we had truth in networking.” I defy anyone to argue against the goal of the legislation, namely to help empower consumers to protect themselves against online threats.

Implementation of such empowerment is of course trickier. Holleyman, in his testimony and according to the hearing today also through private discussions, made clear that the language needs to be narrowed and tailored so as not to entrap good actors in needless, and potentially stifling, regulation. I support that wholeheartedly. I’d note that Bono Mack and bill co-sponsors preemptively stated that they were eager to work on those revisions. The enemy here is not regulation, it is violation of our privacy.

This entry was posted on Tuesday, May 5th, 2009 at 2:39 pm by Patrick Ross and is filed under capitol hill, p2p, piracy, property rights. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.