Politics and Law

Sensitive files like Secret Service safehouse locations, military rosters, and IRS tax returns can still be found on file-sharing networks, according to a report to a U.S. House of Representatives committee on Wednesday.

In many cases, that's because federal government employees or contractors installed peer-to-peer software on their computers without paying attention to which documents would be shared, Robert Boback, the chief executive of Tiversa, told the panel.

Boback said his company found the Secret Service's evacuation plans for the first lady and motorcade routes. (See an interview with Tiversa about Marine One documents found on a peer-to-peer network this spring.)

That led some politicians to announce that new federal laws were necessary to stop inadvertent file sharing.

"I'm planning to introduce a bill," said Rep. Edolphus Towns, a New York Democrat who heads a House oversight committee. He said his legislation would limit the use of peer-to-peer software on all computer networks operated by the federal government or its contractors.

In addition, the Federal Trade Commission should investigate whether P2P software developers are violating the law, and the Obama administration should "undertake a national campaign to educate consumers about the dangers of file sharing software," Towns said. (In April, Towns' committee informed the FTC it had reopened an investigation into inadvertent file sharing.)

Rep. Peter Welch, a Vermont Democrat, suggested a similar approach. He wanted to know "whether there's some legal action that should be taken to protect intellectual property, to protect kids from pornography, to protect classified medical information, national security information."

The two-and-a-half hour hearing singled out LimeWire, which is probably the highest-profile P2P client in use today. LimeWire is distributed by Manhattan-based Lime Wire LLC (which sells a more featureful version called LimeWire Pro) and it uses the BitTorrent and Gnutella networks.

Lime Group chairman Mark Gorton tried to defuse some of the criticism, saying "the current version of LimeWire does not share any documents by default," and many security improvements were added in version 5 of the software--released in December 2008--that were absent from version 4.

Gorton also tried to make a more subtle point: the Gnutella network is an amalgamation of scores of different P2P clients, many of which may have different default settings, and LimeWire shouldn't be held responsible for someone's decision to share files using a program written by a different company.

It didn't work. "It is chilling what the public now has available to it," Towns said. "The idea that you can look at the first lady's information, where she's going, how she's getting there. Tax records, things of that nature...we need to get to the bottom of this."

Not helping was the fact that Gorton testified at an earlier hearing in July 2007 on the same topic.

"Mr. Gorton, I find your testimony today stunning," said Rep. Paul Hodes, a New Hampshire Democrat. "You promised us two years ago you were going to fix LimeWire."

Replied Gorton: "LimeWire does not control the computers of people around the country."

He added later: "It's not unreasonable to expect that people who install file-sharing software want to share files."

Other suggestions were more extreme. Rep. Bill Foster, an Illinois Democrat who's more technically-inclined than most politicians (he has a doctorate in physics), said "the nuclear option is to block the Gnutella protocol" on a national basis.

But, Foster acknowledged, that wasn't likely to work. Another option, he said, would be to create a new version of the Gnutella protocol that allowed only limited clients--that curbed what folders or file types could be shared--to connect to it.

news analysis The U.S. House of Representatives has scheduled a hearing Tuesday to examine a bill that would force peer-to-peer applications to provide specific notice to consumers that their files might be shared.

The hearing before a House Energy subcommittee comes about a month after reports that specifications about the helicopter used as Marine One may have been leaked through a P2P network. Meanwhile, a second House committee is probing whether LimeWire or another P2P application was responsible.

Tuesday's hearing is expected to focus on a bill introduced in March by Rep. Mary Bono Mack, a California Republican. The catch: while it appears intended to target only P2P applications, the measure sweeps in Web browsers, FTP applications, instant messaging utilities, and other common programs too.

Bono's Informed P2P User Act says that it will be "unlawful" for P2P software to cause files to be made available unless two rules are followed. First, the utility's installation process must provide "clear and conspicuous notice" of its features and obtain the user's "informed consent." Second, the program must step through that notice-and-consent process every time it runs.

Her bill defines P2P applications as software that lets files be marked for transfer, transferred, and received. (The exact wording: "to designate files available for transmission to another computer; to transmit files directly to another computer; and to request the transmission of files from another computer.")

Every copy of Windows, GNU/Linux, and Mac OS X sold in recent memory includes a command-line FTP client fitting that definition but lacking the proposed warning. Does that mean that Microsoft, the Free Software Foundation, and Apple could be fined for "unlawful" activities? If the definition stretches to include the rsync utility and open-source software too, will volunteer maintainers and foreign citizens have to comply?

Another example: Web browsers could also be regulated and subject to Federal Trade Commission enforcement action unless "informed consent" is obtained each time the desktop icon is double-clicked. (Every Web browser allows the user to "designate" files to be uploaded--ever post a photo?--and request that files be downloaded.)

It's true that forcing compliance--at least for those programmers who are paying attention to legislative proclamations from the U.S. Congress--shouldn't be too difficult. A few warning messages and click-here-to-continue dialog boxes would suffice.

Still, the argument that a particular piece of proposed legislation could be worse is no argument at all. What the bill's drafters may not appreciate is that the Internet is, by definition, a peer-to-peer network. Restricting its P2Pishness, for lack of a better term, is difficult to do with restricting Internet access completely.

The point here is not that LimeWire and its rivals are without risk; misconfiguration probably would expose sensitive files to the public.

It's more that software is uniquely malleable, difficult to define, and better overseen by West Coast coders voluntarily adding warning messages than East Coast lawyers making it illegal not to do so.

The U.S. Supreme Court failed to reach a consensus about regulating obscenity a generation ago; do we really think that computer code today won't be equally slippery?

Editors' note: This is a guest post. See Michael Songer's bio below.

Throughout the 1990s and 2000s, we have seen a number of well-known legal disputes: legality of peer-to-peer services such as Napster and Grokster, cybersquatting, laws (trying) to regulate porn, even "veejay" Adam Curry trying to use the MTV domain name.

As we head into 2010 and beyond, here are some legal issues that are likely to careen through cyberspace in the next few years.

1. Lawsuits related to stupid/silly conduct shown on the Internet.
The assimilation of broadband brought with it those "viral videos": Star Wars Kid, Numa Numa Dance, Aleksey "Impossible is Nothing" Vayner, and the like. The latest fad seems to be taking videos of crude behavior and posting it for all to see--think of the two girls bathing in the Kentucky Fried Chicken kitchen, or the Domino's employees creating a "special" meal for a customer.

Someone will be offended, someone will sue. In some cases, the lawsuits make sense (violating health codes for the KFC and Domino's videos); in other cases, they don't (Star Wars Kid sued, and Aleksey Varner threatened a suit, though the legal basis for these is shaky).

Expect to see a rise in these types of lawsuits related to conduct shown on the Internet and calls for Congress to do something. What, exactly, can be done is less clear; it's hard for the legal system to regulate conduct that, while not breaking the law, is merely stupid. But that won't stop people from trying and lawyers from garnering headlines.

2. Lawsuits related to social media.
The last few years have seen a number of lawsuits brought against Facebook and MySpace for conduct occurring on those sites--think of the Megan Meier case (Megan Meier was the teenager who committed suicide after a woman pretended to be her friend, and then turned on her).

The government prosecuted the offender in that case, though the legal basis for the prosecution is less than clear, and an appeal is under way. And there have been calls for regulating what you can and cannot do (no sock puppets!) on these sites.

These are likely to continue for the simple reason that more and more people are using these new technologies. With that increased use comes the increase in libelous statements, crude conduct, even illegal activity (think prostitutes using Craigslist to advertise their services).

I'm sure--if it hasn't already happened--that someone will sue over some "tweet" in the next year. Expect more of these lawsuits.

3. The next battle in the copyright wars.
The $1 billion battle between Google's YouTube and Viacom is churning away, with no end in sight. At issue is the liability of sites like YouTube for hosting content posted by others.

Like the earlier Napster decision, this case has major ramifications for content on the Internet. However, just as Napster begat legal file sharing (iTunes), consumer demand might work out a solution faster than the courts.

YouTube recently announced a deal with Sony to stream movies, with television shows on the horizon. But whatever the final outcome of the YouTube lawsuit, nagging copyright issues associated with liability and fair use of content uploaded into social sites will not go away.

Recently, the Associated Press threatened to sue aggregators and clamp down on the use of their articles, and others are sure to follow this path. Expect more content owners to use copyright lawsuits to shape what we view and read on the Internet.

4. Blogger liability for the comment section.
Currently, bloggers cannot be sued for libelous statements posted in the comment section of their blogs. Something called "section 230" (after the particular legal code) immunizes bloggers from legal harm caused by another's comments (bloggers, however, can be sued for libelous statements that they post).

This immunity was enacted in the mid-'90s and was designed to protect the "publishers" on the Internet at that time: the AOLs, CompuServes, and ISPs that enabled Internet access. The law never contemplated the explosion of bloggers, MySpace authors, and other "social publishers." And the law never contemplated the accompanying (usually anonymous) comments to those posts, as well as the ill will associated with the all-too-common flame wars.

Several courts have expressed dissatisfaction with the blogger immunity--particularly when the blogger knows that the comments are defamatory or wrong. Expect more challenges to this immunity, and perhaps calls for Congress to roll back section 230.

5. The taxman cometh.
Anyone who has read a phone bill has seen a dizzying array of taxes, assessments, and special charges. Your Internet access is free from such taxes until at least 2014, due to Congress and the Internet Tax Freedom Act. The law, passed in 1998 and extended by the Bush administration, prohibits federal, state, and local governments from taxing access to the Internet, and it bans "Internet-only" taxes such as bandwidth or e-mail taxes.

States remain free to tax sales on the Internet.) Of course, that was before the current economic crisis, and the general rise in taxes on everything from mobile phones to cigarettes. A bill has been introduced to make the tax ban permanent, but nothing is "forever" with Congress. Expect to see calls for Congress to tax these areas before 2014.

Of course, given a steady pace of new Internet technologies that allow different ways for humans to interact with one another, more unique, complex, and downright strange events will occur that give rise to legal disputes. (Think "upskirt" cams.)

The legal system is flexible and has dealt with much over the last 10 years, in many instances driving Internet growth in ways both good and bad. The next 10 years promise much of the same.

American peer-to-peer users worried about being sued into oblivion by the recording industry may soon have a much bigger concern: facing off against the U.S. Department of Justice.

Two senators, a Democrat and a Republican, introduced a bill on Wednesday that would unleash the world's largest law firm on Internet pirates. It would authorize the Justice Department to file civil lawsuits against people engaged in peer-to-peer copyright infringement--with the proceeds going to the company or person who owns the copyright.

"This legislation is a simple bill that would give the Department of Justice the authority to prosecute copyright violations as civil wrongs," Sen. Patrick Leahy, the Democratic chairman of the Senate Judiciary Committee, said during a hearing on Wednesday. Sen. John Cornyn, a Republican, is a co-sponsor.

This is not the first time this bill, called the Pirate Act, has surfaced in Washington. Despite criticisms from civil liberties groups and complaints from peer-to-peer companies that it amounted to corporate welfare for copyright holders, the Pirate Act has cleared the Senate three times. (Here's our coverage after the June 2004 vote.)

The Pirate Act enjoys strong support from large copyright holders. The Recording Industry Association of America said on Wednesday: "We commend Senators Leahy and Cornyn for their commitment and leadership to ensuring improved enforcement of IP protection."

And Dan Glickman, chairman of the Motion Picture Association of America, said the Pirate Act will "strengthen the government's law enforcement resources to crack down on intellectual property theft."

Oddly, though, the Justice Department has been less than enthusiastic about the measure in the past. One top department official said a few years ago that the idea is "something that people should take with a grain of salt"--and while "the Justice Department is there to enforce the law, there's something to be said for those who help themselves."

The Pirate Act's portion devoted to civil copyright enforcement is identical to the 2004 version. It says that "the attorney general may commence a civil action in the appropriate United States district court against any person who engages in conduct constituting (a copyright) offense." Anyone who reproduces or distributes copyrighted works that total $1,000 is liable for punishing statutory damages.

In addition, a federal judge "shall" award "restitution to the copyright owner aggrieved by the conduct."

Criminal charges? Nah.

Under a 1997 law called the No Electronic Theft Act, federal prosecutors can file criminal charges against peer-to-peer users who make songs available for download. A July 2002 letter from prominent politicians to U.S. Attorney General John Ashcroft urged the prosecution of Americans who "allow mass copying from their computer over peer-to-peer networks."

But the Justice Department has been less than eager to file criminal charges against people like Jammie Thomas, who recently was found liable for $222,000 in damages in a lawsuit brought by the RIAA. Federal prosecutors have indicated that they're hesitant to target peer-to-peer pirates with criminal charges for two reasons: Imprisoning file-swapping teens on felony charges isn't the department's top priority, and it's difficult to make criminal charges stick.

The relative ease of winning civil cases compared to criminal prosecutions is one big reason why the RIAA and MPAA adore the Pirate Act, called the Intellectual Property Enforcement Act in its latest incarnation. The burden of proof is lower, and a civil defendant has far fewer rights under the law.

There are two other benefits for copyright holders. It's cheaper for copyright holders because they don't have to take the the risk of hiring expensive lawyers to sue a defendant who's judgment-proof (and can't cough up a check if found liable). And judges and juries may be more likely to side with Justice Department prosecutors, who claim they're looking out for the public interest, than law firms employed by the for-profit companies comprising the RIAA.

The new version of the Pirate Act, in addition to civil enforcement, also:

* Creates an "operational unit" of at least 10 FBI agents to investigate intellectual property offenses. It requires the Justice Department to assign a federal prosecutor to Hong Kong and Budapest, Hungary, "to assist in the coordination of the enforcement of intellectual property laws" and allocates $12 million per year.

* Awards $20 million per year in additional funding to the FBI and the Justice Department's criminal division to investigate computer crimes.

* Amends existing law dealing with criminal forfeiture. Says that "any property used, or intended to be used, in any manner or part to commit or facilitate the commission" of certain intellectual property offenses is subject to forfeiture. Civil forfeiture is also included. This expands on a recent counterfeit goods-related law.

News.com's Anne Broache contributed to this report.