On the Berman p2p

I intended to write something polemic and scathing about the Howard Berman (D- California) and Howard Coble‘s (North Carolina) so called “Peer to Peer Piracy Prevention” bill to allow rights owners to create and use malicious software to engage in flooding, or bringing down a computer or network by “flooding” it with demands for attention (this is a denial of service attack, and it’s usually illegal), spoofing (creating false files that masquerade as legitimate content), and redirection (hijacking a connection and pointing to an alternative server). These are actions that are less than legal under most circumstances, but the Berman bill frees rights owners to engage in these attacks, with protection. Rights owners do not need to prove “reasonable cause,” and the victim must prove (assuming one can identify and track the attack) that he or she suffered financial loss. You can read CNET’s take here.

I discovered that Doc Searles has done a much better job of explaining the issues, both of the P2P bill, and the various RIAA/Internet radio debacles. So go read what the excellent Doc has to say. Then take a look at the EFF’s commentary.

I’m not in favor of illegal file trading, and don’t engage in it myself. But this bill is an astonishingly technologically stupid idea, and it provides the same kind of opportunity for false claims of copyright violation and abuse that the DMCA does. Let’s say a rights owner suspects that an individual is illegally trading files. The rights owner launches an application to “flood” the user’s network. The file trading is halted as the entire network is crippled. In other words, the rights owner has indulged in the digital equivalent of stopping turnpike traffic to issue a citation to one driver who did not pay the fifty cent toll.

If you use a cable modem, your connectivity is shared, so if your neighbor is a file-trader targeted by a rights holder in a denial of service attack, you suffer as well. The putative rights holder does not have to prove that your neighbor was trading copyright protected data, never mind “his” data. If you’re an ISP, and you have three or four (or 100) users who are under equipped in the ethics department, your entire user base suffers—and you must prove in court that you suffered financial loss. If you’re a university, well, you’re screwed. You can’t shut off access to the ports or otherwise block p2p users because that’s a violation of rights, and you will hear from users and their lawyers, never mind administrators and faculty. (We know this because universities tried to prevent access to Napster when the popularity of downloading lots of mp3s began causing bandwidth problems.) But if you don’t violate users’ rights then your network is going to be constantly under attack, to the point of impairing daily and mission critical operations.

Moreover, the sweeping permissions offered by the bill, and the limitations on liability, make the bill not only open to abuse, it practically invites abuse. All the onus for proof lies on the end user, the “trader,” not the rights holder. The vague language provides opportunity for other kinds of malicious attacks.