Stolen Fighter Plane Plans Still on P2P Network - Page 2

Page 2 of 2

[cob:Pull_Quote]Robert Holleyman, president and CEO of the Business Software Alliance, the trade group that represents the country's software and hardware industries, told the panel that he supported the spirit of the bill, but that its vague language would impose unnecessary and burdensome restrictions on useful applications, such as automatic Internet security updates.

"We are concerned that this bill could pull in some of the very legitimate applications and uses of peer-to-peer technology." Holleyman said. "We know that is not the intent of this bill, but as it is written it could reach that breadth."

There was one full-throated opponent at today's hearing. Martin Lafferty is the CEO of the Distributed Computing Industry Association, which represents file-sharing firms. Lafferty assured the representatives that those companies have taken vigorous steps to shore up their networks and assure meaningful consent.

Regulation, Lafferty said, would choke off growth and innovation in an industry that has come a long way since the days of Napster, and is today used for a bevy of legal applications.

"To the extent that legitimate consumer concerns persist ... we strongly believe they can best be handled by ongoing self-regulation under the oversight of the appropriate federal authority," Lafferty said.

But he was in the minority. The other witnesses said that they could support the bill -- either in its current version of with some modest changes -- and the handful of representatives in attendance seemed generally to agree that the threat of inadvertent file-sharing is serious enough that the legislation is necessary.

"Industry's opportunity to self-regulate has passed," said Mary Bono Mack, the California Republican who introduced the bill.

The second bill, the Data Accountability and Trust Act, would establish regulations for how companies handle information, requiring, among other things, companies deemed "information brokers" to provide their security policies to the Federal Trade Commission and submit to audits by the agency.

The bill would also impose stricter requirements to notify consumers in the event of a data breach.

Most states already have data-breach notification laws on the books. Privacy-advocacy groups such as the Center for Democracy and Technology (CDT) are generally supportive of the bill's intent of establishing a nationwide legal framework for protecting consumers in the event of a data breach. Still, they worry that if its requirements are overly broad, it could perversely end up weakening consumer protections by trumping the stronger laws already on the books in some states.

"Preempting state laws in this area is a very significant step," said CDT Senior Policy Counsel David Sohn, senior policy counsel. "Moving forward, Congress needs to keep in mind that the price of preemption must be strong federal action."

[cob:Special_Report]This is third time a version of the bill has been brought forward. In the 109th Congress, the bill cleared the House Energy and Commerce Committee, but never made it to a floor vote. The bill stalled in committee in the last Congress.

The Federal Trade Commission would be empowered to enforce both laws.

Under current law, the FTC does not have the authority to pursue civil damages against peer-to-peer firms it finds to be operating in a deceptive manner. Eileen Harrington, the acting director of the FTC's Bureau of Consumer Protection, said the agency strongly favors both bills. She was quick to point out, however, that the FTC has no interest in wading into the copyright fight that often attends discussions of peer-to-peer file-sharing networks.

The FTC is currently reviewing the security practices of seven of the largest U.S. peer-to-peer networks, and plans to publish the results of its review this summer.