Legislation of software design

As reported in Computerworld, the Informed P2P User Act (HR 1319) was introduced by Rep. Mary Bono Mack (R-Calif.) in March 2009.  The bill makes it illegal for P2P software to inadvertently share files over a network without a user’s knowledge. Violations of the act would be treated as unfair and deceptive trade practices under U.S.C. Title 15, Chapter 2, Subchapter I, Section 57a, of the Federal Trade Commission Act.

In a nutshell, the intent of the bill is to legislate the equivalent of “seat belts” for software applications.  The attempt though, has about as much bite as a piranha with dentures.  A great deal of P2P software originates from outside the U.S. and the bill simply grants the FTC authority to “…enforce this Act in the same manner, by the same means, and with the same jurisdiction as though all applicable terms and provisions of the Federal Trade Commission Act were incorporated into and made a part of this Act.”

In other words, because the FTC does not have jurisdiction over individual programmers, many of whom live outside the U.S., there is little it can possibly do to enforce the provisions of this bill.  It is in effect, a harmless piece of “feel-good” legislation.

However, it does bring to light a growing problem that many individuals and organizations face; not knowing exactly what their computer programs are doing.  That problem can best be overcome through the use of good configuration management, and user training.  Configuration management ensures that programs will perform as expected, and training ensures that users are familiar with how to properly use the installed software.

Here are a few tips on proper configuration management:

  1. During installation, choose the “Custom Install” option, so that you’ll know; step by step; what is going on during the installation process.
  2. Only enable “just enough” of the features that you need, in order to get the job done.
  3. Segregate sensitive information onto removable media or encrypted file partitions.
  4. Become familiar with how to properly use the installed software.

Until Intel figures out how to instil the Three Laws Of Robotics into computers, it is really up to us to make sure that our applications are doing what we expect of them.

If you suspect that your computer systems are not doing what you think they’re supposed to be doing, please contact The Assurer for a consultation.

Spread the word!