9 March 2009

Peer to Peer (P2P) file sharing: Why it’s banned at work

We have recently seen an increase in the number of persons who are trying to use peer-to-peer (P2P) file sharing services from their campus computers.  UM computer use policies generally ban P2P activities on UM computing resources.  We want you to understand why that’s the case, and also make you aware of the consequences of violating the ban.   

What is a P2P file sharing service?

Technically, a peer-to-peer computing network is one that uses diverse connectivity among many “equal” hosts, rather than relying on centralized computing resources like servers.   P2P file sharing services like LimeWire and uTorrent use this architecture. 

P2P architecture avoids the risk of a central server failure.  File sharing services use it to evade copyright law, since there is no central computing facility to shut down.  However, entities like RIAA are now taking action against individual computer users who are detected on file-sharing networks.

Why is P2P activity generally banned on UM resources?

First, the vast majority of P2P file exchanges violate copyright laws.  The University is obligated to take steps to prevent illegal activity on its computers and networks. 

Second, P2P files can be large, so they can consume significant network communications bandwidth (while being transferred) and significant storage space (while at rest).

Third, malicious software, such as viruses and spyware, is commonly embedded in files exchanged on P2P networks.  Indeed, it’s virtually unavoidable.  That represents a threat to every computer on the campus network. 

What if I have a legitimate need to use P2P or another generally banned service?

UM computer use policies make room for exceptions based on an academic or business justification.  That justification must be approved by your dean or department head, and then sent to the Medical Information Technology Help Desk (help@med.miami.edu) so your account and computer can be put on an exception list. 

How does Medical IT detect P2P activity?

Security appliances can detect the unique patterns of P2P traffic as they occur on UM’s networks, and also detect the P2P software itself when it is installed on a computer that UM manages.  Files downloaded over P2P networks also leave traces that security appliances can detect.

What happens if P2P software or files are found on a medical campus computer? 

Software management tools will remove P2P software during periodic “cleanups.”  If the software is reinstalled, it will be removed during the next sweep.  Files that appear to be the result of P2P activity may also be deleted.

Medical IT is obligated to report violations of computer use policies whenever we detect them.  Accordingly,  we will forward the computer name, location, assigned owner, and the name of the person logging into that computer to Medical Human Resources, Faculty Affairs or Student Affairs.

What happens then?

It is up to Human Resources, Faculty Affairs or Student Affairs to determine the appropriate sanctions. 

What about P2P activity on my own computer?

What you do at home, on your own computer, is your business.  But be aware of the legal risks as well as the exposure to malicious software that such activity entails. 

Even if it is your own computer, you may not conduct P2P activities on campus using UM network resources, nor may you do so while connected to any of the campus IT resources from remote locations.

More information