The News – 07/19/01
Use May Be Even More Illegal Than You Thought
It’s fairly well recognized in the post-Napster world that using
peer-to-peer technology can get you in trouble. Legal woes for Napster and
its users, however, centered more around the copyright infringement issue,
and not on the technology. Well, David
McOwen, a now-former employee of DeKalb Tech, part of the Georgia state
university system, may soon be arrested and face a maximum penalty of 15
years in prison – for installing a screensaver from Distributed.net on some
of the computers at DeKalb.
So what could possibly be worthy of hard time in this
case? Well, at first you might think of the stolen CPU cycles.
Distributed.net farms out large computing projects to many participating
computers, who work on them when they’re doing nothing else. Although idle Georgia
state resources were used, it’s hard to see the foul there. The computers
weren’t doing anything anyway.
It turns out the state wants to nick McOwen for using
bandwidth, a very expensive amount of bandwidth. It claims that the
Distributed.net client cost the state $415,951.49 in bandwidth charges,
which it calculates at 59 cents per second or $1,529,280 per month. I want
to be that college’s broadband provider! Especially considering you can get
a full T-1 for under $900 a month in DeKalb county. So at that price, the
state is claiming McOwen stole roughly 61 terabit-seconds of bandwidth,
most of it in December when few students were in school. Clearly, the
damages must be based on something other than bandwidth.
Leaving aside the preposterousness of the monetary
charges, it’s clear that McOwen did make non-business use of state
resources, along with probably hundreds if not thousands of other state employees.
I can’t decide if Georgia is just that clueless, or if it merely wants to
set an example by crushing this poor defenseless system administrator.
Taking a look at the math, though, makes me lean toward cluelessness.
If you’re concerned about this travesty of justice, you might
want to give David a hand. You can contact his attorney, David Joyner, of law
and Solomon in
Duluth Georgia, at firstname.lastname@example.org
Regardless of how you feel about McOwen’s plight, this story
underscores a key issue that businesses will have to deal with regarding
P2P computing. While it may be ludicrous to think that McOwen’s use of
public property caused $415,000 in damages, it is entirely possible that
employee use of P2P technology could damage a business.
Most applications in the hive computing or distributed
computing class, like Distributed.net and the more famous SETI@Home, are
fairly benign. They accept small chunks of data from a server on the Internet,
and run as screen savers to process the data. The result is sent back to
the server, and it generally is also not a large amount of data. It’s
possible that employees will leave their computers on more when running one
of these applications, and it’s even possible that they will get paid for
using business resources. But outside of a little electricity and wear and
tear on equipment, along with a little bit of extra bandwidth usage, there’s
not usually a lot of direct damage to the enterprise.
File sharing P2P applications, however, are a different
matter. Although there is a security risk in running even hive computing
applications within the enterprise, the risk is magnified when employees
run consumer-grade file sharing applications. Although Napster may be
becoming a non-factor, there are many other services like Morpheus or
KazAa springing up to facilitate music
file sharing. Then there are other services such as Gnutella and Wrapster that let users share any kind
of file, even sensitive company information. For more information on P2P
applications, see the white paper, The
Buzz About Hive Computing: Putting Peer-to-Peer Computing to Work, or
the P2P for
Many enterprises solve these problems by identifying the ports
and protocols the offending services use, and then blocking them. The problem
is in keeping up with the myriad services, and knowing where to stop. For
example, your employees may be using Instant Messaging (IM) clients such as
AOL Instant Messenger, or similar programs from Yahoo and Microsoft. They
may even be using these IM services to communicate with customers and
suppliers. Plus, these clients can also allow users to share files.
Clearly the P2P phenomenon can mean a loss of control, at the
enterprise level, over what happens on your network. Although there are
many P2P companies such as Groove Networks,
Mercury Prime, and 1stWorks developing secure IM and other
secure collaboration technologies, adopting these solutions doesn’t address
the problem of what to do with rogue Internet applications on your network.
At the very least, businesses should formulate acceptable Internet
use policies and require employees to sign and abide by them. But make sure
these policies have a heart. If you ban all personal use of the Internet,
you’ll make scofflaws out of every employee who wants to check the weekend
weather or occasionally visit a recreational site.
There’s no denying that
non-work use of computers is a problem. According to the 2001 Web@Work study
sponsored by Internet filtering vendor Websense:
percent of work computers have Napster on them.
percent of people send more personal email from work than from home.
percent of employers reported that their employees access
non-work-related Internet sites at work, and 27 percent have
experienced an increase in inappropriate employee Internet use this
percent of companies have reprimanded or disciplined employees for
inappropriate Internet use this year.
companies that have reprimanded or disciplined employees, more than
one out of every three terminated those employees for inappropriate
percent of companies overall have been involved in litigation from
inappropriate Internet use.
Going hand-in-hand with usage policies is a comprehensive
network security policy and an educational effort to ensure your employees
understand the threat and the importance of adherence.
The P2P genie is out of the bottle. You may be able to stop
employees from downloading Napster files, but chances are good there’s another
bandwidth-sucking, security-administrator-bedeviling application around the
corner. Good policies and good education will be more effective in securing
and protecting your resources than prosecuting unwitting miscreants like
Can’t Get Enough of ME?
In the unlikely event
that you want more of my opinions, I’ve started a Weblog. It’s the
fashionable thing for pundits to do, and I’m doing it too. A Weblog is a
datestamped collection of somewhat random thoughts and ideas assembled on a
Web page. If you’d like to subject the world to your thoughts, as I do, you
can create your own Weblog. You need to have a Web site that allows you FTP
access, and the free software from www.blogger.com.
This allows you to right click on a Web page and append your pithy thoughts
to your Weblog.
I’ve dubbed my Weblog
entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/.
Let me know what you think. Also check out the TrendSpot for ranking of
the latest emerging trends.
to Mike’s Take