Unauthorized Peer to Peer File Sharing


Scope: Who is Covered by this Policy?

  • Employees and Students

Policy

Background and Purpose of Policy

Peer-to-Peer (P2P) file sharing applications allow users to download and share electronic files of all types and to use any computer as a server for file sharing requests. Currently, some of the more common files shared in this fashion are audio files (e.g., mp3, wav, midi), video files (e.g., QuickTime, jpeg, mpeg, avi), and picture files (e.g., gif, jpeg).  When computers are set up in a peer-to-peer model, the computers become connected as peers, and files on each system are subject to access by the other systems. When a University computer is set up for peer-to-peer operations with an outside computer, the University computer is sharing its files, and in some cases its entire hard drive. In most cases, the same computer has also agreed to accept files from an outside computer. Conversely, the outside system could copy individual files from the University computer’s shared drive, to the outside server, resulting in the potential for inadvertent disclosure of sensitive information.

Because there are legitimate academic, research, and personal uses of P2P file sharing applications, Miami University does not ban them from its network. However, Miami recognizes that P2P activity is commonly used for copying music and video files for personal enjoyment which may violate copyright law and that content which does not infringe copyright is typically available through other methods, such as websites and FTP sites.  Accordingly, Miami actively blocks all P2P traffic from crossing its network perimeter.  If a user has a legitimate need to use P2P software, authorization will need to be obtained from Miami University’s Information Security Officer. Before requesting authorization to participate in any P2P file sharing activity, users of University computing and electronic communication resources should consider the following.

Network Bandwidth

Most P2P applications are configured so other users can access your hard drive and share your files all the time. This constant file transfer can degrade your computer’s performance and generate heavy traffic loads on the university network. The university’s network bandwidth consumption is monitored. If your usage impacts the overall performance of the network, your computer may be blocked. If you use a P2P application to share content legally, you should know how to control or disable the application.

Privacy

If you are running a P2P application, you may be inadvertently sharing personal information, such as e-mail messages or credit card information. You need to make sure you know which files and data the application is sharing. You should know how to control or disable your P2P application to ensure that you are not inadvertently sharing personal information.

Security

Viruses are easily spread using P2P applications. Many P2P applications include “malware” in the download, so you may be unintentionally infecting your computer. To protect your computer, keep your anti-virus program up-to-date and only install programs acquired from reputable sources.

Resource Use

Some P2P applications use your computer as a computational or storage resource for another organization’s use. This may not be an acceptable use of state-owned resources such as the university network or university-owned computers. Do not permit any such use of your system without the consent of Miami University’s Information Security Officer.

Prohibition

The use of a P2P application which:

  1. constitutes a violation of any federal, state or local law,
  2. a violation of University policies (including the Responsible Use Policy and the Code of Student Conduct), or
  3. interferes with Miami University’s network integrity or security is prohibited.

Enforecement

As an Internet Service Provider, Miami University follows appropriate enforcement procedures required by the Digital Millennium Copyright Act.

Upon discovery of an apparent violation of this policy by a student, the Information Security Officer will notify the Dean of Students.  The Dean of Students shall notify the user and require that the user immediately cease the prohibited activity and delete files that this policy.  In addition to stopping potential legal violations, the Dean of Students goal is to educate the student about appropriate P2P use and personal and social responsibility as a P2P user within the learning community.  In the event that a user fails to comply with the Dean of Students’ directive or if the same user violates this policy one or more additional times in the same academic year, then the Dean of Students may initiate appropriate disciplinary action against the student.

Upon discovery of an apparent violation of this policy by an employee, then the Information Security Officer will notify user to immediately cease the prohibited activity and delete files that violate this policy.  In the event that a user fails to comply with the Information Security Officer’s notice or violates this policy one or more additional times, the Information Security Officer will refer the matter to the Department of Human Resources or Academic Personnel Services for appropriate action.

In addition, if a user violates the copyright laws through unauthorized P2P activities, the user may be found liable for civil or criminal copyright infringement.  Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys’ fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.

Review

The Dean of Students and the Information Security Officer shall periodically:

  1. review the effectiveness of this policy; and
  2. review the legal alternatives for downloading or otherwise acquiring copyrighted material and make the results of the review available to its students through a website or other means.

Related Form(s)

Not applicable.


Additional Resources and Procedures

Not applicable.


FAQ

Not applicable.


Policy Administration

Next Review Date

7/1/2023

Responsible Officers

  • Assistant Vice President of Security Compliance and Risk Management
  • Vice President for Information Technology & Chief Information Officer

Legal Reference

  • Digital Millennium Copyright Act
  • Title 17, United States Code, Sections 504, 505

Compliance Policy

No

Recent Revision History

 

Reference ID(s)

  • MUPIM 19.4
  • OAC 3339-19-04

Reviewers

  • Assistant Vice President of Security Compliance and Risk Management
  • Vice President for Information Technology & Chief Information Officer