P2P FILE-SWAPPING RISKS ABOUND FOR EMPLOYERS, REPORT SAYS
In wake of Napster, peer-to-peer (P2P) networks have moved beyond trading MP3 music files into swapping content such as latest Sopranos episode and videogames. Diversity of content not only is driving creation of new P2P Web sites and applications, but also is creating bandwidth, legal and security issues for employers, report by Websense said Thurs.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
San Diego-based firm is provider of employee Internet management (EIM) software that enables companies to control access and manage how employees use Internet. It and partner Macrovision told us Wed. they were developing filtering program to let ISPs monitor traffic in unauthorized copyrighted content on their enterprise networks. Partners’ revelation of plan followed decision by D.C. federal court Tues. ordering ISP Verizon Internet Services to comply with RIAA subpoena seeking information on alleged online music infringer (CED Jan 23 p1). Verizon has said it would appeal ruling.
Number of P2P file-sharing Web pages has increased more than 300% in last year, totaling more than 89,000, Websense said. In addition, there are more than 130 unique P2P applications, such as KaZaA, Grokster, others. “P2P networks have truly developed beyond music to become a marketplace for users swapping videos, games and software packages,” Websense Chief Technology Officer Harold Kester said. “While this may be free to end users, it comes at a huge cost to corporations in the form of wasted bandwidth, gaping security holes and serious emerging legal issues.” Recently, MPAA, RIAA and other groups warned CEOs of nation’s 1,000 biggest companies that corporations could be liable for violating copyright laws if employees used company networks to download, store or distribute music or movies illegally. One early RIAA suit, against Ariz.-based company found storing illegal MP3s on its servers, was settled out of court for $1 million.
While trading MP3s remains popular among P2P users, other content is gaining and, in some cases, on par with music swapping, Websense said. It cited research by The Yankee Group that said more than 5 billion music files were downloaded last year from P2P networks and more than 5 million videogame downloads occurred, according to game developer Trymedia. Consulting firm Viant said 400,000-600,000 copies of movies were downloaded daily and 3 million users downloaded TV shows from KaZaA every day.
Many employees use office Internet connections to download P2P files, as fewer than 17% of Americans with Internet connections have high-speed access at home, Websense said, citing Jupiter Media Metrix. With high-speed office connection, download of full-length movie takes about one hour, vs. 23.5 hours with 56 kbps dial-up connection in most homes. Despite widespread employee usage, Websense said recent survey of chief information officers found 64% of companies don’t monitor music or video downloads. “Many corporate users may not be aware, or are completely ignorant, of the IT resource consumption associated with listening to online music or watching streaming media from their desktops,” IDC analyst Brian Burke said in Websense report. “In addition, applications acquired through insecure grid computing or P2P protocols often enter the corporate environment without being scanned for viruses or malicious code.”
P2P applications can carry security risks because they communicate directly with other users’ computers and often bypass corporate firewalls, Websense said. Many P2P applications tunnel through port 80 and other open ports on corporate network, effectively allowing employees to create their own virtual private networks (VPNs). Websense said because port 80 typically was left open for Web traffic, virus-infected files and other malicious code could slip past company’s traditional defenses.
Once stored on corporate network, P2P files can create legal issues, Websense said. It cited analysis by IDC that said: “As most new computers ship with CD and DVD burners, companies may be crossing new legal boundaries as employees burn downloaded videos or music onto discs using company-owned assets…. While it is true that in certain business situations, grid computing, commonly known as P2P, represents an innovative way of maximizing resources dynamically, today it is primarily used for swapping copyrighted material.”
Content owners have shown determination to hold employers responsible for copyright infringement on corporate networks, and even have brought issue to attention of educational institutions, leading to investigation by U.S. Naval Academy of alleged file- sharing by midshipmen. “Companies must be aware that they might be held responsible for employees who illegally swap materials -- including everything from movies to videogames -- using company resources,” said Jennifer Kearns, labor and employment attorney quoted by Websense. Websense said that besides managing or blocking employee access to P2P protocols, its Version 5 software due in March would offer add-on module called Client Application Manager that would enable employers to select and manage which applications could run on individual desktops, thereby curbing launch of P2P applications on employee work stations. Separate system under development with Macrovision for enterprise ISPs is due by year-end.