How Does File-Sharing Liability Affect Your Network?
Napster, BearShare, WinMX, Kazaa, Morpheus, BitTorrent — most of you have probably heard of at least one of these peer-to-peer file-sharing programs. Some likely have used at least one of them.
How many, however, realize the liabilities that can occur from using such programs on your corporate network?
In recent years, the Recording Industry Association of America (RIAA) has started subpoenaing Internet service providers (ISPs) for information regarding users whom it has evidence of sharing copyrighted files.
After receiving this information from many ISPs, the RIAA then proceeded to take a number of these users to civil court for copyright violation. While many on the Internet question the legality of such lawsuits, the cases continue.
The potential exists for companies that allow their users to participate in online file sharing to be held accountable for damages if it is shown that their uses have been sharing copyrighted materials. If the company is found liable, this could lead to hefty legal fees in an effort to refute the claims, along with possible large payments.
In addition to the legal liability of sharing copyrighted files, companies also must consider other possible repercussions of such files. In some cases, the content in the files is inappropriate to the extent that they present the risk charges being filed if they are discovered.
With the potential for serious financial damage to a company found liable for an employee’s file sharing, companies must give serious consideration to taking steps to control the situation before it becomes a problem.
This can be accomplished in many ways.
The first way to reduce the risk is to require users to agree to acceptable use policies that define what they are allowed to do with company-owned systems and networks.
While this cannot prevent users from violating the policies, they are provided with a clear definition of what is not allowed, as well as the potential ramifications if they choose to disobey the rules.
Another way to prevent users from sharing files is to search the network on the regular basis for files with specific extensions such as .mpg, .mp3 or .avi and remove them from the network. This includes checking servers and workstations for these files. Care must be given, however, to not remove files for which users have a valid need.
From a technical aspect, one way to stop the use of file-sharing programs is to stop users from installing software. This can be done in many ways, for example, by limiting the level of access users have to the local workstation.
This can also be accomplished through the use of group policy in a Windows network.
For environments in which limiting users’ access to their workstations is not possible, another solution is to use software on the network to monitor what software is installed and removing any software that is not authorized.
This solution provides the added benefit of ensuring all software installed is properly licensed.
Perhaps the best way to prevent users from using file-sharing programs is to install a device on the network that monitors the network and blocks traffic that matches certain criteria such as specific protocols or destinations. Examples include the Barracuda Web Filter and Websense Enterprise software.
In addition to blocking peer-to-peer file sharing, these products can block instant message programs and filter Web sites users are allowed to access.
With the increase in the number of lawsuits by the RIAA and others, companies must take steps to discourage and prevent network users from participating in file sharing. Otherwise, they open themselves up to possible legal and financial complications that could prove quite costly.