There has been some discussion within the government recently about the risks of peer-to-peer (P2P) file sharing to data security.
In November, bill HR 4098, the Secure Federal File Sharing Act, was introduced in Congress to ban P2P file sharing on US government, and government contractor computers. Sensitive Defense Department documents were lost through P2P networks earlier this year, likely prompting the proposal of this bill.
In higher education the use of P2P software produces a different reaction than the one mentioned above. As a file sharing tool it has great potential for playing a positive role in fulfilling the institutional missions of teaching, research, and the dissemination of knowledge. However, as we know, it is typically used for illegally sharing copyright protected music, movies and software.
The bigger issue that Congress is considering, namely ensuring that sensitive data and personally identifiable information is protected against leakage via file-sharing networks, also applies to universities. Is there any reason why computers containing sensitive data should have such a potentially dangerous application installed on them?
Since P2P networks are transfer tools, they are vulnerable to exposure of data and the distribution of malware. Hackers can attack these networks by changing legitimate files through the installation of malware, implanting malware into shared directories, exploiting vulnerabilities in the coding protocol of the network, and creating denial of service and spamming attacks that attempt to harass the users of the P2P network.
MIT does not put limits on the use of P2P programs. However, as a result of the 2008 Higher Education Opportunity Act (HEOA), regulations were issued and finalized by the Department of Education in October 2009, with several of these regulations addressing unauthorized file sharing (and the use of P2P programs) on campus networks.
We may therefore see some changes when enforcement goes into effect in July 2010. Changes could include possible restrictions to file sharing networks, alternatives to illegal downloading, and disclosure to students describing file sharing and campus policies related to copyright law.
Risks of illegal downloading hit home quite recently. In November a Boston University student was ordered to pay $675,000 in damages for illegally downloading songs and sharing them online.
More information can be found here: