Re: classifying P2P traffic - what about legit uses? Part Deux

[Ozzie Paez <ozpaez () SPRYNET COM>]

Mr. Safian did a great job in defining the nature of the problem, people and
culture.  Those of us old enough to remember the software revolution at the
desktop remember how software was copied and passed around by people who
would otherwise never steal a penny.  It remains with us to this day as
evidenced by the many copy protection and registration schemes from the
major publishers.  When security and the human element intersect, the human
element, defined by culture and socially acceptable behavior, almost always
wins, and such is the case with P2P traffic and copyrights.  That does not
mean that institutions can sit back and do nothing.  The risks associated
with unauthorized use can be greatly diminished, at least at the monetary
level, through good faith efforts, even in the face of a loosing battle.
So, we have a three factor challenge:

1.  The technical issues involved in addressing P2P,
2.  The human side of the equation, i.e. policies, procedures, training...
3.  The legal side focusing on lowering risks of expensive law suits and
settlements.

The best solution available at this time requires a multi-disciplinary
approach from professionals and administrators involved in the three areas.
Finally, there is a need to remain connected, respectful and at least aware
of the concerns of copyright holders, and somehow feed that back into the
overall program.  My view is that any attempt that fails to integrate all
three components listed above will provide only limited returns, while those
that incorporate them will provide reasonable risk mitigation.

If it wasn't for us pesky people, most IT/Security problems would be easy to
solve!

Ozzie Paez
SSE/CISSP
Denver Infragard/SAIC
303-332-5363

-----Original Message-----
From: Roger Safian [mailto:r-safian () NORTHWESTERN EDU]
Sent: Wednesday, January 30, 2008 8:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] classifying P2P traffic - what about legit uses?
Part Deux


Not wanting to be the shill for the *IAA but...

At 04:37 PM 1/29/2008, Randy Marchany put fingers to keyboard and wrote:
> 4. We need to figure what the real problem is and then work to solve it.
The
> real problem of "illegal" P2P traffic is copyright violations and the
threat
> of sanction from RIAA/MPAA. Joel said it simply: "if it's against the law
and
> you get caught, you are in trouble." Hammer that message to your user
> community and we start to solve this problem.

Who hasn't been hammering this message?  We have, for years, and in the end,
I'm not sure it matters.  It doesn't matter because we are trying to fight
"free" and that's a losing battle.  As long as the penalties are fairly
minor, and the odds of legal action are long, our communities are going
to continue to do this.  I haven't spoken to anyone who in the last few
years, who didn't already know the risks.  They might not all have come
right
out and said that, but, you can tell they knew what they were doing.  In
some ways this is like speeding.  We all know it's wrong, yet many people
still do it.

So, what can we do?  One thing we have to do is recognize that we, like
many ISP's, have substantial amounts of copyrighted materials on our
networks.  The various copyright holders have a legitimate interest
in obtaining royalties for their works.  The current operations of
endless take down notices and occasional law suits is not a productive
strategy.  (although I do wonder just how much money is taken in with
the settlement campaign)  Personally I think the time has come for
us (and by us, I mean ISP's) and them (that's all the copyright holders)
to sit down and try to come to some amicable solution to this problem.
I personally favor some sort of monthly fee for content, although I
recognize that it has it's own set of difficulties.  The bottom line
for me is, as long as we're in a hostile relationship, we're never
going to see the end of this, and, in the end, our communities will
suffer.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"