Educause Security Discussion mailing list archives
Re: classifying P2P traffic - what about legit uses? Part Deux
From: Ozzie Paez <ozpaez () SPRYNET COM>
Date: Wed, 30 Jan 2008 10:03:45 -0700
Mr. Safian did a great job in defining the nature of the problem, people and culture. Those of us old enough to remember the software revolution at the desktop remember how software was copied and passed around by people who would otherwise never steal a penny. It remains with us to this day as evidenced by the many copy protection and registration schemes from the major publishers. When security and the human element intersect, the human element, defined by culture and socially acceptable behavior, almost always wins, and such is the case with P2P traffic and copyrights. That does not mean that institutions can sit back and do nothing. The risks associated with unauthorized use can be greatly diminished, at least at the monetary level, through good faith efforts, even in the face of a loosing battle. So, we have a three factor challenge: 1. The technical issues involved in addressing P2P, 2. The human side of the equation, i.e. policies, procedures, training... 3. The legal side focusing on lowering risks of expensive law suits and settlements. The best solution available at this time requires a multi-disciplinary approach from professionals and administrators involved in the three areas. Finally, there is a need to remain connected, respectful and at least aware of the concerns of copyright holders, and somehow feed that back into the overall program. My view is that any attempt that fails to integrate all three components listed above will provide only limited returns, while those that incorporate them will provide reasonable risk mitigation. If it wasn't for us pesky people, most IT/Security problems would be easy to solve! Ozzie Paez SSE/CISSP Denver Infragard/SAIC 303-332-5363 -----Original Message----- From: Roger Safian [mailto:r-safian () NORTHWESTERN EDU] Sent: Wednesday, January 30, 2008 8:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] classifying P2P traffic - what about legit uses? Part Deux Not wanting to be the shill for the *IAA but... At 04:37 PM 1/29/2008, Randy Marchany put fingers to keyboard and wrote:
4. We need to figure what the real problem is and then work to solve it.
The
real problem of "illegal" P2P traffic is copyright violations and the
threat
of sanction from RIAA/MPAA. Joel said it simply: "if it's against the law
and
you get caught, you are in trouble." Hammer that message to your user community and we start to solve this problem.
Who hasn't been hammering this message? We have, for years, and in the end, I'm not sure it matters. It doesn't matter because we are trying to fight "free" and that's a losing battle. As long as the penalties are fairly minor, and the odds of legal action are long, our communities are going to continue to do this. I haven't spoken to anyone who in the last few years, who didn't already know the risks. They might not all have come right out and said that, but, you can tell they knew what they were doing. In some ways this is like speeding. We all know it's wrong, yet many people still do it. So, what can we do? One thing we have to do is recognize that we, like many ISP's, have substantial amounts of copyrighted materials on our networks. The various copyright holders have a legitimate interest in obtaining royalties for their works. The current operations of endless take down notices and occasional law suits is not a productive strategy. (although I do wonder just how much money is taken in with the settlement campaign) Personally I think the time has come for us (and by us, I mean ISP's) and them (that's all the copyright holders) to sit down and try to come to some amicable solution to this problem. I personally favor some sort of monthly fee for content, although I recognize that it has it's own set of difficulties. The bottom line for me is, as long as we're in a hostile relationship, we're never going to see the end of this, and, in the end, our communities will suffer. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: classifying P2P traffic - what about legit uses? Part Deux Randy Marchany (Jan 29)
- <Possible follow-ups>
- Re: classifying P2P traffic - what about legit uses? Part Deux Roger Safian (Jan 30)
- Re: classifying P2P traffic - what about legit uses? Part Deux Ozzie Paez (Jan 30)
- Re: classifying P2P traffic - what about legit uses? Part Deux Kevin Shalla (Jan 31)