RIAA Targets LAN Filesharing at Universities

segphault writes "The RIAA has sent letters to 40 university presidents in 25 separate states informing them that students are engaging in filesharing on their campuses using the local network. Apparently, the RIAA wants to get universities to use filtering software on their networks to detect student filesharing. The RIAA did not disclose the methodology they used to determine that filesharing is occuring on those local networks, but it probably didn't involve asking permission. The article goes on to predict that the RIAA will eventually try to get the government to require use of anti-filesharing filtering technologies at universities."

How do they know

[phorm]

but it probably didn't involve asking permission

Despite the implications of this statement, what it probably really involves is paying off a student or two to sniff out and inform on filesharing activity, either by running RIAA apps or just manual searching. It wouldn't be the first time they've used this method.

I have my own network

[Virtual Karma]

I have more than one computer on my home network and I share music between all of them. Are they going to get me too? What is the law regarding file sharing on a private network? What if my girl friend copies my music from my laptop? Is that piracy?

What's next...mandated sniffing?

[Ritz_Just_Ritz]

So are the universities (and all networks, by extension) supposed to sniff every packet and look for "copyrighted material" so it can take whatever action the industry think is "appropriate"?

Perhaps every car should also have a sensor to detect speeding and automatically cut the gas?

Fuck the music industry. Their ever more desperate measures only mean they are painfully aware of how irrelevant they are about to become.

Re:Download while you still can

[topical_surfactant]

Don't forget MUTE [sourceforge.net]

MUTE functions in such a way that it is excessively difficult to tell what user is sharing which files, but is still possible to get reasonably fast downloads.

The MUTE project: http://mute-net.sourceforge.net/ [sourceforge.net]

who defined insanity

[yagu]

I don't remember, maybe it was Einstein who said the definition of insanity was to repeatedly do something and expect a different result. Is the RIAA insane?

This is cutting their (RIAA/Entertainment industry) future profits off at the source on a number of levels.

1. The university demographic is probably one of the least likely to be their cash cows, i.e., many, if not most students aren't living fat and happy on exorbitant budgets (I know, some are). They don't have tons of money to fill the RIAA and cohort's coffers.
2. Throwing the college campus dragnet may result in catching file-sharing but it sets the tone for how these students perceive the industry for the rest of their lives, and it's going to be adversarial in this light.
3. In addition to poisoning their future audience, the RIAA misses a great opportunity to expose students to a wealth of music. Sure they're going to share, sure it's technically illegal, but they're going to graduate with some illegal tunes, and likely an appetite to get more music, and with real jobs and real money, most would pay fair prices.

Also, it is so problematic to try and institute filtering in an academic arena. There are probably any number of legitimate ways and reasons to see file sharing on a college campus that would not be legal outside. This will force universities to layer artificial distribution mechanisms they otherwise could have handled with firewall policies. (All this at an added expense to universities, and eventually to the cost of an education.)

So, once again the music industry goes to the "we don't know for sure, but to be safe we're going to assume you're a crook" mentality. The RIAA needs to listen to clue.mp3.

sure, sure

[digitalsushi]

That won't work very well.

If I can get onto the same network as 10 of my buddies, chances are very high that they have stuff I want to steal.

There's no way you're going to lock down to layer 7 filtering (looking at the program data itself, very intensive to comute) at a layer 2 scope (your local IP subnet, or close enough). So you either block SMB ports (file sharing altogether, the lifeblood of a computer network with actual users), or pay $$$ to filter it, poorly.

Rumor has it that if I have my laptop at the library, and so do some other people, that we can magically create a network between us that has no juristiction by the University. Or maybe they *do*, but they have no idea about it.

Any way it gets sliced up, the dollars can't keep up with the ways to get around it.

Re:What's next...mandated sniffing?

[Shelled]

"So are the universities (and all networks, by extension) supposed to sniff every packet and look for "copyrighted material" so it can take whatever action the industry think is "appropriate"?"

What's yet to penetrate public perceptions is: Yes. Exactly. Precisely. The only way universal DRM can work is by monitoring every packet transfer. It's insane how much we as a society are giving up to preserve these niche market middle-man pricks.

iTunes shared music

[Anonymous Coward]

At my university, the majority of the sharing that occurs happens because tons of people use iTunes and turn on the share my music feature. At the very least this allows you to listen to other people's collections, but thanks to programs like myTunes, you can also download from their collection. While there are some restrictions that are put up (like 5 users each times iTunes is restarted, and only being able to see people on the same branch of the network as you are), you can get quite a bit of music this way. I guess if the university wanted they could block these ports, but that would also block the streaming feature, which the RIAA doesn't seem to actively object to. Telling users not to install iTunes would just be silly, since it seems like half the campus has iPods.

WASTE

[FLaSh SWT]

Am I wrong to think that a program like WASTE (http://waste.sourceforge.net) is the easy fix if they started sniffing the local traffic?

Re:Pretty Common

[Lehk228]

as an admin it would be quite easy to subvert such threats, and i have not ever met a network admin who likes being threatened. first make sure the ops of the DC hub know which IP range is the ITS building, then give the RIAA access within the ITS building.

i know i blocked the computing center when i was at university from even being able to see anything on my ftp server. well that and the accounts i gave out to people were restricted to their dorm IP or IP block so it would be considerably more work for a low level employee to actually connect, as they would need to be given control of a router or the DHCP server to have a chance.

Re:How do they know

[darkmeridian]

That's probably unauthorized use of the University's information systems. Running a third-party application meant to spy on students? Accessing the system with the intent of providing sensitive information on other network members to third-parties? The Universities should demand proof via IP packets, the source of that proof via the student-spy, and then expel the student for misuse of the computer systems. Repeat as necessary.

Re:sure, sure

[TubeSteak]

Well, an ad-hoc wifi network with no connection to the internet would be the best solution.

Obviously, stuff like DC++ isn't cutting it. As a runner up, I'd propose a P2P app optimized for LANs.

First you'd need to encrypt the traffic, then kick the data through [min number] other people on the network. It'll be like Tor, but at LAN speeds.

If you really wanted to, you could toss a bandwidth limited proxy into the client so that any external P2P downloads are routed through the same anonymization network.

This would be practical on a LAN, as your upload/download bandwidth is symmetric.

This happend to me..

[Ichigo Kurosaki]

About two weeks ago the direct connect hub at the university of texas was shut down due to outside pressure from the **aa. Our ITS department already imposed strict bandwidth restrictions on amount of bandwidth used (4gb-12gb a week with more bandwidth costing more money). We used the hub to share files (primarily new tv shows) so everyone could get what they wanted without runnign out of bandwidth. Before the letters, ITS looked the other way because the hub accually saved them money on bandwidth. The owner of the hub had his internet revoked and was orderd to shut down the hub a facebook group and serve 40 hours of community service in exchange for not turning his name over to the copyright holders for prosecution.

Re:sure, sure

[Large Green Mallard]

Three words: private vlan edge.

It's a Cisco config option that says client stations can't speak to each other except via a router. Firewall rules in the router to only allow access to a proxy server, mail server and dns server, problem solved.

Then you'd need to leech via wireless, or physically co-located systems plugged into a seperate hub/switch, but at which point it isn't the University's problem, which is what the RIAA is looking at.

Disclaimer: I'm an IT Security Manager for a University. Not one of the ones the RIAA has talked to (we're not in the US). The only way I'd consider those sort of restrictions on residentials networking is due to force-majeure in the form of a competant legal body or management direction. Residential networks are what contributes today to the collegiate atmosphere in on-campus living. These sort of restrictions impact that far too much for my liking.

Universities are complicit with internal networks

[turkeyphant]

In the UK, almost every university has at least one DC++ hub that a large portion of the student body knows about and uses. Many have customised installers that make it easy for lay people to get starting filesharing and, with computers so ubiquitous on campus, almost anyone has the knowledge to get involved.

The thing is, these massively efficient networks that often contain dozens of TiBs of data would not be nearly as widespread as they are if it weren't for unwritten university policies. If the university isn't on JANET, external bandwidth is expensive. If it is, bandwidth isn't metered as such, but it's in the institutions' interests to not rinse their external traffic too much especially with high upload rates favoured by P2P protocols such as Bittorrent. As such, students using massive amounts of external P2P bandwidth are quickly clamped down upon while they are simultaneously reminded that the existing LAN costs sweet fuck all. What's more, untold masses of viruses come in from kids searching for warez ftp sites or loading up KaZaA.

It doesn't take too long for the computer scientists to put two and two together and test the waters with a DC++ hub either within the university or outside. As long as users do not saturate the university network and hence impinge upon academic use, it's a win-win situation. College kids get the new Tool album for free without getting busted and the university avoids angry letters from the xxAA while seeing its bandwidth bills fall. As long as students don't make it the university's problem, they're happy to ignore it.

It's hard to see how the RIAA can achieve anything by this. After all, they are private networks and no university's computer office is going to give them access to their network if they have any sense. The kids will be forced back to torrents and such. As long as those running hubs are intelligent enough to delete logs and people are prepared to migrate to something like WASTE, the RIAA's efforts are futile.

Re:How do they know

[SeaFox]

Despite the implications of this statement, what it probably really involves is paying off a student or two to sniff out and inform on filesharing activity, either by running RIAA apps or just manual searching.

I think you're giving them too much credit. That sounds like something that would involve too much work for the RIAA. I imagine they just assumed the sharing is going on and are waiting for the univeristies to prove them wrong.

From a college student at an effected University

[ECELonghorn]

Most of the time when I read the modded up comments below the summaries, someone has already said everything worth saying... but for this paticular article it seems like even a lot of the the +5 comments are, well, crap.

I am a student at the University of Texas. One week ago our DC++ hub was shut down. This was unexpected and unprecedented. A few months earlier the school news paper even interviewed people with ITS who basically said they could care less about the hub. After the university received some type of a cease and desist letter, our school's ITS contacted the primary HUB admin, and long story short within less than 24 hours the hub had to shut down forever. Amoung other obscure sidenotes, they even ordered that the facebook group "Direct Connect Users Group" be deleted. My friends at Texas A&M have told me their hub is down right now too, similar story.

Both our colleges had hubs constantly sharing about 20TB of data, 24-7, with net download speeds of 1.5Mbps. Every TV show was on our hub within 4 hrs of airing. Adobe Acrobat 7 and Office 2007 were both readily avaialable before I could, not that I ever would of course, download them from private bittorrent trackers. The files were never corrupted, there was no risk of getting caught, and everything mainstream you could ever want was on the hub.

One huge appeal of the hub also was it's simplicity of use. 5GB share minimum was pretty much the only barrier to entry. I know friends who downloaded from DC++ who never heard of BitTorrents in their life, and for that matter, have asked me for help reinstalling windows. It was so simple and easy to use to the average non-geek that now that it has gone down people ask me what to do and give me blank looks.

So in response to every post about other alternatives to file sharing or otherwise really miss the significance of this, I think it is quite a significant win for RIAA.

Re:When last i heard from the majority of congress

[Jerf]

When interviewed, the majority of congressmen said point blank that person to person "dormroom" sharing of music was fair use and in no way objectionable.

Sounds interesting. Link?

Re:Download while you still can

[Forbman]

Funny, the RIAA has done nothing to mandate that Linux/Samba, Novell, Microsoft, Banyan, etc., or any other OS maker that supports network-reachable file systems, to implement this. Or, push come to shove, mandate that EMC put stuff into Documentum, and require same for any other high-brow document management system (LiveLink, et al).

Oh, and apps like Winamp, WMA, etc. that can access said network-reachable stores of MP3'd CDs.

The IT groups and CompSci/EE/any other group that's computer-literate and has some autonomy over parts of its computing infrastructure will work around whatever draconian policy might be put in place as well, to where the community that has access to their collections of files is relatively limited, compared to all the students, for example (but all the staff isn't any better, either, but the staff, which would probably include faculty members at some point, is definitely a hornets nest the administration just doesn't start kicking at wildly). The student body at most universities might as well just be wearing gimp suits in the eyes of the administration and legislatures.

Who's to say someone doesn't just documentumize the filenames and store the real descriptive info in the .m3u playlist file or some other database (i.e., change the physical filename into some hexified serial number, and map this to the original file name somewhere else)?

The RIAA can't ban legitimate file sharing

[AusIV]

There are quite a few legitimate uses of file sharing. Bit Torrent, for example, was designed to take the load off of web servers, not as a piracy tool. Yes it gets abused, probably more than it gets used legitimately (especially on college campuses), but I find BitTorrent to be great for getting ISOs of Linux distributions without burdening the the creator of the distro. There's no reason that ought to be banned.

But perhaps a more significant file sharing program comes built into Windows. The Windows file share and samba allow people to share data between their own computers. If my university blocked samba shares I would be greatly inconvenienced. My main computer is a laptop that runs windows. It has a small hard drive, so I keep most of my files on my Linux box via a samba share. The Linux box isn't powerful enough to replace my laptop, it's just there to provide storage space. I'm not sharing my files with the world, or even a few other people on campus, so the RIAA has no right to tell me (or my university) that I can't share files between my own computers.

As much as the RIAA pisses me off, I think the pirates are largely to blame. If some people weren't always trying to get copyrighted works without paying for them, the media producers wouldn't have nearly as many excuses to bind users to certain platforms in order to use the media.

Re:Download while you still can

[skiddie]

Many universities (mine did for a while, I don't think they still do) seem to throttle torrent downloads. It's just another way of slowing the download down, but the point isn't to end downloading completely, it's to make it so slow as to be more trouble than it's worth (sure, I'm willing to leave my computer on for a week to dowload all 20-something James Bond movies, but the same amount of time to download the High School Musical soundtrack-- now that's too much!). (sadly, both things I've downloaded recently.)

Re:The RIAA..?

[jfern]

Whether they have a legal right is irrelevant, look at all of the laws that don't apply to the Bush adminstration.

Re:Your legislators say they do.

[ArsenneLupin]

but declaring that said laws don't apply to software makers looking for illegal or unauthorized activity.

Ok. I am a software maker (author of a couple of open source programs). And I occasionally like hacking (sorry, cracking), especially where I can prove that Windows security is lacking... So, if caught, I'll just claim my hacks were just probes to check whether there wasn't any kiddie porn on those company networks that I "tested". After all, as a software maker, it's my RIAA-given right to probe third parties for unauthorized activity!

There's only one way to fix this...

[Stormbringer]

...and I, for one, can't wait to see it happen.

These schools (and, eventually, all others) are going to have to ban all RIAA recordings, in ANY format including CD and tape, from their campuses, with violations subject to immediate seizure and disposal. That includes blocking any radio feeds and frequencies that carry their tunes. That's the only way to end the legal exposure to RIAA racketeering.

There's plenty of good music out there that isn't RIAA-tainted. Blanket-banning the tainted stuff will be a GOOD thing.

Re:admissable in court?

[Anonymous Coward]

I should start off by saying that I am not a lawyer and I live in the UK; but I know what I would do if the RIAA (or our version anyway) ever came after me... (I should also note that I don't actually download any music illegaly or otherwise)

In the UK we have a system for getting legal representaion which is called "no win no fee", and many now have a "no fee" system, where if they lose for you you pay them nothing, and if they win for you they get their fees from the people who lost. The Lord Chancellor oversaw reforms which meant that if a "no win no fee/ no fee" company won then the amount it could claim from the losing side was up to 100% of what it would normally charge (to offset the risk of taking these cases)

Now here's the interesting bit... If they were to come after me, I would hire very expensive lawyers on a no fee basis and get them to write a letter to whoever was trying to sue me saying "you have questionable data, if you lose we will give you a bill in excess of £1 million which you will have to pay us, and our client will want compensation for mental anguish etc... if you win then the costs will bankrupt our client, who is a student with no assests which you can take, and you will have a very big legal bill to pay because your lawyers won't be able to get anything from our client," I would then get lawyers to ask the English RIAA (whever their names are) to settle out of court and pay me for the damage they have already caused me, about £10 k would do it.

That seems fair to me, and even if I lost, I'm a student with no money/ no assests / almost no property in my name AND a student loan (which if I paid it off on several credit cards would be written off too when I declared bankruptcy)... almost sounds like win/win...

Re:Download while you still can

[brainburger]

Asa you say 'legitimately', I guess you know that the IP of everyone in the torrent swarm is esily collected. I suppose you mean the legal side, concerning the difference between uploading and downloading. Don't be confused by the fact that the RIAA has targeted uploaders only in the US hitherto. Aside from the fact that all participants in a torrent swarm are uploading, it is just as infringing (in the US at least) to download as to upload. The only reason the RIAA has targetted uploaders with 'traditional' p2p systems in the past is that they can't easily get the IP addresses of downloaders of a given file on most systems. This does not apply to Bittorrent.