Campus file-sharing down

KRT Campus

Northern Kentucky University’s Office of Information and Technology reported that complaints from the Recording Industry of America Association have decreased after an accusatory letter was mistakenly sent to a large number of students.

Speaking about the RIAA complaints against the university, Jason Allen, planning and development manager for IT, said “Of the 13, nine of them came before Dec. 1. Since then, the few that we have received doesn’t seem to be focused on any one particular user, so it looks like we are starting to see a big decrease.”

Director of University Housing Matt Brown agreed. “I was told the use of file-sharing programs on the network declined significantly after we sent out letters and there was an article in the paper about it,” he said.

Gary Pratt, associate provost for Information Technology said the “cease and desist” letter sent Nov. 10 from University Housing and IT, which was meant for identified file sharers, had a strong effect on stopping illegal file-sharing.

When Pratt was asked why the letters were sent to all students, he said, “We had asked for (the letters) to go to specific locations. We didn’t have the intent that they go everywhere; we had the intent that they go specifically to IP addresses caught.”

Allen said IT planned to send another “general kind of announcement” about ethics and downloading to students, but the warning letters were issued instead.

Pratt said that even though the letters may not have been sent to the intended users, they did bring about the intended result. “It caught us by surprise as well, but the numbers have gone down, so people are paying attention. So how it got out there is less important to me than the fact that people are listening and actually paying attention.”

Besides the letters, Pratt said IT is performing sweeps of the network to log any file-sharing activity. He said IT has “basically kind of backed off” all those who were mistakenly sent letters requiring them to give their media access control address. “We are doing scans and it showed that the actual use of the software had gone down,” Pratt said. “We did get a loud scream from students who said privacy this and privacy that…I didn’t want to become to big brotherish if we could keep from doing that.”

Pratt said the scans look for peer-to-peer software and log the IP address where it is coming from. “No matter how legal people say their use is, 80, 90 percent of the use is for these types of purposes,” Pratt said. “But people are taking it seriously and our scans are showing that, so we don’t want to be heavy handed if we don’t need to.”

Pratt said the data that the scans collect will not be released to the RIAA unless subpoenaed by a court.

“It’s all pretty much reactionary,” Allen said. “We are collecting this data (and) we’re coming up with some basic statistics, but when it comes to actually pursuing anything further, it’s only really in reaction to the RIAA coming forth and saying, ‘here is another example go find them and do something about this.'”

Pratt believes it is very unlikely that these issues would end up in court. “(The RIAA) word their letter(s) so generically that they could hold you liable, they could me liable, they could hold the entire university liable, but we’re warning you stop it,” Pratt said. “So my guess is that they probably send out hundreds and hundreds of these things, thousands probably, and the ones they pick out are the ones who are really abusing the service.”

Pratt said IT is not searching out students who use file-sharing software until after the RIAA registers a complaint against them. “I am not going to be proactive on any of that because the use of the software is not illegal,” Pratt said. “What I do though, is if I get an RIAA complaint in that doesn’t have an IP address tied to, but says date and time, I can look at my scan and say ‘Yes we can show that took place and we know where that took place.’ We are doing that to provide us that missing link from the RIAA that doesn’t have the IP address or MAC address on it.”

Besides the scans, IT is also planning a “doghouse” program to be put in where, at the beginning of each semester, students register their IP and MAC addresses. “In the future, you will instantly be able to tell who (each) computer is registered too.”

Pratt said the “doghouse” would also help protect the user as well as the university. He said the program would be relevant to every student who lives on campus and registers a computer. When they log on, all they would have access to is a form that makes them go through and verify they have virus software, explains the system and log the student’s MAC address. Once this is completed, the student has complete access to the campus network.

Allen said the reason the warning letters asked students for their MAC address was to help them build proof to show that the student and the university had taken steps to stop downloading after the complaint. “We were going to have a document trail. The RIAA gives us (students’) IP addresses, we connected it to this MAC address and then confirmed it with the user,” he said.

“We’ve found the IP and the MAC, and we’ve watched them clean it up and made sure everything was legitimate afterwards, and we all signed it and everything’s good. In that way, if they (the RIAA) ever come back and say, ‘What did you do,’ we can pull the paper trail out and say, ‘We’ve followed a procedure, you’re there witness to it.’ We confirmed the equipment they are using matched what RIAA sent us and hopefully (it) will help benefit the student . . . and benefit us, as well, for liability, to show we are taking this seriously.”

Pratt also said IT hopes to install new hardware in the dorms to improve Internet speed for students and allow IT to narrow down IP addresses to actual ports, and not hubs of 16 possible computers.

As far as the students who have RIAA complaints, IT has not taken any action against them since the mass mailing of warning letters. They plan to continue this practice unless the RIAA complaints increase.

“I have not received any feedback from the Office of Information and Technology about who they have identified as being involved,” Brown said. “The arrangement we had with Information Technology was that they really are the ones who monitor the network and network and activity. If they identify a student who they believe is involved, then our office will adjudicate that student. I would say the range of possible consequences really revolved around their network access and them being denied access to the network.”

Dean of Students Kent Kelso said that if the complaints continue there will be actions taken by the Dean of Students’ Office. “At this point everyone should be well aware they should not be doing this any longer, so… there will be consequences.”

Pratt said he contacted the RIAA and told them about the measures the university is taking to eliminate the problem. He said they never responded. “My guess is that we are probably a very small fish in a very big pond,” he said.