(MUPIM 19.4/OAC 3339-21-04)
Background and Purpose of Policy (MUPIM 19.4.A)
Peer-to-Peer (P2P) file sharing applications allow users to download and share electronic files of all types and to use any computer as a server for file sharing requests. Currently, some of the more common files shared in this fashion are audio files (e.g., mp3, wav, midi), video files (e.g., QuickTime, jpeg, mpeg, avi), and picture files (e.g., gif, jpeg). When computers are set up in a peer-to-peer model, the computers become connected as peers, and files on each system are subject to access by the other systems. When a University computer is set up for peer-to-peer operations with an outside computer, the University computer is sharing its files, and in some cases its entire hard drive. In most cases, the same computer has also agreed to accept files from an outside computer. Conversely, the outside system could copy individual files from the University computer’s shared drive, to the outside server, resulting in the potential for inadvertent disclosure of sensitive information.
Because there are legitimate academic, research, and personal uses of P2P file sharing applications, Miami University does not ban them from its network. However, Miami recognizes that P2P activity is commonly used for copying music and video files for personal enjoyment which may violate copyright law and that content which does not infringe copyright is typically available through other methods, such as websites and FTP sites. Accordingly, Miami actively blocks all P2P traffic from crossing its network perimeter. If a user has a legitimate need to use P2P software, authorization will need to be obtained from Miami University’s Information Security Officer. Before requesting authorization to participate in any P2P file sharing activity, users of University computing and electronic communication resources should consider the following:
- Network Bandwidth Most P2P applications are configured so other users can access your hard drive and share your files all the time. This constant file transfer can degrade your computer’s performance and generate heavy traffic loads on the university network. The university’s network bandwidth consumption is monitored. If your usage impacts the overall performance of the network, your computer may be blocked. If you use a P2P application to share content legally, you should know how to control or disable the application.
- Privacy If you are running a P2P application, you may be inadvertently sharing personal information, such as e-mail messages or credit card information. You need to make sure you know which files and data the application is sharing. You should know how to control or disable your P2P application to ensure that you are not inadvertently sharing personal information.
- Security Viruses are easily spread using P2P applications. Many P2P applications include “malware” in the download, so you may be unintentionally infecting your computer. To protect your computer, keep your anti-virus program up-to-date and only install programs acquired from reputable sources.
- Resource Use Some P2P applications use your computer as a computational or storage resource for another organization’s use. This may not be an acceptable use of state-owned resources such as the university network or university-owned computers. Do not permit any such use of your system without the consent of Miami University’s Information Security Officer.
Prohibition (MUPIM 19.4.B)
The use of a P2P application which (1) constitutes a violation of any federal, state or local law, (2) a violation of University policies (including the Responsible Use Policy and the Code of Student Conduct), or (3) interferes with Miami University’s network integrity or security is prohibited.
Enforcement (MUPIM 19.4.C)
As an Internet Service Provider, Miami University follows appropriate enforcement procedures required by the Digital Millennium Copyright Act.
Upon discovery of an apparent violation of this policy by a student, the Information Security Officer will notify the Dean of Students. The Dean of Students shall notify the user and require that the user immediately cease the prohibited activity and delete files that this policy. In addition to stopping potential legal violations, the Dean of Students goal is to educate the student about appropriate P2P use and personal and social responsibility as a P2P user within the learning community. In the event that a user fails to comply with the Dean of Students’ directive or if the same user violates this policy one or more additional times in the same academic year, then the Dean of Students may initiate appropriate disciplinary action against the student.
Upon discovery of an apparent violation of this policy by an employee, then the Information Security Officer will notify user to immediately cease the prohibited activity and delete files that violate this policy. In the event that a user fails to comply with the Information Security Officer’s notice or violates this policy one or more additional times, the Information Security Officer will refer the matter to the Department of Human Resources or Academic Personnel Services for appropriate action.
In addition, if a user violates the copyright laws through unauthorized P2P activities, the user may be found liable for civil or criminal copyright infringement. Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys’ fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
Review (MUPIM 19.4.D)
The Dean of Students and the Information Security Officer shall periodically (1) review the effectiveness of this policy; and (2) review the legal alternatives for downloading or otherwise acquiring copyrighted material and make the results of the review available to its students through a website or other means.