Enterprise Architecture

Security Information

Marketing Information

The TrendSpot



 



The News – 07/19/01

 

P2P Use May Be Even More Illegal Than You Thought

It’s fairly well recognized in the post-Napster world that using peer-to-peer technology can get you in trouble. Legal woes for Napster and its users, however, centered more around the copyright infringement issue, and not on the technology. Well, David McOwen, a now-former employee of DeKalb Tech, part of the Georgia state university system, may soon be arrested and face a maximum penalty of 15 years in prison – for installing a screensaver from Distributed.net on some of the computers at DeKalb.

 

So what could possibly be worthy of hard time in this case? Well, at first you might think of the stolen CPU cycles. Distributed.net farms out large computing projects to many participating computers, who work on them when they’re doing nothing else. Although idle Georgia state resources were used, it’s hard to see the foul there. The computers weren’t doing anything anyway.

 

It turns out the state wants to nick McOwen for using bandwidth, a very expensive amount of bandwidth. It claims that the Distributed.net client cost the state $415,951.49 in bandwidth charges, which it calculates at 59 cents per second or $1,529,280 per month. I want to be that college’s broadband provider! Especially considering you can get a full T-1 for under $900 a month in DeKalb county. So at that price, the state is claiming McOwen stole roughly 61 terabit-seconds of bandwidth, most of it in December when few students were in school. Clearly, the damages must be based on something other than bandwidth.

 

Leaving aside the preposterousness of the monetary charges, it’s clear that McOwen did make non-business use of state resources, along with probably hundreds if not thousands of other state employees. I can’t decide if Georgia is just that clueless, or if it merely wants to set an example by crushing this poor defenseless system administrator. Taking a look at the math, though, makes me lean toward cluelessness.

 

If you’re concerned about this travesty of justice, you might want to give David a hand. You can contact his attorney, David Joyner, of law firm Kenney and Solomon in Duluth Georgia, at cdjoyner66@aol.com or 770-564-1600.

 

Regardless of how you feel about McOwen’s plight, this story underscores a key issue that businesses will have to deal with regarding P2P computing. While it may be ludicrous to think that McOwen’s use of public property caused $415,000 in damages, it is entirely possible that employee use of P2P technology could damage a business.

 

Most applications in the hive computing or distributed computing class, like Distributed.net and the more famous SETI@Home, are fairly benign. They accept small chunks of data from a server on the Internet, and run as screen savers to process the data. The result is sent back to the server, and it generally is also not a large amount of data. It’s possible that employees will leave their computers on more when running one of these applications, and it’s even possible that they will get paid for using business resources. But outside of a little electricity and wear and tear on equipment, along with a little bit of extra bandwidth usage, there’s not usually a lot of direct damage to the enterprise.

 

File sharing P2P applications, however, are a different matter. Although there is a security risk in running even hive computing applications within the enterprise, the risk is magnified when employees run consumer-grade file sharing applications. Although Napster may be becoming a non-factor, there are many other services like Morpheus or KazAa springing up to facilitate music file sharing. Then there are other services such as Gnutella and Wrapster that let users share any kind of file, even sensitive company information. For more information on P2P applications, see the white paper, The Buzz About Hive Computing: Putting Peer-to-Peer Computing to Work, or the P2P for Business Directory.

 

Many enterprises solve these problems by identifying the ports and protocols the offending services use, and then blocking them. The problem is in keeping up with the myriad services, and knowing where to stop. For example, your employees may be using Instant Messaging (IM) clients such as AOL Instant Messenger, or similar programs from Yahoo and Microsoft. They may even be using these IM services to communicate with customers and suppliers. Plus, these clients can also allow users to share files.

 

Clearly the P2P phenomenon can mean a loss of control, at the enterprise level, over what happens on your network. Although there are many P2P companies such as Groove Networks, Mercury Prime, and 1stWorks developing secure IM and other secure collaboration technologies, adopting these solutions doesn’t address the problem of what to do with rogue Internet applications on your network.

 

At the very least, businesses should formulate acceptable Internet use policies and require employees to sign and abide by them. But make sure these policies have a heart. If you ban all personal use of the Internet, you’ll make scofflaws out of every employee who wants to check the weekend weather or occasionally visit a recreational site.

There’s no denying that non-work use of computers is a problem. According to the 2001 Web@Work study sponsored by Internet filtering vendor Websense:

 

  • 20 percent of work computers have Napster on them.
  • 45 percent of people send more personal email from work than from home.
  • 63 percent of employers reported that their employees access non-work-related Internet sites at work, and 27 percent have experienced an increase in inappropriate employee Internet use this year.
  • 34 percent of companies have reprimanded or disciplined employees for inappropriate Internet use this year.
  • Of companies that have reprimanded or disciplined employees, more than one out of every three terminated those employees for inappropriate Internet use.
  • 3.3 percent of companies overall have been involved in litigation from inappropriate Internet use.

 

Going hand-in-hand with usage policies is a comprehensive network security policy and an educational effort to ensure your employees understand the threat and the importance of adherence.

 

The P2P genie is out of the bottle. You may be able to stop employees from downloading Napster files, but chances are good there’s another bandwidth-sucking, security-administrator-bedeviling application around the corner. Good policies and good education will be more effective in securing and protecting your resources than prosecuting unwitting miscreants like David McOwen.

 

OpenP2P

  

Briefly Noted

  • Shameless Self-Promotion Department: We’ve recently re-ranked the trends in the TrendSpot, adding a new trend: the Post-PC World.
    The TrendSpot

  • Prepare to Get Toasted: Alert SNS Reader Larry Kuhn, recently employed by our favorite software monopoly, sends along this new bit of jargon about Windows XP. Seems that when you get an email on Microsoft’s next OS, a little window gradually pops up, much like a piece of toast. Within the software giant, people refer to this as Toast, as in “You’ve got Toast!” (Wait, that’s another soon-to-be-monopoly I’m thinking of.)
  • Speaking of How Not to Run An Online Grocery: I swear I didn’t see the Keenan Vision analyst report, Grow Big Fast Fails for Webvan and Amazon, before writing the previous SNS. How could I? It was released July 18th, two days after my article. Hmmm. Coincidence? Anyway, here’s a quote from the report, which Keenan claims was inspired by the Webvan closing. (Alert SNS Readers may suspect otherwise . . .) “Webvan was fatally infected with a metaphorical disease that Keenan Vision calls the Grow Big Fast Syndrome. Also known as First Mover Advantage, GBF syndrome is a deadly disease that has killed off dozens of dot-com startups. GBF is a powerful affliction--it destroys ideas no matter whether they are smart or dumb.” When I was a dotcommie it seemed all we could talk about was the First Mover Advantage. How the mighty have fallen.
    Keenan Vision


  • Nokia and Motorola in Turkish bath? Turkey's Uzan family controls Telsim, the country's second largest mobile operator. The company has failed to meet about $1 billion in debt repayments due to Motorola and Nokia and now the companies have hired a US private investigation firm to look into the assets and wealth of the family. In a common practice in high tech these days, the handset makers had provided Telsim with vendor financing secured by Telsim shares. Telsim, however, has apparently issued more shares, diluting the companies' interest (Motorola's interest was diluted from 66 percent to 22 percent!). Just as Cisco got tripped by vendor financing when the dotcom bubble burst, so now have Motorola and Nokia learned an expensive lesson about driving volume through deferred payments.
    eWireless News (requires registration)
  • Get an update on the stories in this issue. Visit the Wayback Machine.

 

Can’t Get Enough of ME?

In the unlikely event that you want more of my opinions, I’ve started a Weblog. It’s the fashionable thing for pundits to do, and I’m doing it too. A Weblog is a datestamped collection of somewhat random thoughts and ideas assembled on a Web page. If you’d like to subject the world to your thoughts, as I do, you can create your own Weblog. You need to have a Web site that allows you FTP access, and the free software from www.blogger.com. This allows you to right click on a Web page and append your pithy thoughts to your Weblog.

 

I’ve dubbed my Weblog entries “Stratlets”, and they are available at www.stratvantage.com/stratlets/. Let me know what you think. Also check out the TrendSpot for ranking of the latest emerging trends.

 

 

 

Return to Mike’s Take 

Copyright © 2002, StratVantage Consulting, LLC. All rights reserved.

Please send all comments to .