RIAA turns up heat on file-trading at work

The latest salvo against companies came last week, when the Recording Industry Association of America (RIAA) sent letters to about 300 companies providing evidence of specific instances of their internal networks being used to swap copyrighted songs, and warning of potential legal liability. The RIAA for months has been pressing companies to crack down on the use of file-swapping networks.

Corporations have been responding to this growing pressure in various ways, nearly all of which are giving companies increasing potential visibility into their employees' communications. Many have outlawed the use of file-trading programs, but in companies with sprawling internal networks, and hundreds or thousands of PCs connected to the Net, using high-tech tools to enforce these policies can still be a difficult task.

"Part of the problem is you have a trusted (network) session that's in theory being opened by a trusted user," said Jerry Periolat, president of Apreo, a company that sells network management and monitoring tools. "If you initiate this kind of connection from the desktop, it can be very hard to catch, because it's not coming in a way that a traditional firewall is going to stop."

The high-tech battle over peer-to-peer network usage has been going on for several years now, at least since network administrators at universities first started noticing that Napster use was suddenly taking up a huge proportion of schools' network bandwidth. The recent push from the RIAA and movie studios, with increasingly less veiled threats of lawsuits and liability, has added urgency to the effort, however.

With early generations of file-swapping software, it was a relatively simple task for network administrators to simply block the network "ports," or designated paths, that the software would use to communicate with the outside world. Many software programs use specific ports to communicate with each other, and so this proved effective.

That capability has been lost with recent generations of file-swapping programs, however. Programs including Kazaa can switch which port they use, essentially trying all the network doors available until they find one that is open. Some also use the same path used by ordinary Web traffic--blocking this would block all of an employee's ability to visit outside Web sites, an unacceptable outcome for many companies.

In response, a generation of tools has emerged that looks closely at network traffic to see exactly what kind of information is included in the data stream, or scans employees' computers to see what kinds of software they have running.

Among the most popular network tools today are monitoring systems that can look inside a data stream and figure out what kind of protocol is being used to transfer the information. This tactic would not necessarily give monitors information about the data itself, but only its wrapper--a little like noting that a car is a Toyota gives little indication about who is actually driving it.

That protocol information can be used to block or prioritize traffic, however. Rick Koenig, a network engineer at Concordia University in Austin, says he's started using tools from Cisco to identify and de-emphasize file-swapping traffic on his school's networks.

"You can block it, or you can create policies to block it, or you can totally limit the amount of bandwidth that is available," Koenig said. "That's how we're doing it."

Another company, called Packeteer, has found considerable success helping companies monitor their traffic flow for file-swapping and other suspect applications. That company turned profitable in 2002 based in large part on sales of its net monitoring tools.

Aveo's software works differently, scanning computers connected to a company's internal network, looking for specified applications such as Kazaa, iMesh, BearShare or others that a company has decided to ban, block, or otherwise regulate. The software runs on a company's central server, but also contains a small desktop component that would live on each employee's desktop, and the two pieces work together to notify corporate administrators when banned software is running.

As pressure from the copyright holders mounts, these and other similar tools are likely to become the focus of even more attention from IT managers eager to eliminate security and legal risks.

"We?encourage you to adopt and fully implement employee policies and technical measures that prevent copyright infringement on your corporate network, as we will continue to monitor for infringing conduct and take any appropriate legal action necessary to protect our rights," the RIAA wrote last week in its letter to corporations whose employees were found to be using file-swapping software. "The consequences for not taking action?can be quite serious."