UNC Requiring Any Student Who Wants To Use File Sharing Software To Apply For A 'Hall Pass'

from the say-what-now? dept

Apparently UNC's method of dealing with constant complaints from the entertainment industry about students file-sharing is to throw the baby out with the bathwater. It's blocking network access to any computer which they discover has file sharing software on it. It's unclear from the article just how UNC is detecting file sharing software, though that would seem to raise some serious privacy questions. Also not explained in the article is what qualifies as "file sharing software." After all, an FTP app, email, instant messaging and a browser could all be considered "file sharing" apps. Either way, if UNC discovers you have file sharing software that's on its "evil" list, you get a message that pops up in your browser saying:
“UNC-CHAPEL HILL IS BLOCKING FILE-SHARING THROUGHOUT STUDENT HOUSING.”
Students then are told to remove such offending software or they won't be able to access the internet.

Of course, since there do remain legitimate reasons for using file sharing software, students can apply for a "Hall Pass," that will let them use the software after they "learn what does and does not violate copyright law." One hopes that the lesson plan required is reasonable, though such programs rarely are all that accurate.

I understand why UNC is doing this, but I still find it worrisome. These are technologies that rapidly evolve. What may seem "evil" today may not be in the near future. Blocking your students from using them, except after they jump through a bunch of hoops -- each with a giant warning on them -- chills the willingness of students to actually look at certain new and important innovations that can be built on top of the older things. Requiring people to go ask permission to go use one of the fundamental features of the internet is likely to be quite frustrating for students who have perfectly legitimate reasons to use such networks.

Separately, I will note with a bit of pride that the same article quotes someone from my alma mater saying that Cornell would never implement such a system:
Ms. Mitrano said. Engineering and science-heavy institutions would have a hard time, for instance, because those fields often require a lot of file-sharing. Cornell, she says, wouldn’t do it because it would violate a student code that emphasizes “freedom with responsibility.”
Nice to see them going against this kind of snooping/cutoff setup.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    blaktron (profile), Sep 15th, 2011 @ 11:50am

    Really, Really stupid

    All I can see this does is involve them in the process just enough to make them liable when a student does download something protected by copyright. Like if they just stayed hands off, they'd be fine. I work for a school, we get a million entertainment industry letters a year, we just forward them to the students and wash our hands of it.

    Since we don't claim to do anything to stop infringement, we don't have to bend over backwards trying, and then we aren't on the hook when something that is clearly impossible, fails.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Jake, Sep 15th, 2011 @ 11:56am

    If I was a student there, I'd be looking at mobile broadband plans, because I'm pretty damn sure there's no way of finding out what software is installed on their computers without using spyware.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Clouser, Sep 15th, 2011 @ 11:58am

    cornell

    Glad to hear this:

    2Ms. Mitrano said. Engineering and science-heavy institutions would have a hard time, for instance, because those fields often require a lot of file-sharing. Cornell, she says, wouldn’t do it because it would violate a student code that emphasizes “freedom with responsibility.”

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    blaktron (profile), Sep 15th, 2011 @ 12:02pm

    Re:

    you can tell that its installed on their computer because they plug into a managed switch, that gives you the MAC, and then you see P2P traffic from that IP. Its not hard, the only hard part is proving that you removed it as opposed to just stopped using it.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    :Lobo Santo (profile), Sep 15th, 2011 @ 12:08pm

    Re: Re:

    So... do the students get in trouble for using a VPN or TOR or SSH tunneling or any of the myriad other techniques for subverting such monitoring??

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    PaulT (profile), Sep 15th, 2011 @ 12:15pm

    So... an incentive for an enterprising student to create an app that masks P2P software/traffic from whatever snooping they use? Or, hundreds of students having their education impeded by their own university?

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    TheStupidOne, Sep 15th, 2011 @ 12:22pm

    Introductions

    UNC meet waste http://waste.sourceforge.net/ and btguard.com
    fellas, meet UNC ... play nicely now you hear

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    blaktron (profile), Sep 15th, 2011 @ 12:26pm

    Re: Re: Re:

    No one gets in trouble at my campus. If our security team notices someone downloading something copyrighted on bit torrent, unencrypted, they will kill the connection, but thats for Bandwidth reasons, not anything else

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 12:30pm

    Re:

    Hmmm...packet analysis(aka deep packet inspection) can confirm show what program is sending what with 99.9% certainty if not encrypted, Bittorrent for example has an unique handshake when it is connecting to others peers, one can see the fingerprint of that even in encrypted channels, people may not be able to see what it is but they know it is a bittorrent client because there is no other signatures that make that exact same pattern of requests.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    mikey4001 (profile), Sep 15th, 2011 @ 12:33pm

    HEOA

    To be fair to the school, The Higher Education Opportunity Act of 2008 (I think that's the one) contains provisions that require campuses to police their networks for piracy or risk losing funding (read: federal scholarship money). The language of the law is a bit vague, so schools are free to go about it in whatever way they deem appropriate enough to be considered a good faith effort. A lot of schools don't really do much it seems, but UNC may just be trying to comply with a bad law, especially if they have been in hot water with the internet cops before.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Richard (profile), Sep 15th, 2011 @ 12:44pm

    Re: cornell

    Academic staf could make this null by setting a coursework that requires the use of such s/w.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    theangryintern (profile), Sep 15th, 2011 @ 12:45pm

    Going to be funny the next time Blizzard releases a big patch for WoW. Gonna have a bunch of students suddenly blocked from their network because Blizz used Bittorrent to distribute the patches.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Rich Kulawiec, Sep 15th, 2011 @ 12:48pm

    How ironic...

    ...given UNC's seminal role in starting Usenet, still the world's most successful experiment in mass online communication. Usenet is built around the concept that a message (usually encapsulated in a single file) is shared across many news servers via a flood-propagation algorithm. (Thus, were propagation delays all zero, every news server would hold the same content as every one. Of course propagation delays aren't all zero -- not even close -- and further, individual site choices in news server configuration result in additional content differences. But as a first-order approximation, it can be thought of as a replication engine.)

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 1:11pm

    Re: Re:

    All they'll see is me connecting to a socks proxy.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 1:16pm

    Re: Introductions

    http://wasteagain.sourceforge.net/

    Is that another fork of the defunct waste?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 1:32pm

    Re: Introductions

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 1:48pm

    Re: Re: Re:

    If it is just encrypted they still get the fingerprints because those are based on timing of the packets not what is inside them, so unless you also mask the traffic and timings of packets they will see what you are using and it is incredible accurate, that is why every anonymous network today deploys countermeasures for that, even the US Army do the same thing.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    TheStupidOne, Sep 15th, 2011 @ 1:58pm

    Re: Re: Introductions

    Is waste defunct? I just remember using it on my college campus after IT shut down our dc++ server and we wanted something they couldn't find. It worked great until I graduated.

    I haven't ever heard of btguard before I typed this post, but they are a bittorrent proxy that also encrypts your traffic for you so that you can't be throttled or caught (costs money though)

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    aikiwolfie (profile), Sep 15th, 2011 @ 2:24pm

    Have the TechDirt staff been taking stupid pills lately? I don't think anybody calls e-mail "file sharing software". I think we know what sort of applications this university are talking about. Torrent clients and the like.

    It's also not a bad thing to get people to learn about copyright, what is or isn't infringement. Isn't that part of what you guys try to do here. Make people aware?

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    fikuserectus (profile), Sep 15th, 2011 @ 2:45pm

    Re: NO! It is called management software

    I work for a major university. Sorry, but it isn't called spyware, but management software (Microsoft makes such a product). One of the features of this management software is to easily report what is installed on a persons computer. This type software and use has been used for more than a decade.

    Why does a company or university use it? To make sure nothing is installed on the computer that will compromise the very network your computer is using. That isn't the only use, but one of the many uses of this type of software. Why does a university or company want to limit the use of file sharing programs? It can be an attack vector and many consider it a security issue running on a network. Students seems to forget that the network they share with the rest of the community is used for many important things beside downloading software. It is important to make sure the network bandwidth isn't clogged with hundreds of PC's downloading movies or TV shows.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Digitari, Sep 15th, 2011 @ 2:55pm

    RE: learning?

    this is an institute of "higher" Learning, what does this teach exactly?

    don't trust the "feds"

    or

    "Do as you are told"......

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    ASTROBOI, Sep 15th, 2011 @ 2:59pm

    Solution?

    So four guys rent an off-campus apartment or house and split the cost of their own connection. From some of the numbers I've seen, it's cheaper to stay in a Holliday Inn than the school dorm. The school policy is probably good training for post graduate employment since most employers would be every bit as unpleasant about internet use as the school seems to be.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Rich Kulawiec, Sep 15th, 2011 @ 3:25pm

    Re: Re: NO! It is called management software

    "Why does a company or university use it? To make sure nothing is installed on the computer that will compromise the very network your computer is using."

    That's a particularly ironic statement, given the preceding:
    "Microsoft makes such a product".

    Even if we generously -- VERY generously -- overlook the fact that Microsoft Windows CANNOT be secured in production environments even by its maker -- then I am certain that the users of such software are making fundamental errors. For example: do they permit IE? That's most certainly a highly dangerous piece of software that has a long and sordid history involving network compromise. How about Outlook, another exceedingly-dangerous, extremely-buggy program that nobody should ever use? And what about Acrobat, which is another hideously awful piece of software?

    My point being: the incompetent fools using this kind of "management software" haven't got the slightest idea what is and isn't a threat to their network environment. They lack fundamental clues about the basics of contemporary security practice. (Heck, they probably still use anti-virus software and expect it to work.) So let's not pretend that this has anything to do with sound network operations practice...because sound network operations practice in the kind of environments we're discussing here would presume that all end-user-controlled systems are already compromised and defend accordingly.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Arthur Moore (profile), Sep 15th, 2011 @ 3:44pm

    University of Alabama in Huntsville

    Here at UAH the university uses the Cisco Clean Access Software. Every windows computer must have it installed.

    This software scans the computer for AV products to determine if they should be allowed on the internet. Sadly, the only AV software it consistently recognizes is McAfee. So not only does it fail at its intended purpose, but removes whatever protection you might have had.

    Whats worse is that allows the university full access to our computers, even though no one there is smart enough to use it for such a task.

    Now, back to the topic at hand.

    Back when Kazaa and LimeWire where big they would ban your computer from the network if they detected you using them. The only way to get back on was to turn your computer over to them so they could rifle through your hard drive and delete the software.

    It is draconian, but I guess they have no choice when they spent all this money on monitoring equipment and not on bandwidth. The fastest download speed I ever saw for a student, either via wireless or from the dorms, was around 256KB.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    el_segfaulto (profile), Sep 15th, 2011 @ 4:07pm

    Re: Re: NO! It is called management software

    Disclosure: I am an IT professional and use various types of management software. If I were a student at UNC I would be appalled. Management software is used primarily to keep corporate workstations and laptops in line with licensing and to have a trail if/when an audit occurs. Forcing students to put it on their personal machines in order to access the network is quite disturbing.

    YOU may not call it spyware, but isn't it mimicking the behavior of actual spyware just a bit? How is it any different if a student clicks through a bogus "anti-virus" EULA than if they do the same thing to install this "legitimate" software because they're told they need it in order to access the world? Internet access (especially in college) is no longer a luxury and the administrators for this campus have crossed the line with this.

    Whether you want to admit it or not, management software can also be a vector for remote intrusion. With the right password and/or private key it essentially throws open a user's entire system to the bad guys.

    I will admit that file sharing can lead to virus and malware infestation. However, so do Flash banner ads and insufficiently secured ad networks. The last two virus outbreaks we had here were caused simply by navigating to msn.com.

    Finally...bandwidth. If a major university cannot afford the equipment and training for traffic shaping during peak hours of use, they have no business offering the service. Without question the best internet service I've had has been at the major universities that I've attended. Most have the infrastructure to handle every student streaming / torrenting at the same time (at least in my experience).

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Travis, Sep 15th, 2011 @ 4:44pm

    Re: Re: Re: NO! It is called management software

    You forgot to add that most management software gives the admin read/write access to every file on the computer.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Travis, Sep 15th, 2011 @ 4:53pm

    Re:

    Apparently you don't know how to attach files to an email. Almost all (very few exceptions in the last several years) software that enables communication between users can (and for some purposes is) considered file sharing software.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Travis, Sep 15th, 2011 @ 4:56pm

    Re: Solution?

    I'll disagree with the training part. The post is referring to personal computers in the dorm rooms. Would you let your employer tell you what sort of software to use on your computer while not at work?

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 4:58pm

    Re:

    Okay, you tell us what is and isn't infringement. I'm guessing that you can't, since it generally takes a court to do so.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 5:00pm

    Re: University of Alabama in Huntsville

    Err... 256KB is 2Mbps, so standard low-end cable. Not too shabby, really. You want faster, get an apartment and pay for it.

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Arthur Moore (profile), Sep 15th, 2011 @ 5:46pm

    Re: University of Alabama in Huntsville

    The university requires management software on all student computers that run Windows. If you don't have it running you can not connect to the network.

    As far as training goes, I was talking about how incompetent our IT department is.

    I meant 256Kbps. My bad.

    It's so bad that Knology makes good money selling cable internet to people who live in the dorms.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    blaktron (profile), Sep 15th, 2011 @ 5:49pm

    Re: Re: Re: Introductions

    Or just use a private, encrypted tracker, but if you have an admin actually looking at traffic on a modern dpi firewall, just because they cant see what it is exactly, they can see 40 odd constant encrypted IP streams going to a single IP. My mom could then tell what that was...

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    abc gum, Sep 15th, 2011 @ 5:55pm

    "Also not explained in the article is what qualifies as "file sharing software." After all, an FTP app, email, instant messaging and a browser could all be considered "file sharing" apps."

    Applications share files, that's how computers work.
    I suppose some people who would like to define "file sharing" as something other than sharing files, but that is rather silly.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    blaktron (profile), Sep 15th, 2011 @ 6:08pm

    Re: Re: University of Alabama in Huntsville

    This is draconian and evil. I'm a senior admin at a university and we provide free WiFi for our students across campus to connect with whatever device they want. We don't require anything but their central login ID to connect. I guess that's why were highly rated, because we're actually in the business of preparing our students for the future.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 6:14pm

    Re: Re: University of Alabama in Huntsville

    Actually.... 256kbps is 0.25mbps... But thanks for playing!

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    blaktron (profile), Sep 15th, 2011 @ 6:26pm

    Re: Re: Re: University of Alabama in Huntsville

    But 256 KB/s which he actually said is 2mbit/s, so take your ball and go home ;)

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    blaktron (profile), Sep 15th, 2011 @ 6:46pm

    Re: Re: Re: NO! It is called management software

    If you don't think Windows can be secured then you aren't very smart.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Sep 15th, 2011 @ 11:35pm

    Re: Re: Re: Introductions


    I haven't ever heard of btguard before I typed this post, but they are a bittorrent proxy that also encrypts your traffic for you so that you can't be
    throttled or caught (costs money though)




    BTguard is not very reliable and is expensive.

    Rather try superchargemytorrent.com and vpntunnel.se.

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    PaulT (profile), Sep 16th, 2011 @ 12:47am

    Re:

    You're missing what's actually being said. The point is that the term "file sharing software" is left undefined in the rules. Since it's undefined, the term could be applied to anything that is capable of sharing files. This includes email.

    This is often one of the ongoing problems. Define something too narrowly (e.g. just specify torrents) and it's easy to bypass (e.g. people just switch to binary usenet or encrypted P2P, which aren't covered by the rules). Specify too vaguely - as has happened here - and a lot of otherwise legitimate avenues can be blocked.

    "It's also not a bad thing to get people to learn about copyright, what is or isn't infringement."

    File sharing is not infringement. Forcing people to apply for a licence to use legitimate software for legitimate uses is not "education". In fact, if any education takes place when getting the "hall pass", I'd bet it would be the same misleading, inaccurate and easily disprove misinformation the **AAs trot out on a regular basis, not the truth.

     

    reply to this | link to this | view in thread ]

  40.  
    icon
    Richard (profile), Sep 16th, 2011 @ 3:50am

    Re: Re: Re: Re: NO! It is called management software

    If you think any operating system can be absolutely secured then you really don't have a clue.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous Coward, Sep 16th, 2011 @ 4:26am

    Re: Re:


    you can tell that its installed on their computer because they plug into a managed switch, that gives you the MAC, and then you see P2P traffic from that
    IP. Its not hard, the only hard part is proving that you removed it as opposed to just stopped using it.





    Even more, it's possible to run file sharing software on a computer without leaving a fingerprint in the operating system.

    Under Windows you could run a portable instance of utorrent from a thumb drive having all outbound trafick going through a SSH tunnel.

    Even if the institution has a policy of blocking all but web trafic, file sharing will always be possible as long as you can tunnel over port 80 or port 443.

     

    reply to this | link to this | view in thread ]

  42.  
    icon
    blaktron (profile), Sep 16th, 2011 @ 5:36am

    Re: Re: Re: Re: Re: NO! It is called management software

    Define absolute security, if you mean 'cant be hacked without user intervention' which is usually the litmus test for security, then windows without an active browser is pretty damn secure. If you think otherwise then bring me evidence of windows being hacked without deliberate security holes being introduced.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Transbot9, Sep 16th, 2011 @ 6:15am

    A hall pass for WoW?

    'Cause Blizzard updates it's games via torrents, this is gonna cut into World of Warcraft...

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    Anonymous Coward, Sep 16th, 2011 @ 9:28am

    It will only push them further underground.

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    callmebob, Sep 16th, 2011 @ 12:29pm

    "Cornell, she says, wouldn’t do it because it would violate a student code that emphasizes “freedom with responsibility.”

    Call me crazy, but isnt Cornell completely wrong on this? Instead of blocking the software, they allow students to run it after they agreed to use it appropriately. Last I checked, that means they have freedom (to run the software) and were responsible for it being run properly.

    If they were like a lot of other institutions, students wouldnt be allowed to run it at all.

    Is it wrong to make someone get a license to drive? Is it wrong to require a student to know the consequences of their file sharing before they can share?

    Cornell is the one looking foolish on this one.

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Anonymous Coward, Sep 16th, 2011 @ 10:37pm

    Re:

    Please turn off your computer immediately. You have not gone through your mandatory "Computer Usage" seminar, received your computer license, or learned the consequences of your computer use before you used one.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Invisible_Jester89, Jan 2nd, 2012 @ 10:15pm

    Yeah yeah yeah. This is awful and all, but it's called "swapping a CD-R with your friend in the frat house next door to yours". Keep circulating the tapes, everybody.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This