UNC Requiring Any Student Who Wants To Use File Sharing Software To Apply For A 'Hall Pass'

from the say-what-now? dept

Apparently UNC’s method of dealing with constant complaints from the entertainment industry about students file-sharing is to throw the baby out with the bathwater. It’s blocking network access to any computer which they discover has file sharing software on it. It’s unclear from the article just how UNC is detecting file sharing software, though that would seem to raise some serious privacy questions. Also not explained in the article is what qualifies as “file sharing software.” After all, an FTP app, email, instant messaging and a browser could all be considered “file sharing” apps. Either way, if UNC discovers you have file sharing software that’s on its “evil” list, you get a message that pops up in your browser saying:


Students then are told to remove such offending software or they won’t be able to access the internet.

Of course, since there do remain legitimate reasons for using file sharing software, students can apply for a “Hall Pass,” that will let them use the software after they “learn what does and does not violate copyright law.” One hopes that the lesson plan required is reasonable, though such programs rarely are all that accurate.

I understand why UNC is doing this, but I still find it worrisome. These are technologies that rapidly evolve. What may seem “evil” today may not be in the near future. Blocking your students from using them, except after they jump through a bunch of hoops — each with a giant warning on them — chills the willingness of students to actually look at certain new and important innovations that can be built on top of the older things. Requiring people to go ask permission to go use one of the fundamental features of the internet is likely to be quite frustrating for students who have perfectly legitimate reasons to use such networks.

Separately, I will note with a bit of pride that the same article quotes someone from my alma mater saying that Cornell would never implement such a system:

Ms. Mitrano said. Engineering and science-heavy institutions would have a hard time, for instance, because those fields often require a lot of file-sharing. Cornell, she says, wouldn?t do it because it would violate a student code that emphasizes ?freedom with responsibility.?

Nice to see them going against this kind of snooping/cutoff setup.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “UNC Requiring Any Student Who Wants To Use File Sharing Software To Apply For A 'Hall Pass'”

Subscribe: RSS Leave a comment
blaktron (profile) says:

Really, Really stupid

All I can see this does is involve them in the process just enough to make them liable when a student does download something protected by copyright. Like if they just stayed hands off, they’d be fine. I work for a school, we get a million entertainment industry letters a year, we just forward them to the students and wash our hands of it.

Since we don’t claim to do anything to stop infringement, we don’t have to bend over backwards trying, and then we aren’t on the hook when something that is clearly impossible, fails.

Anonymous Coward says:

Re: Re: Re:

you can tell that its installed on their computer because they plug into a managed switch, that gives you the MAC, and then you see P2P traffic from that
IP. Its not hard, the only hard part is proving that you removed it as opposed to just stopped using it.

Even more, it’s possible to run file sharing software on a computer without leaving a fingerprint in the operating system.

Under Windows you could run a portable instance of utorrent from a thumb drive having all outbound trafick going through a SSH tunnel.

Even if the institution has a policy of blocking all but web trafic, file sharing will always be possible as long as you can tunnel over port 80 or port 443.

Anonymous Coward says:

Re: Re:

Hmmm…packet analysis(aka deep packet inspection) can confirm show what program is sending what with 99.9% certainty if not encrypted, Bittorrent for example has an unique handshake when it is connecting to others peers, one can see the fingerprint of that even in encrypted channels, people may not be able to see what it is but they know it is a bittorrent client because there is no other signatures that make that exact same pattern of requests.

Anonymous Coward says:

Re: Re: Re: Re:

If it is just encrypted they still get the fingerprints because those are based on timing of the packets not what is inside them, so unless you also mask the traffic and timings of packets they will see what you are using and it is incredible accurate, that is why every anonymous network today deploys countermeasures for that, even the US Army do the same thing.

fikuserectus (profile) says:

Re: NO! It is called management software

I work for a major university. Sorry, but it isn’t called spyware, but management software (Microsoft makes such a product). One of the features of this management software is to easily report what is installed on a persons computer. This type software and use has been used for more than a decade.

Why does a company or university use it? To make sure nothing is installed on the computer that will compromise the very network your computer is using. That isn’t the only use, but one of the many uses of this type of software. Why does a university or company want to limit the use of file sharing programs? It can be an attack vector and many consider it a security issue running on a network. Students seems to forget that the network they share with the rest of the community is used for many important things beside downloading software. It is important to make sure the network bandwidth isn’t clogged with hundreds of PC’s downloading movies or TV shows.

Rich Kulawiec says:

Re: Re: NO! It is called management software

Why does a company or university use it? To make sure nothing is installed on the computer that will compromise the very network your computer is using.

That’s a particularly ironic statement, given the preceding:
Microsoft makes such a product“.

Even if we generously — VERY generously — overlook the fact that Microsoft Windows CANNOT be secured in production environments even by its maker — then I am certain that the users of such software are making fundamental errors. For example: do they permit IE? That’s most certainly a highly dangerous piece of software that has a long and sordid history involving network compromise. How about Outlook, another exceedingly-dangerous, extremely-buggy program that nobody should ever use? And what about Acrobat, which is another hideously awful piece of software?

My point being: the incompetent fools using this kind of “management software” haven’t got the slightest idea what is and isn’t a threat to their network environment. They lack fundamental clues about the basics of contemporary security practice. (Heck, they probably still use anti-virus software and expect it to work.) So let’s not pretend that this has anything to do with sound network operations practice…because sound network operations practice in the kind of environments we’re discussing here would presume that all end-user-controlled systems are already compromised and defend accordingly.

blaktron (profile) says:

Re: Re: Re:3 NO! It is called management software

Define absolute security, if you mean ‘cant be hacked without user intervention’ which is usually the litmus test for security, then windows without an active browser is pretty damn secure. If you think otherwise then bring me evidence of windows being hacked without deliberate security holes being introduced.

el_segfaulto (profile) says:

Re: Re: NO! It is called management software

Disclosure: I am an IT professional and use various types of management software. If I were a student at UNC I would be appalled. Management software is used primarily to keep corporate workstations and laptops in line with licensing and to have a trail if/when an audit occurs. Forcing students to put it on their personal machines in order to access the network is quite disturbing.

YOU may not call it spyware, but isn’t it mimicking the behavior of actual spyware just a bit? How is it any different if a student clicks through a bogus “anti-virus” EULA than if they do the same thing to install this “legitimate” software because they’re told they need it in order to access the world? Internet access (especially in college) is no longer a luxury and the administrators for this campus have crossed the line with this.

Whether you want to admit it or not, management software can also be a vector for remote intrusion. With the right password and/or private key it essentially throws open a user’s entire system to the bad guys.

I will admit that file sharing can lead to virus and malware infestation. However, so do Flash banner ads and insufficiently secured ad networks. The last two virus outbreaks we had here were caused simply by navigating to msn.com.

Finally…bandwidth. If a major university cannot afford the equipment and training for traffic shaping during peak hours of use, they have no business offering the service. Without question the best internet service I’ve had has been at the major universities that I’ve attended. Most have the infrastructure to handle every student streaming / torrenting at the same time (at least in my experience).

TheStupidOne says:

Re: Re: Introductions

Is waste defunct? I just remember using it on my college campus after IT shut down our dc++ server and we wanted something they couldn’t find. It worked great until I graduated.

I haven’t ever heard of btguard before I typed this post, but they are a bittorrent proxy that also encrypts your traffic for you so that you can’t be throttled or caught (costs money though)

mikey4001 (profile) says:


To be fair to the school, The Higher Education Opportunity Act of 2008 (I think that’s the one) contains provisions that require campuses to police their networks for piracy or risk losing funding (read: federal scholarship money). The language of the law is a bit vague, so schools are free to go about it in whatever way they deem appropriate enough to be considered a good faith effort. A lot of schools don’t really do much it seems, but UNC may just be trying to comply with a bad law, especially if they have been in hot water with the internet cops before.

Rich Kulawiec says:

How ironic...

…given UNC’s seminal role in starting Usenet, still the world’s most successful experiment in mass online communication. Usenet is built around the concept that a message (usually encapsulated in a single file) is shared across many news servers via a flood-propagation algorithm. (Thus, were propagation delays all zero, every news server would hold the same content as every one. Of course propagation delays aren’t all zero — not even close — and further, individual site choices in news server configuration result in additional content differences. But as a first-order approximation, it can be thought of as a replication engine.)

aikiwolfie (profile) says:

Have the TechDirt staff been taking stupid pills lately? I don’t think anybody calls e-mail “file sharing software”. I think we know what sort of applications this university are talking about. Torrent clients and the like.

It’s also not a bad thing to get people to learn about copyright, what is or isn’t infringement. Isn’t that part of what you guys try to do here. Make people aware?

PaulT (profile) says:

Re: Re:

You’re missing what’s actually being said. The point is that the term “file sharing software” is left undefined in the rules. Since it’s undefined, the term could be applied to anything that is capable of sharing files. This includes email.

This is often one of the ongoing problems. Define something too narrowly (e.g. just specify torrents) and it’s easy to bypass (e.g. people just switch to binary usenet or encrypted P2P, which aren’t covered by the rules). Specify too vaguely – as has happened here – and a lot of otherwise legitimate avenues can be blocked.

“It’s also not a bad thing to get people to learn about copyright, what is or isn’t infringement.”

File sharing is not infringement. Forcing people to apply for a licence to use legitimate software for legitimate uses is not “education”. In fact, if any education takes place when getting the “hall pass”, I’d bet it would be the same misleading, inaccurate and easily disprove misinformation the **AAs trot out on a regular basis, not the truth.



So four guys rent an off-campus apartment or house and split the cost of their own connection. From some of the numbers I’ve seen, it’s cheaper to stay in a Holliday Inn than the school dorm. The school policy is probably good training for post graduate employment since most employers would be every bit as unpleasant about internet use as the school seems to be.

Arthur Moore (profile) says:

University of Alabama in Huntsville

Here at UAH the university uses the Cisco Clean Access Software. Every windows computer must have it installed.

This software scans the computer for AV products to determine if they should be allowed on the internet. Sadly, the only AV software it consistently recognizes is McAfee. So not only does it fail at its intended purpose, but removes whatever protection you might have had.

Whats worse is that allows the university full access to our computers, even though no one there is smart enough to use it for such a task.

Now, back to the topic at hand.

Back when Kazaa and LimeWire where big they would ban your computer from the network if they detected you using them. The only way to get back on was to turn your computer over to them so they could rifle through your hard drive and delete the software.

It is draconian, but I guess they have no choice when they spent all this money on monitoring equipment and not on bandwidth. The fastest download speed I ever saw for a student, either via wireless or from the dorms, was around 256KB.

Arthur Moore (profile) says:

University of Alabama in Huntsville

The university requires management software on all student computers that run Windows. If you don’t have it running you can not connect to the network.

As far as training goes, I was talking about how incompetent our IT department is.

I meant 256Kbps. My bad.

It’s so bad that Knology makes good money selling cable internet to people who live in the dorms.

blaktron (profile) says:

Re: University of Alabama in Huntsville

This is draconian and evil. I’m a senior admin at a university and we provide free WiFi for our students across campus to connect with whatever device they want. We don’t require anything but their central login ID to connect. I guess that’s why were highly rated, because we’re actually in the business of preparing our students for the future.

abc gum says:

“Also not explained in the article is what qualifies as “file sharing software.” After all, an FTP app, email, instant messaging and a browser could all be considered “file sharing” apps.”

Applications share files, that’s how computers work.
I suppose some people who would like to define “file sharing” as something other than sharing files, but that is rather silly.

callmebob says:

“Cornell, she says, wouldn?t do it because it would violate a student code that emphasizes ?freedom with responsibility.?

Call me crazy, but isnt Cornell completely wrong on this? Instead of blocking the software, they allow students to run it after they agreed to use it appropriately. Last I checked, that means they have freedom (to run the software) and were responsible for it being run properly.

If they were like a lot of other institutions, students wouldnt be allowed to run it at all.

Is it wrong to make someone get a license to drive? Is it wrong to require a student to know the consequences of their file sharing before they can share?

Cornell is the one looking foolish on this one.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...