UNC Requiring Any Student Who Wants To Use File Sharing Software To Apply For A 'Hall Pass'

from the say-what-now? dept

Thu, Sep 15th 2011 11:29am — Mike Masnick

Apparently UNC's method of dealing with constant complaints from the entertainment industry about students file-sharing is to throw the baby out with the bathwater. It's blocking network access to any computer which they discover has file sharing software on it. It's unclear from the article just how UNC is detecting file sharing software, though that would seem to raise some serious privacy questions. Also not explained in the article is what qualifies as "file sharing software." After all, an FTP app, email, instant messaging and a browser could all be considered "file sharing" apps. Either way, if UNC discovers you have file sharing software that's on its "evil" list, you get a message that pops up in your browser saying:

�UNC-CHAPEL HILL IS BLOCKING FILE-SHARING THROUGHOUT STUDENT HOUSING.�

Students then are told to remove such offending software or they won't be able to access the internet.

Of course, since there do remain legitimate reasons for using file sharing software, students can apply for a "Hall Pass," that will let them use the software after they "learn what does and does not violate copyright law." One hopes that the lesson plan required is reasonable, though such programs rarely are all that accurate.

I understand why UNC is doing this, but I still find it worrisome. These are technologies that rapidly evolve. What may seem "evil" today may not be in the near future. Blocking your students from using them, except after they jump through a bunch of hoops -- each with a giant warning on them -- chills the willingness of students to actually look at certain new and important innovations that can be built on top of the older things. Requiring people to go ask permission to go use one of the fundamental features of the internet is likely to be quite frustrating for students who have perfectly legitimate reasons to use such networks.

Separately, I will note with a bit of pride that the same article quotes someone from my alma mater saying that Cornell would never implement such a system:

Ms. Mitrano said. Engineering and science-heavy institutions would have a hard time, for instance, because those fields often require a lot of file-sharing. Cornell, she says, wouldn�t do it because it would violate a student code that emphasizes �freedom with responsibility.�

Nice to see them going against this kind of snooping/cutoff setup.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: file sharing, hall pass, unc

47 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

blaktron (profile), 15 Sep 2011 @ 11:50am

Really, Really stupid
All I can see this does is involve them in the process just enough to make them liable when a student does download something protected by copyright. Like if they just stayed hands off, they'd be fine. I work for a school, we get a million entertainment industry letters a year, we just forward them to the students and wash our hands of it.

Since we don't claim to do anything to stop infringement, we don't have to bend over backwards trying, and then we aren't on the hook when something that is clearly impossible, fails.
[ link to this | view in chronology ]
Jake, 15 Sep 2011 @ 11:56am

If I was a student there, I'd be looking at mobile broadband plans, because I'm pretty damn sure there's no way of finding out what software is installed on their computers without using spyware.
[ link to this | view in chronology ]
- blaktron (profile), 15 Sep 2011 @ 12:02pm
  
  Re:
  you can tell that its installed on their computer because they plug into a managed switch, that gives you the MAC, and then you see P2P traffic from that IP. Its not hard, the only hard part is proving that you removed it as opposed to just stopped using it.
  [ link to this | view in chronology ]
  - :Lobo Santo (profile), 15 Sep 2011 @ 12:08pm
    
    Re: Re:
    So... do the students get in trouble for using a VPN or TOR or SSH tunneling or any of the myriad other techniques for subverting such monitoring??
    [ link to this | view in chronology ]
    - blaktron (profile), 15 Sep 2011 @ 12:26pm
      
      Re: Re: Re:
      No one gets in trouble at my campus. If our security team notices someone downloading something copyrighted on bit torrent, unencrypted, they will kill the connection, but thats for Bandwidth reasons, not anything else
      [ link to this | view in chronology ]
  - Anonymous Coward, 16 Sep 2011 @ 4:26am
    
    Re: Re:
    
    you can tell that its installed on their computer because they plug into a managed switch, that gives you the MAC, and then you see P2P traffic from that
    IP. Its not hard, the only hard part is proving that you removed it as opposed to just stopped using it.
    
    Even more, it's possible to run file sharing software on a computer without leaving a fingerprint in the operating system.
    
    Under Windows you could run a portable instance of utorrent from a thumb drive having all outbound trafick going through a SSH tunnel.
    
    Even if the institution has a policy of blocking all but web trafic, file sharing will always be possible as long as you can tunnel over port 80 or port 443.
    [ link to this | view in chronology ]
- Anonymous Coward, 15 Sep 2011 @ 12:30pm
  
  Re:
  Hmmm...packet analysis(aka deep packet inspection) can confirm show what program is sending what with 99.9% certainty if not encrypted, Bittorrent for example has an unique handshake when it is connecting to others peers, one can see the fingerprint of that even in encrypted channels, people may not be able to see what it is but they know it is a bittorrent client because there is no other signatures that make that exact same pattern of requests.
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Sep 2011 @ 1:11pm
    
    Re: Re:
    All they'll see is me connecting to a socks proxy.
    [ link to this | view in chronology ]
    - Anonymous Coward, 15 Sep 2011 @ 1:48pm
      
      Re: Re: Re:
      If it is just encrypted they still get the fingerprints because those are based on timing of the packets not what is inside them, so unless you also mask the traffic and timings of packets they will see what you are using and it is incredible accurate, that is why every anonymous network today deploys countermeasures for that, even the US Army do the same thing.
      [ link to this | view in chronology ]
- fikuserectus (profile), 15 Sep 2011 @ 2:45pm
  
  Re: NO! It is called management software
  I work for a major university. Sorry, but it isn't called spyware, but management software (Microsoft makes such a product). One of the features of this management software is to easily report what is installed on a persons computer. This type software and use has been used for more than a decade.
  
  Why does a company or university use it? To make sure nothing is installed on the computer that will compromise the very network your computer is using. That isn't the only use, but one of the many uses of this type of software. Why does a university or company want to limit the use of file sharing programs? It can be an attack vector and many consider it a security issue running on a network. Students seems to forget that the network they share with the rest of the community is used for many important things beside downloading software. It is important to make sure the network bandwidth isn't clogged with hundreds of PC's downloading movies or TV shows.
  [ link to this | view in chronology ]
  - Rich Kulawiec, 15 Sep 2011 @ 3:25pm
    
    Re: Re: NO! It is called management software
    "Why does a company or university use it? To make sure nothing is installed on the computer that will compromise the very network your computer is using."
    
    That's a particularly ironic statement, given the preceding:
    "Microsoft makes such a product".
    
    Even if we generously -- VERY generously -- overlook the fact that Microsoft Windows CANNOT be secured in production environments even by its maker -- then I am certain that the users of such software are making fundamental errors. For example: do they permit IE? That's most certainly a highly dangerous piece of software that has a long and sordid history involving network compromise. How about Outlook, another exceedingly-dangerous, extremely-buggy program that nobody should ever use? And what about Acrobat, which is another hideously awful piece of software?
    
    My point being: the incompetent fools using this kind of "management software" haven't got the slightest idea what is and isn't a threat to their network environment. They lack fundamental clues about the basics of contemporary security practice. (Heck, they probably still use anti-virus software and expect it to work.) So let's not pretend that this has anything to do with sound network operations practice...because sound network operations practice in the kind of environments we're discussing here would presume that all end-user-controlled systems are already compromised and defend accordingly.
    [ link to this | view in chronology ]
    - blaktron (profile), 15 Sep 2011 @ 6:46pm
      
      Re: Re: Re: NO! It is called management software
      If you don't think Windows can be secured then you aren't very smart.
      [ link to this | view in chronology ]
      - Richard (profile), 16 Sep 2011 @ 3:50am
        
        Re: Re: Re: Re: NO! It is called management software
        If you think any operating system can be absolutely secured then you really don't have a clue.
        [ link to this | view in chronology ]
        
        blaktron (profile), 16 Sep 2011 @ 5:36am
        
        Re: Re: Re: Re: Re: NO! It is called management software
        Define absolute security, if you mean 'cant be hacked without user intervention' which is usually the litmus test for security, then windows without an active browser is pretty damn secure. If you think otherwise then bring me evidence of windows being hacked without deliberate security holes being introduced.
        [ link to this | view in chronology ]
  - el_segfaulto (profile), 15 Sep 2011 @ 4:07pm
    
    Re: Re: NO! It is called management software
    Disclosure: I am an IT professional and use various types of management software. If I were a student at UNC I would be appalled. Management software is used primarily to keep corporate workstations and laptops in line with licensing and to have a trail if/when an audit occurs. Forcing students to put it on their personal machines in order to access the network is quite disturbing.
    
    YOU may not call it spyware, but isn't it mimicking the behavior of actual spyware just a bit? How is it any different if a student clicks through a bogus "anti-virus" EULA than if they do the same thing to install this "legitimate" software because they're told they need it in order to access the world? Internet access (especially in college) is no longer a luxury and the administrators for this campus have crossed the line with this.
    
    Whether you want to admit it or not, management software can also be a vector for remote intrusion. With the right password and/or private key it essentially throws open a user's entire system to the bad guys.
    
    I will admit that file sharing can lead to virus and malware infestation. However, so do Flash banner ads and insufficiently secured ad networks. The last two virus outbreaks we had here were caused simply by navigating to msn.com.
    
    Finally...bandwidth. If a major university cannot afford the equipment and training for traffic shaping during peak hours of use, they have no business offering the service. Without question the best internet service I've had has been at the major universities that I've attended. Most have the infrastructure to handle every student streaming / torrenting at the same time (at least in my experience).
    [ link to this | view in chronology ]
    - Travis, 15 Sep 2011 @ 4:44pm
      
      Re: Re: Re: NO! It is called management software
      You forgot to add that most management software gives the admin read/write access to every file on the computer.
      [ link to this | view in chronology ]
Clouser, 15 Sep 2011 @ 11:58am

cornell
Glad to hear this:

2Ms. Mitrano said. Engineering and science-heavy institutions would have a hard time, for instance, because those fields often require a lot of file-sharing. Cornell, she says, wouldn�t do it because it would violate a student code that emphasizes �freedom with responsibility.�
[ link to this | view in chronology ]
- Richard (profile), 15 Sep 2011 @ 12:44pm
  
  Re: cornell
  Academic staf could make this null by setting a coursework that requires the use of such s/w.
  [ link to this | view in chronology ]
PaulT (profile), 15 Sep 2011 @ 12:15pm

So... an incentive for an enterprising student to create an app that masks P2P software/traffic from whatever snooping they use? Or, hundreds of students having their education impeded by their own university?
[ link to this | view in chronology ]
TheStupidOne, 15 Sep 2011 @ 12:22pm

Introductions
UNC meet waste http://waste.sourceforge.net/ and btguard.com
fellas, meet UNC ... play nicely now you hear
[ link to this | view in chronology ]
- Anonymous Coward, 15 Sep 2011 @ 1:16pm
  
  Re: Introductions
  http://wasteagain.sourceforge.net/
  
  Is that another fork of the defunct waste?
  [ link to this | view in chronology ]
  - TheStupidOne, 15 Sep 2011 @ 1:58pm
    
    Re: Re: Introductions
    Is waste defunct? I just remember using it on my college campus after IT shut down our dc++ server and we wanted something they couldn't find. It worked great until I graduated.
    
    I haven't ever heard of btguard before I typed this post, but they are a bittorrent proxy that also encrypts your traffic for you so that you can't be throttled or caught (costs money though)
    [ link to this | view in chronology ]
    - blaktron (profile), 15 Sep 2011 @ 5:49pm
      
      Re: Re: Re: Introductions
      Or just use a private, encrypted tracker, but if you have an admin actually looking at traffic on a modern dpi firewall, just because they cant see what it is exactly, they can see 40 odd constant encrypted IP streams going to a single IP. My mom could then tell what that was...
      [ link to this | view in chronology ]
    - Anonymous Coward, 15 Sep 2011 @ 11:35pm
      
      Re: Re: Re: Introductions
      
      I haven't ever heard of btguard before I typed this post, but they are a bittorrent proxy that also encrypts your traffic for you so that you can't be
      throttled or caught (costs money though)
      
      BTguard is not very reliable and is expensive.
      
      Rather try superchargemytorrent.com and vpntunnel.se.
      [ link to this | view in chronology ]
- Anonymous Coward, 15 Sep 2011 @ 1:32pm
  
  Re: Introductions
  http://www.eepsite.com/ (Create anonymous websites inside i2P)
  http://www.i2p2.de/
  http://freenetproject.org/
  
  http://anonymous-p2p.org/programs.html
  [ link to this | view in chronology ]
mikey4001 (profile), 15 Sep 2011 @ 12:33pm

HEOA
To be fair to the school, The Higher Education Opportunity Act of 2008 (I think that's the one) contains provisions that require campuses to police their networks for piracy or risk losing funding (read: federal scholarship money). The language of the law is a bit vague, so schools are free to go about it in whatever way they deem appropriate enough to be considered a good faith effort. A lot of schools don't really do much it seems, but UNC may just be trying to comply with a bad law, especially if they have been in hot water with the internet cops before.
[ link to this | view in chronology ]
theangryintern (profile), 15 Sep 2011 @ 12:45pm

Going to be funny the next time Blizzard releases a big patch for WoW. Gonna have a bunch of students suddenly blocked from their network because Blizz used Bittorrent to distribute the patches.
[ link to this | view in chronology ]
Rich Kulawiec, 15 Sep 2011 @ 12:48pm

How ironic...
...given UNC's seminal role in starting Usenet, still the world's most successful experiment in mass online communication. Usenet is built around the concept that a message (usually encapsulated in a single file) is shared across many news servers via a flood-propagation algorithm. (Thus, were propagation delays all zero, every news server would hold the same content as every one. Of course propagation delays aren't all zero -- not even close -- and further, individual site choices in news server configuration result in additional content differences. But as a first-order approximation, it can be thought of as a replication engine.)
[ link to this | view in chronology ]
aikiwolfie (profile), 15 Sep 2011 @ 2:24pm

Have the TechDirt staff been taking stupid pills lately? I don't think anybody calls e-mail "file sharing software". I think we know what sort of applications this university are talking about. Torrent clients and the like.

It's also not a bad thing to get people to learn about copyright, what is or isn't infringement. Isn't that part of what you guys try to do here. Make people aware?
[ link to this | view in chronology ]
- Travis, 15 Sep 2011 @ 4:53pm
  
  Re:
  Apparently you don't know how to attach files to an email. Almost all (very few exceptions in the last several years) software that enables communication between users can (and for some purposes is) considered file sharing software.
  [ link to this | view in chronology ]
- Anonymous Coward, 15 Sep 2011 @ 4:58pm
  
  Re:
  Okay, you tell us what is and isn't infringement. I'm guessing that you can't, since it generally takes a court to do so.
  [ link to this | view in chronology ]
- PaulT (profile), 16 Sep 2011 @ 12:47am
  
  Re:
  You're missing what's actually being said. The point is that the term "file sharing software" is left undefined in the rules. Since it's undefined, the term could be applied to anything that is capable of sharing files. This includes email.
  
  This is often one of the ongoing problems. Define something too narrowly (e.g. just specify torrents) and it's easy to bypass (e.g. people just switch to binary usenet or encrypted P2P, which aren't covered by the rules). Specify too vaguely - as has happened here - and a lot of otherwise legitimate avenues can be blocked.
  
  "It's also not a bad thing to get people to learn about copyright, what is or isn't infringement."
  
  File sharing is not infringement. Forcing people to apply for a licence to use legitimate software for legitimate uses is not "education". In fact, if any education takes place when getting the "hall pass", I'd bet it would be the same misleading, inaccurate and easily disprove misinformation the **AAs trot out on a regular basis, not the truth.
  [ link to this | view in chronology ]
Digitari, 15 Sep 2011 @ 2:55pm

RE: learning?
this is an institute of "higher" Learning, what does this teach exactly?

don't trust the "feds"

or

"Do as you are told"......
[ link to this | view in chronology ]
ASTROBOI, 15 Sep 2011 @ 2:59pm

Solution?
So four guys rent an off-campus apartment or house and split the cost of their own connection. From some of the numbers I've seen, it's cheaper to stay in a Holliday Inn than the school dorm. The school policy is probably good training for post graduate employment since most employers would be every bit as unpleasant about internet use as the school seems to be.
[ link to this | view in chronology ]
- Travis, 15 Sep 2011 @ 4:56pm
  
  Re: Solution?
  I'll disagree with the training part. The post is referring to personal computers in the dorm rooms. Would you let your employer tell you what sort of software to use on your computer while not at work?
  [ link to this | view in chronology ]
Arthur Moore (profile), 15 Sep 2011 @ 3:44pm

University of Alabama in Huntsville
Here at UAH the university uses the Cisco Clean Access Software. Every windows computer must have it installed.

This software scans the computer for AV products to determine if they should be allowed on the internet. Sadly, the only AV software it consistently recognizes is McAfee. So not only does it fail at its intended purpose, but removes whatever protection you might have had.

Whats worse is that allows the university full access to our computers, even though no one there is smart enough to use it for such a task.

Now, back to the topic at hand.

Back when Kazaa and LimeWire where big they would ban your computer from the network if they detected you using them. The only way to get back on was to turn your computer over to them so they could rifle through your hard drive and delete the software.

It is draconian, but I guess they have no choice when they spent all this money on monitoring equipment and not on bandwidth. The fastest download speed I ever saw for a student, either via wireless or from the dorms, was around 256KB.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Sep 2011 @ 5:00pm
  
  Re: University of Alabama in Huntsville
  Err... 256KB is 2Mbps, so standard low-end cable. Not too shabby, really. You want faster, get an apartment and pay for it.
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Sep 2011 @ 6:14pm
    
    Re: Re: University of Alabama in Huntsville
    Actually.... 256kbps is 0.25mbps... But thanks for playing!
    [ link to this | view in chronology ]
    - blaktron (profile), 15 Sep 2011 @ 6:26pm
      
      Re: Re: Re: University of Alabama in Huntsville
      But 256 KB/s which he actually said is 2mbit/s, so take your ball and go home ;)
      [ link to this | view in chronology ]
Arthur Moore (profile), 15 Sep 2011 @ 5:46pm

Re: University of Alabama in Huntsville
The university requires management software on all student computers that run Windows. If you don't have it running you can not connect to the network.

As far as training goes, I was talking about how incompetent our IT department is.

I meant 256Kbps. My bad.

It's so bad that Knology makes good money selling cable internet to people who live in the dorms.
[ link to this | view in chronology ]
- blaktron (profile), 15 Sep 2011 @ 6:08pm
  
  Re: Re: University of Alabama in Huntsville
  This is draconian and evil. I'm a senior admin at a university and we provide free WiFi for our students across campus to connect with whatever device they want. We don't require anything but their central login ID to connect. I guess that's why were highly rated, because we're actually in the business of preparing our students for the future.
  [ link to this | view in chronology ]
abc gum, 15 Sep 2011 @ 5:55pm

"Also not explained in the article is what qualifies as "file sharing software." After all, an FTP app, email, instant messaging and a browser could all be considered "file sharing" apps."

Applications share files, that's how computers work.
I suppose some people who would like to define "file sharing" as something other than sharing files, but that is rather silly.
[ link to this | view in chronology ]
Transbot9, 16 Sep 2011 @ 6:15am

A hall pass for WoW?
'Cause Blizzard updates it's games via torrents, this is gonna cut into World of Warcraft...
[ link to this | view in chronology ]
Anonymous Coward, 16 Sep 2011 @ 9:28am

It will only push them further underground.
[ link to this | view in chronology ]
callmebob, 16 Sep 2011 @ 12:29pm

"Cornell, she says, wouldn�t do it because it would violate a student code that emphasizes �freedom with responsibility.�

Call me crazy, but isnt Cornell completely wrong on this? Instead of blocking the software, they allow students to run it after they agreed to use it appropriately. Last I checked, that means they have freedom (to run the software) and were responsible for it being run properly.

If they were like a lot of other institutions, students wouldnt be allowed to run it at all.

Is it wrong to make someone get a license to drive? Is it wrong to require a student to know the consequences of their file sharing before they can share?

Cornell is the one looking foolish on this one.
[ link to this | view in chronology ]
- Anonymous Coward, 16 Sep 2011 @ 10:37pm
  
  Re:
  Please turn off your computer immediately. You have not gone through your mandatory "Computer Usage" seminar, received your computer license, or learned the consequences of your computer use before you used one.
  [ link to this | view in chronology ]
Invisible_Jester89, 2 Jan 2012 @ 10:15pm

Yeah yeah yeah. This is awful and all, but it's called "swapping a CD-R with your friend in the frat house next door to yours". Keep circulating the tapes, everybody.
[ link to this | view in chronology ]