Skip to Navigation | Skip to Content

Peer-to-Peer File Sharing

search the site

did you know?

  • The only types of servers that are allowed on ResNet are web servers. P2P programs that allow others to connect to your machine are acting as a file server, and are therefore not allowed.
  • If you use file sharing on NYU-NET or ResNet, NYU, as your ISP, is obligated to forward to you any copyright complaints we receive about activity on your computer.

What is a peer-to-peer application?

Peer-to-peer (P2P) file sharing applications are used to connect you directly to another person's computer (and, frequently, to give them the ability to connect to your machine) in order to transfer files between the two computers. There are three key characteristics that define a P2P application:

  • The ability to discover peers
  • The ability to query peers
  • The ability to share content with peers

What programs fall into this category?

The programs that fall into this category are programs like KaZaa, AIM (if you have file sharing enabled), iMesh, Morpheus, limewire, Gnutella, and others.

Why are peer-to-peer applications an issue at NYU?

There are a number of problems. First, in the process of sharing files back and forth with other peers, you put yourself in the position of possibly infecting or damaging your own computer. Not everyone is as trustworthy as you are; there are those out there who will disguise a malicious program as something harmless, like a music file. The intent is either to infect your machine or to install a remote control program on your machine in an effort to use your machine for nefarious purposes. For example, there is a specific worm that is transmitted through KaZaA that actually has the ability to overwrite files on your hard drive.

Second, because these programs attempt to discover and query other peers, when they do so, they generate network traffic, which is sometimes interpreted as hostile. When another network administrator sees this type of traffic targeted towards their networks, it can be misinterpreted as a probe for vulnerabilities or an attack.

Third, ResNet policy states that the only types of servers that are allowed on ResNet are web servers. Since these programs allow others to connect to your machine and share content, in essence they are acting as a file server, which is not allowed. This has been the policy since the inception of ResNet, before P2P programs were developed.

Finally, many files being shared on peer-to-peer networks are distributed without the permission of the person or company who owns the copyright on that work. Downloading, or making available for download, these copyrighted works can be a violation of federal law. Many copyright owners monitor P2P networks to find infringers, and large industry organizations have stated that they will file lawsuits against individual sharers. If you are sued, the damages can be significant.

How does the use of peer-to-peer applications affect NYU?

This affects the security and stability of NYU's network. We care about the security of our students' machines. We also have a duty to all users to provide adequate access and a stable network. Peer-to-peer applications impact both of these missions.

In tests done by ITS staff, one song was downloaded and within half an hour, three people had connected to the machine to upload that same file. So, that one 5MB download just became 20MB. At the same rate, that one song would result in 720MB of outbound file transfers in one day. Multiply this by more than 8000 ResNet connections and an even larger number of office connections, and you will begin to understand our concern. This means that our network would be used to serve others outside of the University to the detriment of our own users, here at NYU. After all, the primary purpose for NYU and its network is to assist in academic research and to provide facilities for the NYU community.

Some of these programs allow your computer to be taken control of remotely, either as part of their design or by allowing new ways for your computer to be compromised. This is actually a "huge" deal because if this were to happen and your computer was then used to attack another institution or corporation, there would be a lot of problems. Your machine would also then be vulnerable to catching a virus and then potentially spreading it to others.

These programs do a lot more than you might be aware of. Some can automatically upgrade themselves. This would be a huge problem if the request for the upgrade were redirected to another site that would install a program such as a Trojan horse. KaZaA, for example, has the ability to create a separate P2P network without your knowledge through additional software that is installed when you load its software. c|net wrote about this "stealth network" in an article from April. You can find the story on the C|NET News site. This "stealth network" will then have the ability to use University resources and run distributed computing applications over this new network. All this without your knowledge or consent. To add insult to injury, it has been written that this network would then be used to distribute and store advertisements on local machines.

Why have you started to get concerned about this now?

Actually, we have always been concerned about this. We have had a system for handling these inquiries in place for some time now and have not changed anything in the way we handle these incidents. However, owners of copyrighted material have become more sophisticated about the trading of their material and we have been receiving a much higher number of complaints. In addition, copyright owners have expressed an intention to take formal legal action against people who share files. NYU wants to keep its students informed, so that they do not inadvertently become of the subjects of such a lawsuit. We believe that it is appropriate for us to take further steps to inform our students about the potential risks in P2P.

Who is contacting NYU about these issues?

We are being contacted by the legal organizations representing the artists who own the copyrighted material. Usually we receive a message like this:

From: MPAA@copyright.org
To: copyright.info@nyu.edu
Subject: Unauthorized Distribution of Copyrighted Motion Pictures (Reference#: xxxxxx)
Date: xxx, xx xxx xxxx xx:xx:xx (GMT)

MOTION PICTURE ASSOCIATION OF AMERICA, INC.
15503 VENTURA BOULEVARD
ENCINO, CALIFORNIA 91436

UNITED STATES
Anti-Piracy Operations
PHONE: (818) 728 - 8127
Email: MPAA@copyright.org

Name: Marilyn McMillan
Email: copyright.info@nyu.edu
ISP: New York University

Via Fax/Email

RE: Unauthorized Distribution of Copyrighted Motion Pictures
Site/URL: gnutella://xxx.xxx.xx.x:6346/ [with IP address: xxx.xxx.xx.x
Reference#: 725287

Date of Infringement: 10/19/2002 3:45:41 PM GMT

Dear Marilyn McMillan:

The Motion Picture Association of America (MPAA) represents the following motion picture production and distribution companies:

Columbia Pictures Industries, Inc.
Disney Enterprises, Inc.
Metro-Goldwyn-Mayer Studios Inc.
Paramount Pictures Corporation
TriStar Pictures, Inc.
Twentieth Century Fox Film Corporation
United Artists Pictures, Inc.
United Artists Corporation
Universal City Studios, Inc.
Warner Bros., a Division of Time Warner Entertainment Company, L.P.

We have received information that an individual has utilized the above referenced IP address at the noted date and time to offer downloads of copyrighted motion picture(s) through a “peer-to-peer” service, including such title(s) as:

Family Guy (TV)

The distribution of unauthorized copies of copyrighted motion pictures constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3). This conduct may also violate the laws of other countries, international law, and/or treaty obligations.

Since you own this IP address, we request that you immediately do the following:

1. Disable access to the individual who has engaged in the conduct described above, and;
2. Take appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.

On behalf of the respective owners of the exclusive rights to the copyrighted material at issue in this notice, we hereby state, pursuant to the Digital Millennium Copyright Act, Title 17 United States Code Section 512, that we have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owners, their respective agents, or the law.

Also pursuant to the Digital Millennium Copyright Act, we hereby state, under penalty of perjury, under the laws of the State of California and under the laws of the United States, that the information in this notification is accurate and that we are authorized to act on behalf of the owners of the exclusive rights being infringed as set forth in this notification.

Please contact us at the above listed address or by replying to this email should you have any questions. Kindly include the above noted Reference # in the subject line of all email correspondence.

We thank you for your cooperation in this matter. Your prompt response is requested.

Respectfully,

Thomas Temple
Director
Worldwide Internet Enforcement

How does this affect the downloading of music files?

Most music files are copyright protected, which means that they can be distributed only with the permission of the people who own that copyright. The copyright holders contact an ISP when its members violate these copyrights. One violation of the copyright is to distribute the copyrighted material via peer-to-peer applications or networks.

NYU and ITS have to follow up on any complaints of this type that we receive. Because we are your ISP, we have a duty to pass complaints we receive on to you if you are the owner of the computer referenced in the complaint. As the owner of the "server", you could be liable if the copyright owner chose to sue (see Copyright Law, Title 17 at http://www4.law.cornell.edu/uscode/html/uscode17/usc_sup_01_17.html). We feel it best to contact our users and give them a chance to fix the issue before it gets to that stage.

What are NYU's policies on peer-to-peer applications, and how do they compare to other universities' policies?

At NYU, when we are contacted about a copyright infringement, we usually contact the owner of the machine to give them a chance to correct the situation. We do this because the owner of the machine that is acting as a server could be liable if the copyright owner decided to sue. Usually, the machine is reconfigured so it no longer acts as a server, and the situation is easily resolved. These issues are almost always handled amicably and rarely result in a disconnection. Disconnections usually result when we do not receive a response after we notify an individual of the situation and after we receive multiple complaints.

At NYU, we review our policies and standards on a regular basis to evaluate their currency and relevancy. We have specific policies in place regarding the use of ResNet and NYU-NET. These policies are available on the ITS Policies and Guidance website and already cover most issues brought up by peer-to-peer applications.

Other schools choose to handle this issue in various ways. Many schools are evaluating their policies to address peer-to-peer application usage specifically. In fact, some schools terminate your network connection first and ask questions later. We choose to handle these issues in the above-mentioned manner so as to educate our users and provide them with more information.

What is NYU's position on illegal downloading?

For information on NYU's position on illegal downloading, see this note from CITO Marilyn McMillan.

How do I prevent my machine from being accessed as a file server?

You need to make sure that your peer-to-peer applications are configured correctly. Make sure that they are not set up to perform "auto-discovery" type network searches and that they are not set up to act like a file server. You do not want to have your machine accessible to the world because then everyone will have the ability to download files from your machine.

Is this all necessary?

NYU has a commitment to academic freedom; however, we are still bound by the law. If you do not like the direction in which copyright law is heading, let your voice be heard by contacting your state and local representatives. You can find your appropriate contact at http://www.house.gov/writerep/.

Page last reviewed: August 19, 2008