After Hours

Policing MP3s reduces liability and improves system performance

Software makers are suing companies that have downloaded pirated software. Will the music industry do the same and sue companies that allow employees to download MP3 files? Here is how to reduce your liability.


Mike Provenzano, system administrator for Monmouth Regional High School in Tinton Falls, NJ, noticed the network server that handles files for the 350 plus students and administrators kept running out of space.

“The space started to dwindle before my eyes,” said Provenzano.

It got so bad some weeks that the available space would be reduced by as much as two gigabytes per day.

Armed with a review of the network and an understanding of how the teenage mind works, Provenzano discovered that the students had downloaded thousands of MP3 files. This created two problems for Provenzano and the school.

First, the MP3 files were hogging network resources. Second, the files put the school legally at risk for copyright infringement.

IT Managers are being forced to move MP3 eradication onto the to-do list for their network admins. You don’t have to work at a high school like Provenzano does to have problems with MP3 files. IT professionals who work in corporate and government offices should be concerned about this issue as well.

In this article, we’ll discuss:
  • Your liability when MP3 files are found on your agency’s server
  • Steps you can take to reduce your liability and save your network

Do you need a lawyer?
Wendy Leibowitz, attorney and board member of InternetLaw.com, recommends that companies develop download policies and police their networks for pirated material.

“Piracy is a serious step, whether it’s software piracy or music piracy. It’s wrong, and their liability is that companies have to educate their employees that it’s wrong,” said Leibowitz.

But does this mean your company is liable for the MP3 files your employees may dump on your network?

“The law, quite frankly, is still being developed,” said Leibowitz.

Leibowitz explained that of the case law that currently exists in the United States, the network, and by extension the network administrator, is not liable. For example, the telephone company is not responsible for criminal plans made via the telephone.

Also, there is no current standard to determine due diligence for policing your network, Leibowitz said. But that does not mean you should do nothing.

“You have to be able to show that you took some kind of steps,” she said. Educating employees, deleting offending files, and developing anti-downloading policies are all examples of things IT Managers should be doing.
  • Develop a download policy.
  • Implement periodic search and destroy programs for MP3 files either manually or with software designed to do so.
  • Monitor Internet traffic for patterns indicating use for non-mission-critical kinds of data packets and adjust bandwidth accordingly.

Search and destroy
Provenzano addressed his problem by presenting Monmouth students with a holiday gift last year: a no-download policy that could result in school suspension if ignored. He also installed a program by Apreo called SoundJudgement, a software product that detects, blocks, and deletes MP3 files before they have a chance to degrade network performance. (The cost is $279 per 100 seats.)

He set up SoundJudgement to run on the weekend, finding and deleting MP3 files. On Monday, Provenzano reviews the SoundJudgement report listing how many MP3 files were found and who downloaded them.

SoundJudgement was initially designed for companies that wanted to protect their networks.

“We believe there will be more need in the future because as we see it, nobody can block all the services that are out there,” said David Hollander, CEO of Apreo. “Every day there’s a new service, and you can’t just block them in a firewall.”

Hollander said that he believes the music industry may begin taking legal action against an individual user and not an MP3 service. For example, the music industry may decide not to sue all the providers, but they may sue a hotel chain.

SoundJudgement can be applied over Novell and NT servers. Unlike traditional search tools, it uses “Smart Search” technology that works independently of the file name or extension. The program searches the entire network including servers and workstations and analyzes the files, looking for the MP3 protocol. (There are shareware programs available that will simply change your filename in order to disguise your MP3 file.)

Watch your pipes
MP3 files cause another problem—they slow the network performance. MP3 files can transform an efficient network into one that is sluggish and performs poorly.

Jarad Carleton, of consulting firm Frost & Sullivan headquartered in San Jose, CA, said one problem with an MP3 download from Napster is that it frequently disguises itself as HTTP traffic.

“A lot of network administrators may feel that they’ve blocked out Napster when in fact they haven’t,” said Carleton.

Carleton suggested some kind of packet or bandwidth monitoring software to help balance network traffic and stop these kinds of files from tying up valuable bandwidth.

This goes for any kind of non-mission-critical software that could be slowing your network, he said, like streaming media or other technologies that your employees are using for personal reasons.

He recommended that IT Managers take this one step further and not just watch what’s on their networks but reexamine what’s going through their networks.
Have you developed a policy concerning MP3 files? Send us a note and tell us about it or post a comment below.

Editor's Picks