What's Banned On Your Campus?

Going through the Slashdot submission bin, one story has been popping up over and over again over the past few months. Every few days, someone writes in to tell us about yet another university that has banned Napster, the popular mp3 distribution tool. From Indiana University to Seton Hall, there are over a hundred colleges and universities that have banned its use. It's not just Napster, either. DeCSS and internet telephony are being targeted, as well. Some people say it's censorship, others say it's just a matter of reclaiming the university's bandwidth.

We wanted to give the Slashdot readership a chance to talk about this issue. The 'Students Against University Censorship' have set up a site chronicling the day-to-day Napster battle, listing every school they know of that has banned the program. What's going on at your school? What are their policies regarding Internet usage? Have you had a run-in with the collegiate authorities over something you were trying to do? Let us know!

QoS has been suggested

Somebody in a post elsewhere (attached to this story) mentioned QoS, prioritizing packets along the lines of:

1. everything not mentioned below
2. web
3. internet telephony
4. Napster

If there's leftover bandwidth, Napster gets it (hopefully preventing people from getting deperate enough to go to lengths to circumvent the measures). And if somebody else needs bandwidth, they get it. E-Z.

Ban excessive use, not content.

[Frater+219]

I'm the primary network administrator for a small college with a ridiculously limited Internet connection. We have ~350 students and 10Mbps Ethernet to all dorm rooms, but we only have a 512Kbps uplink at the moment. As a result, our users often end up contending for time on a rather congested link.

The three or four warez d00dz who think they have to have a dozen MP3s or VCDs downloading at all times don't help. A few months ago we had one or two twits using up well in excess of 50% of our bandwidth, moving traffic we all knew perfectly well was bootlegged media. But we really see this as an excessive-use problem, not a bootlegging problem -- so we put a 200MB/day cap on usage. As soon as any user machine on our network has moved 200MB over the Internet link in one day, it is unceremoniously blocked off until 3AM the next morning. There is a "free period" from 3AM to 6AM during which people may download all they want without limit; also, we grant exceptions for academic use, such as when someone wants to download a new distro CD image. (The funny thing is that the really heavy users don't use the 3AM-6AM window, even though there's plenty of scheduled-download software out there. They just hit 200MB and get blocked -- just about every day.)

We do, actually, have a policy against bootlegging software, music, movies, and the like -- but I'll be the first to admit that's a CYA move, so if RIAA or the like come attack us, we can say we don't tolerate bootlegging. We don't go looking for MP3 servers unless someone raises a fuss. We do block NetBIOS-over-TCP at the firewall, but that's all. (We're planning to block inbound SMTP directed to systems other than our mail server in the near future, but that's to stop spammers, not to limit our users.)

Blocking services by port number is not a solution to excessive use, nor is it a solution to bootlegging or other "contrabandwidth". In a port-blocking situation, the serious abusers tunnel or otherwise route around the censorship; the regular users get stuck with bogus limits on their use; and we sysadmins have to play catch-up maintaining a list of blocked services. If congestion is the problem, ban excessive use, not controversial use.

Lots of things are wrong with it.

[Uruk]

Generally speaking, in terms of the way laws are written and upheld, the use of mp3s would be upheld because although it has illicit uses, it also has legitimate uses. Think of the music students on campus who download recorded music from sites that make it freely available to the public for study and just for regular enjoyment. I've also known students who tape lectures of classes and make them available for other students via mp3.

Think about guns - guns are made to kill people. They are used in crimes every day all over the nation. But still, they are legal, because we recognize that they have legitimate uses. You can restrict the use of guns, and you might even reduce crime, (I don't actually believe that, but that's an entirely different story) but you'd be giving up a portion of your freedom to do that. Similarly, you can ban mp3s, and you may reduce the amount of IP theft, or lower your bandwidth utilization, but you're giving something up. Namely, the positive aspects of downloading mp3s, and also, the students freedom to be in an environment that allows them to expand themselves as they see fit, not as the university sees fit.

I can kinda sympathize with the bandwidth argument, but I really hate it when people change things midstream. If you come onto the university network, and sign an agreement saying "by signing this you agree not to do x, y, or z" then you have a choice, and you can go elsewhere. On the other hand, if you invest in a NIC for your student network, and then have regulations piled on you never agreed to, that's different, because you weren't given a choice.

It's their bandwidth, right? So they're completely justified in monitoring and restricting all traffic, including all your outgoing email and communication and logging them. That's just not fair, and it's somewhat absurd. They're fighting a losing battle anyway. If they ban napster, somebody will figure out how to run it on a differnent port, or will just move to another service.

Quality of Service

[Jeff+Ballard]

There is a better way for universities to handle the situation. From their perspective its eating bandwith... but they can assign quality of service levels at their routers (and presumedly at their ISP routers as well) and then they could use all of their bandwidth.

For instance, you can say the following:

1. First, let all traffic not defined below go first (SMTP, NTP, etc) -- basically all non-classified traffic
2. Then if theres bandwidth left over, all web traffic,
3. Then if theres bandwidth left over, all IP telephony traffic,
4. Then if theres bandwidth left over, all Napster traffic.

(Insert other bandwidth hogging apps or reprioritize as necessary)

Basically this is probably the best for all worlds, since then the Napster users can try to hammer the network all they want. They just will have their packets dropped first. This will allow them to actually use *ALL* of their network.

Whats wrong with banning Napster?

[stab]

Well, Napster is clearly a software product that is used almost exclusively to pirate MP3s, it leeches up a lot of bandwidth, and has some pretty bad security holes that means that potentially the client can be forced to serve up any file to a malicious Napster server.

What's wrong with universities banning it? Clearly, they cannot condone the flagrant ripping of MP3's on campus. I'm sure they'd do the same if they found 10000 warez sites running on their students' boxes.

I'm not saying that censorship is a good thing, just that in this case I fail to see how this is construed as censorship, given that using the application for anything other than illegal activities is fairly hard. 5% of university bandwidth is a hell of a lot as well.

Just 5%?!

[mr.nobody]

I wish Napster was only taking up 5% of our total bandwidth!

Here at the college where I am a technician we've already had the first part of our firewall system installed to secure the campus and restrict the use of Napster. Our reason to kill Napster is the same one repeated many times in this forum--bandwidth. Currently, Napster is taking up about 25-30% of the sum total of our T1 line.

It used to be a 3-to-1 ratio of incoming to outgoing traffic. 75% of the traffic came into the campus LAN and 25% (or less) went out. This year, that has all changed. As I write this our MRTG graph shows 150K+ going out and less than 100K comming in. At night its even worse (typical night: 50K+ out vs. ~10K in). On average we are split equally between traffic comming in and traffic going out.

I probed and port scanned the network a couple weeks ago and found 30-40 people who were running a Napster server. Lets say each server allows 10-20 users. At peak that would mean 300-800 people are downloading large MP3 files. We have a student body of 1000. The math becomes a little frightening at this point.

This is a college LAN, not a server farm.