Georgia College's New Policy — Reporting All P2P Users To the Police

An anonymous reader excerpts from an article at TorrentFreak: "Georgia's Valdosta State University has updated its network with software that can pinpoint students who use P2P software. The university is committed to stop file-sharing on its network even if that results in prison sentences for students. Offenders will be disciplined by the school and then handed over to the police, the university has announced." School policy is one thing ("don't use file-sharing software on our resource-constrained network, or we may kick you off"), but I suspect the police wouldn't appreciate the task of sorting out legal from illegal use of widespread, essentially neutral software tools. Update: 11/15 18:27 GMT by T : Reader (and VSU alumnus) Matt Baker contacted the school; he reports that the school's IT director Joe Newton in response flatly denied the claims in the TorrentFreak article, and says the school hasn't installed such P2P tracking software, and doesn't hand students over the police, and says instead "I cannot foresee that we would ever do so." Thanks, Matt.

Any forms of file-sharing?

Is this related to any forms? What about downloading cc music or shows and isos of linux?

Re:Any forms of file-sharing?

[seeker_1us]

According to TFA,, it is ALL file sharing

The new system is undoubtedly going to cause collateral damage, since an effective P2P detection tool will be unable to make a distinction between legitimate and illegitimate use of P2P software. This means that booting up your BitTorrent client to download free films such as Snowblind will result in a referral to the police station.

This is abolutely ridiculous. Furthermore, copyright infringement (even if it was real) is a civil matter. Referral to the police station is of very quesitonable legality.

Re:Any forms of file-sharing?

[Shakrai]

Referral to the police station is of very quesitonable legality.

Uhh, referral to the police is foolish and a waste of time but it's not of "questionable legality". I can refer anything I want to the police. Doesn't mean they will investigate it or do anything but it's not a crime to tell the police about a civil affair.....

Re:Any forms of file-sharing?

[burris]

You don't have to make money. The No Electronic Theft Act of 1998 changed the definition of "financial gain." 17 USC 101 now reads:

The term "financial gain" includes receipt, or expectation of receipt, of anything of value, including the receipt of other copyrighted works.

In other words, now they can go after people trading. I don't doubt that a prosecutor could convince a jury that the ratio system on a Torrent site, for instance, shows that the defendant expected to receive other copyrighted works in exchange for continuing to seed whatever it is they downloaded.

Re:Any forms of file-sharing?

[Ihmhi]

That might be a good "I am Spartacus" situation.

If college students are good at any one thing (besides getting wasted and pulling all-nighters) is raising hell for a good cause. Why not teach a few hundred students how to use Bittorrent and have them download Linux ISOs and other legitimate, legal stuff nonstop to, in effect, flood the system and make something like that completely ineffective. Or better yet, maybe a student could create a DDOS software variant where a bunch of computers would connect peer-to-peer on the college's network and trade junk data between each other via Bittorrent, Gnutella, and other similar filesharing protocols.

Isn't this going to get expensive?

[RogueyWon]

Ok, I'm no expert on the US legal situation, but what's to prevent a situation like this from happening:

1) Student installs 100% legal copy of World of Warcraft, Starcraft 2 or any other game which uses a P2P updater system on their PC in their dorm room.

2) Game does its P2P stuff to get its patches.

3) College spots P2P activity and calls police.

4) Police charge college administrators with wasting police time.

5) Student sues college.

Like it or not, P2P isn't just about illegal filesharing. Yes, I'd fully accept that most P2P traffic is illegal, but a blanket policy like this just seems doomed to (probably expensive) failure.

Re:Isn't this going to get expensive?

[Junior+J.+Junior+III]

End result: College bans games. Games aid terrorism by masking real illegal activity in a shroud of legitimate traffic; they are therefore illegitimate by proxy.

Re:Isn't this going to get expensive?

[RogueyWon]

Agreed, but a blanket policy of reporting all attempts at P2P filesharing (which may not be a crime) to the police as copyright infringement is going to result in a large number of false accusations. As I said in my OP, a large number of legal pieces of software, not least games, use P2P methods for their update systems. If I were running a police department, with limited resources, and suddenly began receiving a large number of false accusations from the local college, at the very least I would want to get the college's administration in for a polite but firm chat about the appropriate use of police resources.

Re:Isn't this going to get expensive?

[DrgnDancer]

I dunno, there are a LOT of WoW and CoD players out there. Especially on a college network. With Cataclysm set to release in a month, and CoD just released (Hence needing to be patched most likely, games being what they are) it seems to me that there's probably a lot of legitimate P2P traffic on a university network right now. Gigs and gigs worth per client in WoW's case. I think my computer has downloaded something like 5 or 6 gigabytes worth of patches and preloads (They're making Cataclysm available for direct download rather than making you go to the store and buy a copy) in the last month or two with another 3-4 gigs expected before Dec 7. Then probably another 500MB to a gig in patches to fix the stuff that didn't scale like they thought it would.

Re:Isn't this going to get expensive?

[LambdaWolf]

You beat me to the punch on this reply, but since I had already typed up some back-of-the-envelope calculations, here they are.

World of Warcraft has around 12 million subscribers according to Wikipedia. The past couple of months it's been pushing out updates in anticipation of the Cataclysm expansion. Let's round the size of those updates to 5GB (although they may well be closer to 6GB by now). Perhaps not every subscriber is actively playing and has downloaded those updates, but they'll be outweighed by the active players with two copies of the client software (desktop and laptop, or work and home), so let's underestimate the number of updated client programs as 12 million.

You can divide World of Warcraft players roughly into two categories: the majority who let the game client automatically update itself using the BitTorrent protocol; and the minority who prefer to manage their patch downloads manually using BitTorrent. The set of players who pay enough attention to download their patches manually but choose FTP over the more convenient BitTorrent is minuscule. So we can safely estimate the portion of patch downloads that use a P2P protocol as 100%.

12 million subscribers times 5GB per subscriber is 60 million gigabytes of legitimate P2P throughput. And that's just getting ready for Cataclysm this autumn. There must have been several hundred million gigabytes more with the last two expansions and over the life of the game, to say nothing of Starcraft II (huge pre-loads of the entire client!) or other game companies than Blizzard (gasp!).

So, indeed, 60 million gigabytes != all but "almost every single byte of it". Even if piracy does account for a lot, even a majority, of P2P traffic, it does have a nontrivial legitimate usage that Internet users have a right to.

Re:Isn't this going to get expensive?

[icebraining]

No, they're not guests, they're paying users of that network - that's part of what tuition pays for. Are you a "guest" of your ISP's network? Do they have the right to go through your data? Then why is it any different in this case?

Re:Isn't this going to get expensive?

[Lord+Byron+II]

Wow, I got modded "flamebait". Amazing.

To answer the replies I've gotten so far:

-Yes, it's a private network. My lab on campus is funded by the NSF and the state, but that doesn't mean that you have any right to come in off the street and use my desk. Similarly, most public libraries require you to register (ie, get a library card) before you can use their networks and even then they tend to block a lot of services (including p2p).

-The fourth amendment has typically only been applied to your own personal property (ie, your house, your car). I'm unaware of any 4th amendment legal precedent that the government is not allowed to monitor the traffic on its own network. Again, the 4th amendment works on the idea of the expectation of privacy and I don't think you can have that when you're using a state-funded Internet connection on a state-funded campus.

Re:Isn't this going to get expensive?

[Shakrai]

I'm unaware of any 4th amendment legal precedent that the government is not allowed to monitor the traffic on its own network.

I'm going to refer to your post the next time somebody suggests that we need a municipal owned last mile to "fix" our broken broadband market.....

Re:Isn't this going to get expensive?

[mcgrew]

Too bad there's not a "-1, ignorant" mod, or you would have been spared the "troll". BitTorrent is P2P, and most of its traffic is legal; Linux distros and the like. Plus, there is ten times as much indie music as RIAA music on P2P, it's just that the indies, not having radio, rely on P2P, MySpace and Facebook, which is why the RIAA is against P2P; it isn't about piracy, it's about stifling the competetion.

I bought some lighter fluid...

Can you point me to the appropriate police department to turn myself in as a possible arsonist?

So

You're young, living on your own for the first time, and the place that's supposed to be teaching you stuff announces that at the first sign of a misstep they'll "discipline" you and then hand you over to the police for a second helping of same, with a permanent record attached to boot.

What a wonderful way to grow up.

this new file sharing app Ares??

[kamakazi]

Did I miss something? Have the people coding Ares implemented a new protocol, or is this college 5 years behind? Of course, having actually been involved in writing software to track computers on a college campus I am also curious how the college is fingerprinting machines to detect MAC address spoofing, but since this is a press release I wouldn't expect any technically informative information.

Re:this new file sharing app Ares??

[kamakazi]

Managed switches don't help prevent MAC address spoofing unless you actually allow a MAC to only connect through the port it first connected on, which kinda gets in the way of people roaming on wifi. Yes there are actually wireless solutions that will approximate physical location by access point triangulation, but good luck in a busy spot. Actually identifying a specific computer on an untrusted network (which they all are these days) is extremely difficult. Knowing what port a particular machine is plugged into is easy, but knowing what machine it is is not. Some wireless solutions now also backhaul all traffic to a wireless controller, so when you roam your connection point to the network doesn't change, but like I said, specifically locating a wireless machine is also next to impossible in a busy public spot.

The problem with MAC spoofing is the incredibly difficult time the person who gets spoofed will have proving their innocence. And of course the legal types on the plaintiffs side will attempt to tell a jury that a MAC address uniquely identifies a machine, and if the poor innocent spoofee gets a normal non tech-savvy lawyer they will probably succeed.

Re:this new file sharing app Ares??

[kamakazi]

"Most college networks require a login to use- even from your personal computer(s)."

Actually, not a login, for the simple reason that that breaks all non-browser devices. They require registration of your device, but if they required a login then no Playstations, Xboxes, or iPhones would work, because you can't login with an email client or a video game. Once a machine is registered (Identified by the closest thing there is to unique, the MAC)then all the bad guy needs to do is check to make sure the target machine is not on at the moment, and spoof the MAC address. The traffic will be logged as belong to the poor innocent spoofee. And yeah, it may be less than 1% that know how to do it, but a single innocent person be persecuted or prosecuted is too many.

Re:not necessarily a bad policy

[betterunixthanunix]

the student wins: the police will mostly ignore the pirating

Until it turns out to be a student who runs a blog that criticizes the police department, or some politician wants to run on a "tough on crime" platform, or some police officer whose cousin works for the RIAA. Relying on the police to not prosecute people who are reported to them for breaking the law is not something I would do.

Mass-downloading of legal software

[captainpanic]

Students should just start downloading legal p2p software... at a massive scale.

Make sure that the university and the police department are getting overworked from false claims of illegal downloading.

It's a peaceful, harmless and non-violent way of teaching stupid people that p2p is not always illegal.

Re:Mass-downloading of legal software

[DurendalMac]

Unless there was already a clause that policies may be subject to change with proper notification, in which case it is not void. The university would be retarded not to have that in the contract already.

Valdosta State's rep in Jeopardy

[digitaldc]

Valdosta State was right up there with Harvard and Yale at the top of my applications list but seriously, who would even THINK of going there NOW? ;)

Re:not necessarily a bad policy

[circletimessquare]

of course the police can abuse you. of course anyone can abuse you. but you need to learn that, just as crippling in this world as an overabundance of trust to people who don't deserve your trust, is the existence of people like you: those with such a crippling poverty of distrust that you won't even expect a simple human baseline of behavior in civil society

the abuses you imagine above are rare. of course you might someday suffer from these kinds of abuses. and of course the ceiling can crash on your head right now. you can't live in a shell, expecting the worst all the time. you need to place some trust in your fellow human beings if only because you suffer the most when you assume the worst possible scenario all the time. most people are good and decent. really

As A Georgia Resident...

[somaTh]

I found the headline misleading. Georgia College is not doing this. North Georgia College isn't doing this. South Georgia College isn't doing this. East Georgia College isn't doing this. Not even Middle Georgia College is doing this. I'm just saying, if you're going to capitalize Georgia College, make sure that's actually in the name.

Criminal vs. Civil

[watermark]

I thought your run-o-the-mill copyright violation was a civil matter. Shouldn't they be reporting the students to the copyright holders?

Re:Parents will appreciate this

[TheGratefulNet]

the 'you must go to college' meme is slowly dying.

actually, it should. not everyone should be in college. furthermore, the 'thinking arts' that america uses to be known for is fading (overseas). the notion of going to school, doing your time in studies and having it pay back is a BROKEN SOCIAL CONTRACT and those of us already at-age know this ;(

if I had kids, I would not send them to college. I'd send them to a trade school where they work with their hands in some form (mechanic, plumber, electrician, capenter, etc). these are the outsource-immune jobs. they're less 'sexy' than IT work but IT work simply won't exist in this country when elementary school kids reach the workforce age. like I said, the social agreement of 'study hard and you will get a good job' is busted now and will be even more as time goes on. american 'thinkers' are something companies are now considering to be *too expensive*.

universities are VERY expensive and often don't pay for themselves (again, lack of jobs can make school a pure expensive and not ever by worth what you paid for).

and now you have universities being openly hostile to their students.

I would simply drop out (in fact, I did, back in my day) and get my own education. work experience matters more than a paper degree for most jobs in IT once you get beyond entry level.

the day where you assumed 'grow up and go to college' was for everyone just does not apply anymore. in fact, sending 'everyone' to college was a failure waiting to happen.

if I was trained in construction or plumbing or auto repair, I'd still have a job. but being in software development means my country has sold me out to india/china/etc. I really wish I was in another field and I hope some of you software-thinking kids will reconsider this already saturated field and find something PHYSICAL that you can do for work. those things tend not to be outsourced.

I refused to do this when I worked in Uni IT

[rAiNsT0rm]

I used to work for a university's network dept. at a fairly high level and it fell on my shoulders to handle the RIAA complaints, I pretty much refused because it was ridiculous. When I would be forced to turn info over, I would just give them IP's which were basically useless but they would never get back to me for more info. When the pressure really got strong, I decided the only way I would comply would be to install a device that did actual audio fingerprinting. This way it wasn't just a witch hunt or false positives based on someone simply using P2P or a filename but verified inspection and reporting. Even then, it had it's own way of handling it internally, after each offense it encountered it would email the user with the info and a warning, after 3 infractions it basically cut the port speed to 56k for that user so they could still do school work but little else, any additional infractions resulted in reporting.

It put the onus on the student and was as reasonable as could be for the screwed up system in place. In the end the RIAA should never have as much power as it does and the fines should be at most $5-20 per song which is between a 500% and 2000% penalty which is quite enough without being so insane as the current system is. No matter how you slice it, it is B.S.