Non-work use of the company's internet connection is not
only a waste of time and bandwith, it could also have serious legal
repercussions for the business, says Frank Coggrave.
Is discovering an employee downloading the latest
Britney Spears song using free peer-to-peer (P2P) software just a
nuisance to the IT manager? Is it eating up network bandwidth, or
is it just an unsupported application let loose on the company's IT
infrastructure? To quote Peter Cook and Dudley Moore, the answer is
"not only, but also".
These issues are a concern to any organisation, but it is also
illegal. Downloading pirate material not only infringes existing
copyright laws but, since March this year, it also breaches the EU
Directive for the Enforcement of Intellectual Property Rights. This
makes the US digital media rights laws pale in comparison.
Civil penalties
Under this directive, which member states must incorporate into
their national law in the next 15 months, counterfeiters and
pirates will be prosecuted, facing fines and other civil penalties
for breaching intellectual property rights. In the fight to crack
down on this type of crime the directive enables copyright owners
to seize users' assets and freeze their bank accounts, regardless
of whether there was any financial gain.
The law can be used by music companies and owners of intellectual
property to prosecute those who use P2P systems to illegally
download music or other content.
Although an amendment was included to treat consumers downloading
the current number one single differently to organised gangs
running large counterfeit operations, it will not do much good for
a company's reputation if one of its employees is accused or
prosecuted. Litigation to date includes a 23-year-old German man
facing a bill for £5,300 for storing 6,000 MP3 files on his
computer and 88 Danish filesharers facing an average fine of £2,000
each.
If the pirate music is found on the company's servers, arguably the
company could be complicit, with the finger being pointed at the IT
director.
But is it much of a problem? Recent research suggests so. The
British Phonographic Industry has revealed that eight million
people in the UK download music, with 92% doing so via illegal P2P
software.
Experts believe that at least 75% of downloads are taking place at
work, where people can access faster internet connections. So what
can IT directors do to avoid opening their systems to abuse? Should
they prevent employees accessing the internet? Although this would
solve the problem, this Draconian approach would do little for
employee morale and could reduce workers' productivity, especially
as a large number of staff need to use the internet to do their
jobs.
Even requesting employees to avoid certain websites and downloading
applications from the web is not completely foolproof. It is a fact
of life that there will always be users who persist in disobeying
the rules, especially if they think it is harmless. At the same
time, companies should not leave themselves open to abuse - it
would be like leaving the keys in the ignition for car
thieves.
P2P software is not illegal in itself. Organisations should be
asking whether they want to allow their employees to download these
applications that pride themselves on infiltrating the network and
beating defences. What is more, no P2P application has been
delivered yet that offers a real business advantage. So why enable
users to download these applications?
Ultimate responsibility
Ultimately IT directors are responsible for ensuring that the
appropriate controls are implemented to mitigate the risks
associated with the use of pirated software. It is their job to
ensure that employees are using the internet sensibly, according to
company guidelines. It is not the duty of the ISPs nor the
file-sharing software providers to regulate how their systems are
used.
Companies need to draw up clear internet access policies and ensure
they are both communicated and enforced. Non-work use of a
company's internet connection is not only a lot of wasted employee
time and bandwidth, it could also have serious legal repercussions
for the business.
The excuse "we couldn't stop it" also does not work. Technology and
processes are available to clamp down on this abuse and protect
your reputation.
The Police are great, but keep them off your severs, and away from
your door.
Frank Coggrave is UK regional director at
Websense