Beware of unauthorised P-to-P, firms warned

Unauthorised peer-to-peer file sharing on corporate networks appears to be far more widespread than many companies realise.

Unauthorised peer-to-peer file sharing on corporate networks appears to be far more widespread than many companies realise, a sturdy claims.

In a study of P2P file sharing at 560 companies, AssetMetrix Research Labs found that employees at 77.1% of those companies engaged in web-based file sharing during the past 14 months.

Some businesses had P2P programs on as many as 58% of their PCs, according to the study, which was released last week. About one in 25 employees were found to be using the P2P applications.

Aside from resource-sapping and security issues stemming from unauthorized downloads, corporations could find themselves legally liable for copyright infringement, legal experts said.

AssetMetrix posted its P2P-Tracker analysis program on its website to allow companies to check their networks for unauthorised P2P applications. It can be downloaded for free until 31 August.

Paul Bodnoff, president and chief operating officer of AssetMetrix, said his hosted IT asset management services business added the P2P detection service to address escalating legal liability threats. The software will identify instances of P2P clients, but companies have to pay for additional analysis. The cost of a 60-day monitoring subscription is $5 per desktop, or $16 per desktop for an annual contract.

Robin Bloor, an analyst at Baroudi Bloor, said keeping track of how employees are using their business-owned computers is a "very genuine problem" for companies. "Most [businesses] out there don't have any asset registries to see what's going on."

Meanwhile, Illuminata analyst Gordon Haff  agreed that although it is a good idea for companies to know about P2P applications being used by workers, such programs are used by only a small number of employees in most companies.

He added that the use of P2P programs does not always mean that copyrights are being violated, although it would be a natural assumption.

"The Recording Industry Association of America is on the warpath in terms of catching infringers and holding them up very visibly," Haff said. "Nothing is going to be more visible than catching an employee at a big company. It could be somewhat embarrassing and expensive."

Companies should have policies for their workers about P2P use on corporate networks and computers, he said. "To ban the use of all P2P software, given all the issues with it, seems to me to be a reasonable strategy," Haff said. The issue is "not in the top five that an IT manager should be worried about, but this is a relatively easy one to solve".

Marcelo Halpern, a technology attorney at Latham & Watkins in Chicago, said the RIAA's recent moves to go after individuals does not necessarily mean companies could also be under threat of legal action if the targets are their employees. On the other hand, he warned, "in theory, the company that provides equipment could be held liable as well".

The RIAA has been pursuing P2P companies in court over the past few years and recently announced threats to go after individuals who idownload and swap copyrighted music files llegally.

Todd R Weiss writes for Computerworld

Read more on IT legislation and regulation