Policy Name: Peer-to-Peer (P2P) Networking
Policy ID Number: 03-05-003
Version Effective Date: June 6, 2010
Last reviewed on: January 1, 2019
Policy Applies To: All members of the University community, consultants and contractors who use NJCU network resources, including the GothicAir wireless network.
Responsible Office: Information Technology


INTRODUCTION AND STATEMENT OF PURPOSE
What is P2P?
Peer-to-peer (P2P) programs are file-sharing programs designed for the easy transfer of information between individuals over the Internet. P2P file sharing applications allow individuals to set up a computer so that other people can access whatever files are made available to them. In turn, all resources available on other peers become available to the individual. Examples of P2P programs are, Morpheus, Bittorrent, Limeware, Kazaa, eMule, Piolet, and Gnutella.

POLICY
Legal & Practical Risks in Using P2P Networks Copyright
By far, the greatest problem with P2P systems is that consumers are violating copyright laws by sharing copyrighted materials via these programs. Providing or obtaining copyrighted material (e.g. music, movies, videos, text, etc.) without permission from the rightful owner violates the United States Copyright Act and university policy.

Network Capacity
The propensity of P2P clients to engage in “protocol chatter” with other clients on the network generates so much network traffic that they adversely affect network performance for users who share the same local network. Running P2P services burdens the University network and the Internet interface, especially when the server is popular and processing excessive, high-volume transfers of files.

Network Security
Another serious problem with setting up a P2P server is the possibility of opening a security hole for hackers, allowing them access to the computer and the University network. Peer-to-peer file sharing applications differ in how much security they provide, but generally it is minimal. The risk is further exacerbated by poor design and implementation of some of these services that are rushed to the market with little or no testing.

Policy
The use of P2P software is expressly prohibited without prior consultation and permission from the Department of Information Technology Data Network Unit. Further, all unauthorized P2P file sharing applications must be removed or disabled while connected to the University network. Those found running unauthorized P2P servers will have their network connections turned off. This may be a permanent block, pending review of the alleged violation.

Authorized peer-to-peer traffic will be segregated and bandwidth throttled by IT Network Administrator based on utilization and effect on overall network traffic. Additional limits may be placed or requested to be removed completely if the software severely impacts network performance.

If an artist, author, publisher, or law enforcement agency notifies the University regarding copyright law violation, the relevant offices within the University will investigate the complaint. In some cases, violations could result in criminal prosecution under state and federal statutes.

Enforcement
The University considers any violation of the Peer to Peer Policy to be a serious offense and reserves the right to copy and examine any files or information resident on University systems allegedly related to inappropriate use. Violators are subject to disciplinary action including loss of all University computing privileges and possible criminal charges including civil damages. Offenders also may be prosecuted under various state & federal laws including (but not limited to) the Privacy Protection Act of 1974,The Computer Fraud and Abuse Act of 1986, The Computer Virus Eradication of 1989, Interstate Transportation of Stolen Property, and the Federal Electronic Communications Privacy Act. Access to the texts of these laws is available through the Reference Department of the Library. Violators may also cause the University to be liable to civil or criminal penalties.

Procedures
Removing P2P Software
Removal is typically done through an uninstall program. To achieve this in a Microsoft Windows environment without an uninstall program, click on the START button, select SETTINGS 4CONT PANEL… then double-click ADD/REMOVE PROGRAMS. For assistance in removing the application, please contact the Help Desk by calling HELP (x4357) or send an Email message to HelpDesk@njcu.edu

Requesting Use of P2P Software
To establish P2P services, contact the IT Help Desk by Email at helpdesk@njcu.edu . Please be prepared to provide the following information:

• Name of software and technical details of implementation
• Reason for use and duration of use
• What devices will the software be installed on
• Location(s) where the software will be used

Consultants and contractors who intend on using P2P software must state so in the bid and contract documents, and include the above information. The software will be evaluated by an IT Network Administrator for the impact on the University network, network security, and computing resources. The request will also be evaluated for its educational or research value. If approved, IT will assist in the implementation the service. Service will be blocked at the end of the authorized period requested.

Key Performance Indicators (KPIs)
The following success of the policy will be assessed annually using the following quantifiable measures:

• Only authorized P2P networks running over the University network.
• Requests for P2P services evaluated and appropriate action taken for each
• Copyright infringement notices handled promptly and appropriately Procedures

Explains how to carry out the policy and gather information required to monitor KPIs.

DATE TO INITIATE REVIEW AND UPDATE
As deemed necessary or appropriate by the Policy Coordinator but at a minimum, at least every 5 years from the date of last review.