After years of news coverage about the now-defunct Napster and its battles with the record labels and recording artists, it would seem unlikely that your clients’ workers wouldn’t understand the potential for abuse posed by peer-to-peer (P2P) file-sharing applications. But file-sharing programs, which can be used to download video, music, and movies, are often found on workers’ PCs. Any network administrator will tell you that it’s also common to find large music and video files on a user’s share of the corporate network.

Despite the drain on network resources, the most significant problem can occur when employees unknowingly (or otherwise) download copyrighted material onto their local machines or company network. The Recording Industry Association of America (RIAA) has been the most outspoken against companies that allow employees to download copyrighted material. In March, the RIAA sent letters to employers that warn of damages against employers and threaten to try to confiscate computers used by workers. (The RIAA claims that each month, about 2.6 billion copyrighted works are downloaded.)

As a result of such widely publicised threats, many organisations have banned file-sharing applications to head off any liability or use content-filtering tools to prevent workers from using P2P applications. In other instances, organisations will allow the use of file-sharing programs on a case-by-case basis, as with CNET, which states in its Electronic Services Policy that “file-sharing programs such as Gnutella and Kazaa have caused serious network disruption and accordingly may not be used on the Company's network without permission.”

Whatever you decide to do—ban the use of file-sharing programs or offer conditional usage—you should have a policy on the books that makes it clear what employees are allowed to do. To help you determine the best course for your organisation, we’ve put together a policy below to help you and your clients make a decision.

Since file sharing is just one online activity that you oversee, you can add this policy to your existing documentation and circulate it so that employees will be aware of its restrictions. Other employers have new hires sign their usage policies as part of their orientation process.

If you have a file-sharing policy that you think would help other TechRepublic members address questions regarding these applications, send it to us.

P2P file-sharing policy

Overview

As an addendum to the company's Acceptable Use Policyââ,¬"which details the utilisation of the company network, the Internet, e-mail, and employees' personal computersââ,¬"this policy prohibits the use of Peer-to-Peer (P2P) file-sharing applications and goes into effect immediately.

The company's goal with this additional policy is to:

• Realise the maximum productivity from each employee.
• Address any potential liability from instances when employees download copyrighted material.
• Minimise network disruption.
• Protect the network from exposure to malicious code (worm, virus, Trojan horse).
• Protect the company's intellectual property.

Here is an explanation of each issue as it relates to file-sharing applications and our company:

Worker productivity
The ongoing health of the company is contingent upon each worker giving each task his or her maximum attention and effort. Using a file-sharing application to search for files, downloading them onto the company network or a client machine, and reading or playing them at a workstation is not germane to an employee's job duties and does not enhance a worker's productivity. Another issue is the possibility that P2P applications could disrupt software on an employee's workstation.

Liability
Although many materials have been placed on P2P networks with a creator's consent, much of the material (images, software, movies, music, video) has been duplicated from copyrighted materials. Downloading such files onto the company network or a client machine places the company at significant risk for legal action by the copyright holder and other organisations. File-sharing networks also provide ready access to pornography or other offensive material, subjecting the company and its employees to additional legal risk.

Network disruption
While the company has significant Internet bandwidth to accommodate all business-related activity, performance can degrade significantly when P2P file-sharing applications are used, especially when large files are being downloaded. This problem is compounded when other users on the P2P network use company bandwidth to download files from the employee's computer, which can significantly slow other services such as e-mail, Web browsing, andââ,¬"more significantlyââ,¬"e-commerce on the company Web site.

Security
P2P networks can introduce significant gaps in an otherwise secure network. Threats such as worms and viruses can easily be introduced into the company's network. P2P applications, if modified, can also allow users outside the company to gain access to data on the employee's computer or even the corporate network. (Although most P2P applications allow users to disable file-sharing, such measures do little to prevent threats from being downloaded onto a user's machine.) Some P2P applications will also allow third parties to see the user's IP address. The use of so-called spyware, which can allow network users to see your Internet browsing or can harness the use of your machine's resources, is also common on many P2P applications.

Protecting the company's intellectual property
The use of P2P file-sharing applications can sometimes allow other members of the P2P network to have access to everything on your local machine, putting the company's intellectual property assets, as well as an employee's personal information, at risk.

TechRepublic is the online community and information resource for all IT professionals, from support staff to executives. We offer in-depth technical articles written for IT professionals by IT professionals. In addition to articles on everything from Windows to e-mail to firewalls, we offer IT industry analysis, downloads, management tips, discussion forums, and e-newsletters.

©2003 TechRepublic, Inc.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.