Information Technology Policies and Standards

Title
Peer-to-Peer (P2P) Internet-based Applications
Type
Policy
Category
Security
Status
Deprecated
Approved
05/12/2004
To Be Reviewed
05/14/2008
Scope
Enhances the security of City information technology assets by prohibiting certain high-risk, publicly available applications.
Policy
The installation and/or use of Internet-based peer-to-peer (P2P) file-sharing or telephony software on City-owned computers is prohibited. No exceptions shall be granted.

A non-exhaustive list of prohibited software titles shall be published in a standard.
Rationale
  • There is no legitimate City business purpose for using these programs.
  • Many of these programs, when installed, also load "ad-ware" or "spy-ware" programs as well. "Ad-ware" can cause unsolicited advertisements to appear in web browser windows, and "spy-ware" can record Internet browsing habits and transmit the information to third parties without your knowledge. Recent studies estimate that approximately 50% of all files shared using P2P "networks" contain malware.
  • Most of these programs are configured by default to "share out"; that is, not only can you retrieve files from other users' computers, but they can retrieve files from your City-owned computer -- any time, from anywhere, without your knowledge. Not only might you be sharing music or image files -- you might be sharing sensitive City documents, personal data, licensed software, or anything else stored on your computer.
  • These programs facilitate file-sharing activity by effectively bypassing the City's network security infrastructure. Many of them have been proven to have serious security flaws. Just by running one of these programs, you could be making your computer (and the City's networks) vulnerable to viruses, worms, and other security threats. They also consume large amounts of network resources. Newer versions even use end-to-end encryption, preventing potential security threats from being detected.
  • All of the City-owned computers inspected so far that run this software are storing or sharing out inappropriate material: pirated computer software, copyrighted music, etc., which neither the City nor the employee are licensed to distribute, and which could expose the City -- and the employee -- to Federal civil or criminal liability. The Federal Digital Millennium Copyright Act carries severe penalties for infringements.

Contact: Lee Stark, (505) 768-2978