By Ian Knott
On September 1 this year the highly controversial Infringing File Sharing Act kicks into action. Despite its well documented shortcomings, discrepancies and punishments for repeat offenders, the law has the potential to have an impact on small and medium sized businesses.
Of course, it will impact on large businesses too, but these are often the ones with dedicated IT personnel, detailed employee IT policies, solid firewalls and monitored traffic.
For a smaller business however, having your internet service cut-off along with the possibility of being fined $15,000 for downloading even a single song could be crippling, to say the least.
The law works on a “three strikes” system where copyright owners get IP addresses from Peer-to-Peer (P2P) networks. They will then contact the ISP of the user and initiate an infringement notice. The ISP will then send out the notice to the account holder — this is the first warning.
That warning lasts for 28 days during which any further infringements will not attract further warnings (but will be logged). After that though, another two warnings will be sent, both lasting for 28 days.
At the expiry of the third strike, and providing the infringing is still taking place, an enforcement notice will be issued that the account holder will have 14 days to challenge before court proceedings are started.
That’s a minimum of 98 days before the proverbial hits the fan — plenty of time to get to the source of the problem, but not long if you procrastinate and put it into the ‘too hard basket’.
Your ISP can only trace traffic back to your router though, not back to the individual computers connected to your network.
That means the onus is on you, as the account holder, to investigate who is doing the offending.
So how can you take steps to protect yourself and your business from the ignorant, malicious, selfish or technologically naïve employees?
There’s no easy answer, as any determined user ‘in the know’ will be able to circumnavigate your attempts to block them:
➜ Prevention should begin with your employee IT policy — which anyone you employ who uses a computer on your network should have signed already. Your policy needs to specifically cover P2P, torrent files and illegal downloads of music, movies, software and other copyrighted material. Your employees need to know beforehand that even the minimum infringement fine may result in business closure and therefore everyone’s jobs.
➜ Monitor your monthly data usage. Watch for any unexplained spikes in your usage, which is much easier to monitor and explain the smaller your business is. Sudden spikes of 2GB or more should arouse suspicion. Operating systems, office suites and design programs regularly update themselves, which can be sizeable downloads — so these can be a cause of some data spikes.
➜ Block the download of some specific file types. .torrent, .avi, .mp4, .mov, .mp3, .m4a, .flac. If some of these file types are actually needed then one or more computers (with trusted users) can be ‘unlocked’ to allow to download. This is done at a server/firewall/router level and requires a medium level of IT knowledge, so it might be worth getting the experts in. Again, there are ways to circumnavigate this but should be sufficient to cover most users.
➜ Check computers for Bittorrent Clients. As a rule, downloading P2P torrents requires a piece of software to do so. Bittorrent, uTorrent, Vuze, Transmission are all popular options, but there are dozens more. There is no need to have them on a computer unless someone is downloading torrent files. However the web browser Opera also has torrenting capabilities —so be vigilant.
➜ Bittorrent clients usually route traffic through a specific port by default (although this can be changed if a user knows how). This port can be blocked on your router, again consult an expert.
➜ Make sure your wireless network is fully secure. It is incredible how many still aren’t. Someone in the general vicinity could be illegally downloading using your internet connection – and there’s no way of finding out who. Make sure only authorised users are allowed to access your network.
Ultimately, the issue is a real one and should be addressed by every business that uses computers before the law comes into full effect. If you’re not technologically minded enough to put protection in place then there are a heap of eager professionals out there who can come in, advise, secure and even monitor your network and web traffic.