, with no cap on the amount of commonly used to trade copyrighted What is Peer-to-Peer ? bandwidth it can use. Thus, a single NSF PC and . connected to NSF’s LAN with a standard The Recording Industry Association of A peer-to-peer, or “P2P,” file transfer 100Mbps network card could, with ’s America tracks users of this software and has service allows the user to files default settings, conceivably saturate NSF’s begun initiating lawsuits against individuals through the . Examples of P2P T3 (45Mbps) internet connection. who use P2P systems to steal copyrighted services include KaZaA, , , The KaZaA software assesses the quality of material or to provide copyrighted software to , and . the PC’s internet connection and designates others to freely. These services are set up to allow users to with high-speed connections as search for and download files to their “Supernodes,” meaning that they provide a How does use of these services computers, and to enable users to make files hub between various users, a source of available for others to download from their information about files available on other create security issues at NSF? computers. users’ PCs. This uses much more of the When configuring these services, it is computer’s resources, including bandwidth possible to designate as “shared” not only the and processing capability. How do these services function? one folder KaZaA sets up by default, but also The free version of KaZaA is supported by the entire contents of the user’s computer as Peer to peer file transfer services are highly advertising, which appears on the user well as any NSF network drives to which the decentralized, creating a network of linked interface of the program and also causes pop- user has access, to be searchable and users. This allows a user to search through the up advertisements to appear at irregular downloadable by other users. files of all of the linked computers to find the intervals on the PC. KaZaA also initiates the Downloaded software and other files may desired file. installation of / , which can contain viruses, spyware / adware, or hacks disseminate information about your computer In order to use one of these services, a user such as trojan horses or DDoS drones, usage, cause additional pop-ups, and cause must download the appropriate software from potentially harming NSF computers or your computer to slow down and/or become the Internet and install and configure it. allowing outside users access to secure NSF unstable. The spyware / adware persists on the systems. What happens when P2P software PC even after KaZaA is uninstalled. is installed? What is NSF policy on the use of What is traded over these services? P2P file transfer services? We will use KaZaA as an example. The P2P file transfer services have been crafted KaZaA program is free, and installs Generally (per NSF Bulletin 98-13), NSF very rapidly, and automatically configures to be independent of the content transferred over them, in order to skirt the legal liability employees’ personal use of IT resources is your computer to run the P2P software authorized under the following criteria: continuously whenever your computer is on. that brought down . Nevertheless, it is The default settings also provide for your generally recognized that the services are most • Reasonable duration computer to participate in unlimited file • During personal time as much as possible • No interference with official business illegal activities, with the result of possible • No additional cost to the government adverse personnel action. • Not offensive to coworkers or the public If you want to download non-copyrighted material, you should do so only in moderation, • Not for illegal activities during personal time as much as possible so With regard to (per NSF there is no interference with official business. Bulletin 03-21), NSF employees are to Extensive use of these services that OIG evaluate the purpose of the share, and the compromises your ability to perform your job sensitivity of the to be stored, and may result in adverse personnel action. apply the appropriate permissions [to the There is no legitimate purpose for the use Office of Investigations folder being shared]. A good strategy to use of P2P file transfer services at NSF to make is “need to know,” limiting access to only files available for except as part of your those users who have a specific and official duties. Any such use should comply immediate requirement to view or modify strictly with NSF’s file sharing policy. the data. To enforce this, NSF will periodically scan the How can you contact us? network for shares with overly-broad permissions, and take appropriate action when Internet Website overly-broad shares are found. oig.nsf.gov Thus, NSF’s file sharing policy focuses on E-mail Hotline NSF employees making files available for [email protected] upload from their PCs—with regard to Telephone employees’ use of P2P services to download 703-292-7100 files, NSF’s overall policy on IT resources Peer to peer file transfer by applies. OIG Confidential Hotline NSF employees 1-800-428-2189 Should I use P2P file transfer Fax services on my NSF PC? 703-292-9158 Downloading copyrighted works is illegal, Office of Inspector General opening you up to civil and even criminal National Science Foundation liability. It is also contrary to NSF policy for 4201 Wilson Boulevard, Suite 1135 NSF employees to use NSF IT resources for Arlington VA 22230