 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Witness Testimony
Mr. Norbert Dunkel
Online Pornography: Closing the Doors on Pervasive Smut.
I want to thank you for the opportunity to appear before the subcommittee to provide you information regarding the education of resident students and a new approach to mitigating Peer To Peer (P2P) file sharing. With me is Mr. Rob Bird the architect of the software program ICARUS which is an acronym for Integrated Computer Application for Recognizing User Services. Many of you likely lived in a residence hall while attending a college or university. Today's residence halls possess many more amenities and services than when I attended Southern Illinois University at Carbondale. I came with a suitcase, box, and electric typewriter. The other students could not believe I had an "electric" typewriter. There are approximately 2 million students living in residence halls on campuses in the United States. Today, students are moving into residence halls where suites and apartment style living is becoming increasingly available. The amenities that exist in residence facilities today include enhanced studying and recreational facilities; contemporary dining accommodations; and larger rooms with more storage to name a few. However, one of the greatest additions to residence halls is high speed Ethernet connection. The primary purpose for providing Ethernet connection in residence halls is to support the academic mission. Many institutions, including the University of Florida, utilize this high-speed residential connection for on-line classes; accessing on-line services (i.e., class registration, room sign-up, ordering class textbooks, etc.); replaying video classes; accessing class syllabi; and working on group projects. We have seen connection speeds grow in six or eight years from slow dial up modems to 10 MB to 100 MB to 1000 MB (1 Gigabit) speeds. As a comparison, with a dial up modem it would take a person about 27 hours to download a two-hour movie. With a Gigabit connection, it takes about 6 seconds to download a two-hour movie. The speed and efficiency of this technology is tremendous. As housing professionals, we have two duties regarding the data connections we provide to students. First, we have a duty to educate our resident students as to the acceptable use of their computer and the network. Second, we have a duty to be good stewards in maintaining the technological infrastructure that we provide students. Education In educating the resident students, we see many of our housing operations across the United States having integrated the academic community within the residential setting. Institutions have residence halls with live-in faculty, "smart" classrooms, faculty offices, space for tutoring, and space for academic advising. We see science-based (i.e., engineering, math, etc.); education-based (teaching, etc.); and fine arts-based (i.e., architecture, dance, theatre, etc.) residential academic communities. These types of arrangements and others lead to increased grade point averages for residents, increased graduation rates, increased respect for faculty, and increased psychosocial development. The education of our students is no longer taking place only in the classroom environment. The classroom environment is now in the residential setting. Accompanying the residential academic environment is the need for housing operations to assist in the education of resident students on acceptable uses of the technology available to them. In an on-going study (J. Haynes and N.W. Dunkel, 2004), we have found that of the institutions surveyed with high speed connections in residence halls, 92% actively or passively educate their residents on the acceptable use of their computer and the Internet. There exist a number of different approaches to this education. The information that is shared with residents may be as simple as defining terms and providing answers to frequently asked questions. The information may provide a general overview of the various aspects of a network and computer usage. At the University of Delaware, students must take a responsible computing exam before they can obtain a network ID and password. The exam covers copyright resources, computer security, spam and harassing e-mail, bandwidth measurement, and commercial and charitable use. At the University of Hawaii in Manoa, residents sign for the handbook accepting responsibility for reading and following the rules contained within. At the University of Florida, residents register their computer on-line and electronically sign that they have read, understand, and will abide by the policies governing acceptable use after viewing an educational presentation describing their responsibility. We know that for some students, reading the policies is all they will ever need. They will accept the policies and make no attempt to circumvent the policies. For other students, we need to be more active in our oversight and education. Stewards of Technology Housing professionals must be good stewards of the technological infrastructure provided to students. The information that follows provides a summary of the ICARUS program developed by Mr. Rob Bird. ICARUS is a network management tool and one of the tools available is the mitigation of P2P file sharing. Introduction The University of Florida Department of Housing and Residence Education's Mission Statement is to provide well-maintained, community-oriented facilities where residents and staff are empowered to learn, innovate, and succeed. As staff worked to develop a software program to mitigate P2P file sharing, discussion continued on how to simultaneously educate resident students while maintaining a network service free of illegal copyright sharing behaviors. This was a daunting task as most first-year students arrive to campus having practiced P2P file sharing at home during their high school years. According to students, during high school years very little education on illegal file sharing was provided and student behavior remained unchecked. University of Florida housing staff wanted resident students to understand that when they arrive on campus, a new level of personal behavior and responsibility on the use of their computer would be expected. ICARUS ICARUS "pulls information from commercial and open-source tools used to monitor the network and spots traffic patterns that look like P2P transfers. ICARUS then tracks down the user's IP address, flashes a pop-up warning and limits its access to the internal campus network. An e-mail alert is sent to the student, who must agree to suspend use of the offending P2P desktop software to regain full Internet access" (p. 40, Network Computing). "There is no debate about ICARUS' effectiveness. Before it was turned on, there were as many as 3,500 simultaneous violators at any given time on the Gainesville campus, school officials say. On the day the switch was flipped, 1,500 violators were caught. There were only 19 second time violators and no third-time violators. Purged of the digital cholesterol of media files, the network saw an 85% drop in uplink data volume" (p. 42, Network Computing). Department of Housing and Residence Education Network Architecture - Technical The University of Florida Department of Housing and Residence Education computer network (DHNet) consists of Cisco Catalyst 4000/5000/6000-series switching equipment, and supports standards-compliant TCP/IPv4-services for its residents. The fully-meshed 4000 Megabit/sec Ethernet core network consolidates edge switches via 100Mb and 1000Mb connections. A campus-wide VTP domain is maintained, managed by multiple central VMPS servers. Virtual LANs are deployed on a per-building basis to provide proper segmentation and encompass multiple levels of access granularity (Table 1). Specific services are subsequently provided by the UF DHNet and UF HRE web sites, depending on the source of access. Table 1
Development and Deployment of ICARUS Beginning in December of 2002, the Department of Housing and Residence Education Network Services group initiated the development of a system to aid in the enforcement of its computer security policy. The system that was created was known as ICARUS, (Integrated Computer Application for Recognizing User Services). ICARUS was designed to meet three primary design goals. First, to create a lightweight, distributed framework that allows for the collection of information from a variety of disparate sources so that the data can be evaluated and acted on in a unified fashion. Second, to create a system that allows for the real-time identification, containment, and education of managed network users while striving to minimize the impact on their academic use. Third, to leverage the use of GPL and BSD-licensed software, where possible. To this end, ICARUS consists of five main modules which may be activated on as many, or as few, systems as possible. These modules coordinate to parse, cache, store, and analyze information, while also acting as automation agents for implicit and recommended actions by ICARUS. Initial development of ICARUS focused on three core tasks. First, it was necessary to build a system for identifying users and tracking hardware movement within the network while allowing for the flexibility required of a residential system. The initial system comprised three levels of access and did not include a registration process for residents. While this system was adequate for private residence port authorization in light of the UF HRE judicial responsibility policy, it did not adequately support the use of public access ports, nor did it provide for a bulk way to handle the containment of security outbreaks. This solution was also deemed inefficient due to its heavy reliance on SNMP. Later, this system was expanded to six levels of access to address these additional operational requirements, and moved to leverage VMPS for superior access management. User registration was also added to more positively establish authorization without the use of network logon technologies, which are often cumbersome in "always-on" residential environments. Second, development was focused on containing P2P application use as an example of ICARUS' ability to detect and react to complex network management situations. By combining data from a variety of tools, it became possible to take a multi-faceted approach to application recognition. This approach allows ICARUS to react very quickly to both changing applications and policy requirements by removing reliance on a single application's ability to fully identify and contain unacceptable P2P use. In essence, it establishes a framework which allows for the ready automation of analysis and action that traditionally had to be performed with manual intervention. Third, development was focused on building Perl actions for ICARUS to take, namely those involving VMPS, Windows Messenger Service, SMTP (internet email), SQL, attendant security tools, and assorted SNMP actions. These actions were then customized to support the active network education plan created by HRE. Education of Resident Students The education of resident students takes place passively and actively. The passive educational program includes four steps: (a) Staff distributes an acceptable network use brochure during the check-in process. This brochure contains information on the overview of the housing network; relays the fact that housing aggressively enforces its ISP policies; briefs the student on servers, copyrights, and the DMCA; provides information on the housing network monitoring and service restriction process; provides answers to frequently asked questions; and provides information on how student computer behavior is a part of the University of Florida Student Code of Conduct. (b) Staff places informational stickers by each housing data port. These informational stickers provide instructions to resident students on how to register on to the housing network. (c) The paraprofessional residence hall staff are trained prior to student check-in. These training sessions provide basic information so that staff are able to answer many of the student questions regarding the housing network. (d) The UF DHNet web site contains all the information regarding HRE Network Services. Students can read the information prior to their arrival at the University of Florida to understand what is expected and necessary when they register on to the housing network. The active educational program designed by HRE is powered by ICARUS and supported by the UF DHNet and HRE websites. When ICARUS detects user activity deemed unacceptable by policy, an appropriate series of actions are performed. In the case of a violation of the HRE P2P policy, for example, the user in question is sent a notification pop-up message to their machine, a notification email to their official University email account, and all the computer systems owned by that resident are promptly restricted to campus-only network access (Table 2). This restriction is in effect regardless of where the resident physically goes within the HRE network, preventing abuse by those using public access ports. Simultaneously, an entry is created in the DHNet violation system, HAMMER. A snapshot of the user's activity, including all evidentiary data, is then added to the database, and correlated with past violations (if any). Residents are required to then visit the DHNet website in order to restore their access. When the resident visits the website with any of their computers, the page automatically recognizes them, and presents the resident with the list of violations. Instructions are provided for remedying each violation, and then a violation-dependent policy presentation is provided. Student violators are then presented with the terms of their restriction. It should be noted that the time counter for restriction does not officially begin until they have signed the on-line form with their University ID (access was still restricted before, however). Table 2
Outcomes of ICARUS Deployment The impact of ICARUS' deployment has been profound and immediate. Over the course of the six week Summer A term (608 Resident Users) and six week Summer B term (2435 Resident Users), 863 total P2P violations were detected and restricted by ICARUS. What is most striking, however, is the recidivism rate at each violation level for P2P use (Table 3). Table 3
Additionally, ICARUS had a marked effect on overall internet bandwidth utilization. The HRE network experienced a drop in upload utilization of almost 83%. Perhaps more impressive was the 3% increase in download utilization versus previous periods. Analysis demonstrated conclusively that the slight increase was due to people searching for, and finding, new legitimate sources of rich content. Furthermore, there was a noticeable increase in the viewing of online streaming video content. I am pleased to provide you with this information. Housing professionals do have a responsibility to educate resident students on the acceptable use of their computers and the network. There exists numerous opportunities for students to use technology with legitimate purposes. Educating students to these purposes is part of our responsibility and stewardship. References Haynes, J., & Dunkel, N.W. (in process). P2P resident education in the United States. Joachim, D. (2004, February 19). The enforcers. Network Computing, pp. 40-54. Related Documents |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
