Carnegie Mellon University
FTC Town Hall to Address Digital Rights Management Technologies - Event Takes Place Wednesday, March 25, 2009, in Seattle
Dimensions of P2P and Digital Piracy in a University Campus. This article presents findings from the first large-scale quantitative assessment of Peer-to-Peer (P2P) exchanges of copyrighted material on a college campus based on actual observation. Through passive monitoring and deep packet inspection (DPI), we assess the extent to which P2P is used to transfer copyrighted material. We also characterize the demographics of P2P users, the relative popularity of the material, and how the burden on the campus network varies over time. We found that at least 51% of students living on campus engaged in P2P, at least 42% attempted to transfer copyrighted material, and the mean number of copyrighted media titles whose transfer is attempted per week was at least 6 per monitored student. Some students use P2P legally, e.g. to transfer Linux software or non-copyrighted adult material, but we found no evidence that large numbers of students use P2P for these legal purposes and not to transfer copyrighted material. Students of all genders, ages, classes and majors engaged in file sharing, to the extent that demographics were not helpful in identifying likely file-sharers so as to target interventions. This study also provides lessons for those who would use DPI technology to reduce illegal use of P2P. If given enough weeks to observe, current technology is effective at identifying users who attempt to transfer copyrighted material, provided that their traffic is identifiable as P2P. Thus, DPI can be used to estimate the extent of piracy, and to notify individuals who may be violating copyright law. However, encryption is available and can be easily activated in most P2P clients. Once turned on, encryption prevents DPI from detecting whether transferred material is copyrighted, rendering it ineffective. If DPI is used for copyright enforcement that includes imposition of penalties, then P2P users or P2P developers may have the incentive to use encryption as a way of evading detection.