MPAA University 'Toolkit' Raises Concerns

Found on Washington Post on Sunday, 25 November 2007

The Motion Picture of Association of America is urging some of the nation's largest universities to deploy custom software designed to pinpoint students who may be using the schools' networks to illegally download pirated movies. A closer look at the MPAA's software, however, raises some serious privacy and security concerns for both the entertainment industry and the schools that choose to deploy the technology.

What we found was that depending on how a university's network is set up, installing and using the MPAA tool in its default configuration could expose to the entire Internet all of the traffic flowing across the school's network.

The MPAA overview of the toolkit stresses that the software does not communicate any information about a university's network back to the association. But in its current configuration, the very first thing the toolkit does once it is fired up is phone home to the MPAA's servers and check for a new version of the software.

The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited.

It would have been helpful if the Washington Post would have posted the IP of the server the software connects to, so that network admins can firewall it. As for the MPAA, there really isn't much to say; they are as shady as always.

Browse all articles« Previous « » Next »