Computing Services Offers Tips for Legal, Safe Computing �

Carnegie Mellon News Online Edition
In This Issue

"Night Before Christmas" Series Reveals Evolution of St. Nick

Carver Offers Tips To Avoid Tearful Holidays

Computing Services Offers Tips for Legal, Safe Computing

Study Uses Genetic Model To Combat Computer Viruses

University Celebrates Life and Work of Dr. Martin Luther King Jr.

SWE Connects High School Girls with Engineering

Product Development Course Wins Curriculum Award

Amon Honored as Hispanic Engineer of the Year

Babcock: "Women Don't Ask"

Admission Counselor Takes Stage as Stand-up Comedian

News Briefs
SpongeBob Square Dance

Food Drive a Major Success

Doctoral Students Win Heinz Scholarships

Independent 529 Plan Locks in Tomorrow's Tuition at Today's Prices

Hart, Rendell Make Visits to Campus

Cohen Honored for Groundbreaking Psychology Research

Lady Tartans Win ECAC Championships

Researchers Take Prize for High-Performance Computing

Intelligent Technology Enhances Underexposed Photographs

This Issue's Front Page
Carnegie Mellon News Home
Carnegie Mellon News Services Home Page

Computing Services Offers Tips for Legal, Safe Computing

Opening your email can be a dangerous thing these days.

In a world filled with computers, the problems they cause can be inescapable. Lately, copyright issues and viruses have been in the spotlight, prompting Carnegie Mellon's Computing Services to issue official memos on both subjects. But confusion still seems to hang over both issues. What can you download? What is protected by copyright? And on the other hand, what can you do to protect yourself from computer viruses and the disruptions they cause in your day-to-day computer operations?

One of the first things to remember about information found on the Internet is that, while it's in digital format, it is still owned by its author or creator. "One needs to consider anything found in digital format copyrighted by the author and not something that can legally be reproduced without the author's permission," said Joel Smith, Carnegie Mellon's vice provost for computing services.

Almost all Web content (audio, video, text or executable programs) is copyrighted material. For example, if you visit the Miami Herald's Web site each week to read the latest Dave Barry column, then print it to share with co-workers, you've technically broken the law. "Strictly speaking, that's a violation of copyright," said Smith. "Viewing and reading it on the Web is not. Printing it and distributing it is."

Sharing music and movie files has become more of a widespread, highly publicized problem. Smith explains that Carnegie Mellon acts as an Internet service provider (ISP) for the members of its community. As such, the university is required by laws spelled out in the Digital Millennium Copyright Act (DMCA) to respond to complaints about copyright infringement that come from different outlets, like the Motion Picture Association of America (MPAA), Recording Industry Association of America (RIAA) and authors of text printed on the Web.

Many people who download music assume that they'll be difficult to identify in a world where it seems like everyone is participating in file sharing, but they're wrong. According to John Lerchey, Carnegie Mellon's computer and network security coordinator, the university receives anywhere from one to five complaints of possible copyright infringement weekly. Under the DMCA, the university is required to investigate each complaint.

"When we receive a complaint from the RIAA (or MPAA), we make sure that the complaint is warranted. They supply us with an identification of a computer address, the kind of software running on it and the files they were able to download," said Smith. Computing Services then investigates the problem by reviewing the protocols—or data transmissions—in which that particular computer is involved.

"As internal policy, since such infringement of copyright violates our computing policies, we have decided to enforce (the law) by removal of network privileges," Smith said.

"First-time offenders generally have their computer's network access revoked for a period of 45 days," said Lerchey. The offender still has access to the network via any public computers on campus, though.

In addition to losing network privileges, recent legislation makes it possible for the individual involved to be sued by the RIAA, MPAA or similar organization.

"I think the important thing for individuals to know is that under the DMCA, individuals accrue liability from which Carnegie Mellon cannot protect them for the violation of copyright. As has already happened, an aggrieved party can take personal action and hold you personally responsible."

That personal action can involve fines ranging from $750 to $150,000 per song (if the items are being distributed illegally). In a recent case, the RIAA sued four students who were allegedly engaged in extensive sharing of copyrighted materials on their college's networks. The suits were settled out of court, but the students had to pay $12,000 to $17,000 in fines.

Students are not the only ones who have to obey copyright laws. Everyone on campus—including faculty and staff—must abide by copyright law and the university's computer policy. In addition to personal liability, any faculty or staff member who violated copyright laws exposes the university to legal action: the institution does not enjoy the protection from liability afforded ISPs by the DMCA when its own staff are involved.

Smith stresses that there are safe ways to download the music that you love. New pay-by-the-song services like those available at provide safe, legal ways to download music files. While a small fee is charged for each song (99 cents), it's still cheaper than buying an entire CD.

Even with services like Apple's, Smith doesn't anticipate problems with illegal file sharing going away. "Since the problem is an international one, the current strategies to try to quash file-sharing technologies and target individuals engaged in the activity are unlikely to succeed in the long run because it's hard to extend the reach of such legal efforts internationally."

Like copyright infringement, computer viruses are getting worse and show no signs of letting up. According to Smith, the last few months have been the worst in Internet history. At one point, more than 70 percent of the email coming in to Carnegie Mellon was produced by a particular virus running on machines all over the world.

To protect your computer, it's important to understand how "worms," like those infecting email messages last summer, really work. These files are made to take advantage of security problems in widely used operating systems like Windows. They arrive in email (or on other devices like floppy disks) and quickly reproduce to attack both the host computer and the rest of the network to which the computer is connected. When an email attachment containing a worm is opened, the file immediately begins communicating with other computers and reproducing itself, spreading the virus to other computers in the network.

According to both Smith and Lerchey, the virus problem is something that is going to get worse. But there are steps that individual users can take to protect themselves.

The first and most important of these steps is to avoid opening attachments on email messages that you are not expecting to receive, whether the attachment comes from strangers or someone you know and trust.

Some worms also exploit vulnerabilities using network services and are not spread via email. The worst ones—hybrids that act both like worms and viruses—use multiple methods of attack, sending themselves as email attachments and attempting to exploit vulnerabilities over the network by sending specially formed traffic to other machines in an attempt to infect more targets.

Lerchey suggests installing Norton Antivirus on your computer and keeping it updated. (This program is available to members of the campus community at Users should also keep up with security updates for whatever operating system they use as well as those recommended by Computing Services. Finally, watch for unusual activity on your machine. If your normal activity doesn't slow your computer down much, and one day it's running very slowly, run the task manager (Windows) or the activity monitor (Mac OS) and see what is using the resources. If the machine is infected, there will be something using large amounts of the memory.

Taking these steps isn't sure protection against infection, but it will help. In the end, though, the only way to ensure your own safety and well-being when using the computer is to take personal responsibility for your actions. Don't download anything someone else created and don't open attachments in email messages unless the attachment is something that you requested or were otherwise expecting.

"The reality is that each individual has to take some responsibility," said Smith. "Everyone just has to take their own personal steps."


—Susan Cribbs

This Issue's Headlines || Carnegie Mellon News Home || Carnegie Mellon Home