IF AN EMPLOYEE or contractor uses your network to trade music or pick up pirated software, your company could be liable
-- that's the hidden catch in the DRM (digital rights management) discussions.
An ISP can claim that it can't police all the content passing through its vast network. In contrast, most businesses already
restrict and monitor employees' Internet access, so it's reasonable for Sony, AOL Time Warner, Microsoft, and the like to
argue that your company can identify illegal files as easily as it now ferrets out porn and hate speech.
Can you imagine a better way for content owners to force the universal adoption of DRM than to take those who don't use
it to court? Remember, Napster wasn't taken down because it engaged in the trading of illicit content; Napster got busted
for failing to prevent it. The RIAA (Recording Industry Association of America) didn't sue individuals for infringement, it
sued businesses.
This issue puts companies in an awkward position. It's good policy to make employees feel trusted. Moderate access to harmless
nonwork-related sites such as news and weather helps break up the monotony of the day. If your company permits personal calls
on business phones, it's hard to justify the blocking of IM and chat programs. Besides, IM has become an important business
tool. So it's generally good for morale and productivity to block only the most extreme content -- better to identify individual
abusers instead of assuming every employee lacks the willpower to resist the urge to surf the Web instead of work.
Still, even companies with liberal Internet access policies block hate speech, obscenities, and malicious code. It's also
wise to try to keep trade secrets from leaving the building. For every measure a security vendor cooks up, a hacker soon creates
a countermeasure, a way to gain unlogged, unrestricted access to the network.
Eventually, every network linked to the Internet will have to do two things: Verify the origin and authenticity of data,
and analyze content to look for malware and other impermissible traffic. Funny thing, that's exactly what the RIAA, MPAA (Motion
Picture Association of America), and BSA (Business Software Alliance) want to do.
When IT organizations can analyze every bit that passes through their networks, it's a cinch that companies, with their
deeper pockets, will be forced to answer for their employees' actions. It is already possible to analyze and filter content
at wire speed -- I've got a box from FortiNet that does just that -- and Intel has announced plans to develop hardware for
that purpose. Hardware DRM is, at most, a year or two away.
It's time to let employees know that privacy and anonymity don't exist on your corporate network, and that every bit that
enters or leaves your router is logged, analyzed, and traced to its source. Individuals and ISPs must resist efforts to regulate
the use of the Internet, but businesses can no longer shield themselves by claiming they can't look at every packet that traverses
their networks.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
