Many times software designed to enforce legal compliance, or find network users who are breaking laws, bring along with them greater risks to information security and privacy.
I saw prime example of this within an interesting post by Dan Sullivan about the Motion Picture of Association of America (MPAA) “University Toolkit.”
I followed the link from within Dan’s blog to a lot of very informative information about it at the Washington Post.
It appears that this tool, designed to catch folks who are downloading illegal copies of movies, also can easily allow anyone on the Internet to see all the traffic flowing across a university’s network if the person installing it is not careful.
Hmm…looks like security and access control was overlooked in the zeal to try and catch a few students who are obtaining pirated movies.
If you are responsible for information security or privacy at your organization, I urge you to read the Washington Post article.
It provides a great, detailed discussion of the security and privacy concerns that accompany the use of this “tool.”
Are you responsible for information security or privacy at an educational institution? Do you know if this tool have been implemented? Have you already installed it?
Be sure you examine closely all the security issues with this and any other type of compliance software that anyone asks you to use, before you install it on your network.
I firmly believe in enforcing copyrights. However, there are better, more secure, ways of doing so than using a tool that creates security vulnerabilities and poses privacy risks. In the quest to catch a few people obtaining illegal movies you may unknowingly be putting the privacy and security of all your network users at significant risk.
Tags: awareness and training, Information Security, IT compliance, MPAA, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training, University Toolkit