Educause Security Discussion mailing list archives
Re: RIAA Moves Against College-Control of your Computers
From: "Dennis Meharchand, CEO Valt.x" <dennis () VALTX COM>
Date: Fri, 4 Apr 2003 12:00:25 -0500
What does the RIAA want? Impenetrable Hardware Technology is available to secure campus owned computers from having P2P applications such as KaZaa installed- see Valt.X Instant Recovery sub-system at www.valtx.com/ir.pdf. All unauthorized changes are automatically eliminated upon system reboot. The RIAA can't expect network operators to control what students do with their own computers - or do they? Is there a defense fund? Dennis Meharchand CEO, Valt.X Technologies Inc. Tel: 416-746-6669 Fax: 416-746-2774 http://www.valtx.com email: dennis () valtx com -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bruhn, Mark S. Sent: Friday, April 04, 2003 11:04 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping There is an implication here that P2P applications are illegal ("P2P or other violation of copyright laws"), which isn't the case. I assume that's not what you meant. Setting aside our policies and general interest in our resources being used appropriately, is it true that if a student does something illegal and we know about it, are we obligated to report that to law enforcement? We don't have a policy that specifically prohibits ellicit drug use, but we don't have people systematically searching through residence hall rooms searching for drugs (at least we don't). Do we not do this because we are certain this isn't being done on our campuses? -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Ken Shaurette [mailto:Ken.Shaurette () OMNITECHCORP COM] Sent: Friday, April 04, 2003 10:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping It is true that you should never have anything written in policy that you cannot or do not intend to enforce even if only with awareness and reminders that it breaks policy. Having a policy and not consistently enforcing it raises penalties of itself and is loosely identified in Federal Sentencing Guidelines. Not having policy does not protect against the law suit. An organization could still be shown negligent if they had P2P or other violation of copyright laws occuring, were aware of it and did nothing to stop or discourage. The act in and of itself is illegal, promoting (or not stopping) when made aware of the violation could be argued by a good lawyer as particpation in the act of committing the crime. Could it also be argued that you should know your network and this type of use is very common so you should have a policy and enforcement measures to discourage? Your organizaiton is providing the resources to commit the crime whether you have policy against it or not. Lending your car to a person you know is planning to use it to rob a bank does not remove you from liability of having particpated in the commision of the robbery. Definition of a jury: 12 men and women who are your peers and determine who has the best lawyer. Ken Information Security Analyst and Security Solutions Manager Omni Tech Corporation (262) 523-3300 x486 -----Original Message----- From: Bruhn, Mark S. [mailto:mbruhn () INDIANA EDU] Sent: Fri 4/4/2003 9:31 AM To: SECURITY () LISTSERV EDUCAUSE EDU Cc: Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping This supports the notion that policies shouldn't be written unless they are necessary for specific situations, and unless the organization has the means and desire to enforce them. This is one of the reasons (though maybe not the most important) we don't have such a policy, and indeed this citation lends add'l credibility to how most of us operate in this area (reactive instead of proactive). M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Robert Myles [mailto:mylesr () OHSU EDU] Sent: Friday, April 04, 2003 10:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] RIAA Moves Against College-Network Fileswapping There is precedence for the suit against the institution, case was settled for 1.5 million last year in the southwest against a company that had a policy against download of MP3's and P2P software, new of a P2P server on their system that they did not get around to shutting down, and were found a fault for not following their own policy. Lawsuits always go for the deep pockets!! Robert Myles, CISSP Information Security Officer Oregon Health & Science University >>> tbm3 () CORNELL EDU 4/4/2003 4:44:03 AM >>> Great question, the answer of which may substantially depend on whether they followed DMCA registration and procedures. Verizon did not, which is why RIAA subpoenaed them for user name. If these schools follow "safe harbor" provisions of the DMCA, they should be immune from contributory copyright liability. And even if they did not, there is language in the DMCA regarding ISPs which should go a long towards protecting them. But still, these are $64,000 questions, becoming more costly by the minute. Tracy At 06:30 AM 4/4/2003 -0600, you wrote: >Do you feel this excludes them from turning a law suit against the college >network operators next? Especially if they feel a college hasn't done >enough to discourage the activity? > >Ken M. Shaurette, CISSP, CISA, CISM, IAM >Omni Tech Corporation, www.omnitechcorp.com >(262) 523-3304 > > -----Original Message----- > From: Tracy Mitrano [mailto:tbm3 () CORNELL EDU] > Sent: Thu 4/3/2003 9:06 PM > To: SECURITY () LISTSERV EDUCAUSE EDU > Cc: > Subject: Re: [SECURITY] RIAA Moves Against College-Network > Fileswapping > > > > Please note, the action is not against network operators, but users, > students. Attached is the RIAA letter concerning this > matter. Tracy Mitrano > > > At 08:56 PM 4/3/2003 -0500, you wrote: > >For those of you that don't read slashdot - > > > >"The RIAA is taking action against college "Napster networks". > It's suing > >four network operators, two at Renssalaer Polytechnic Institute, > one at > >Princeton University, and one at Michigan Technological > University.".. > > >
http://yro.slashdot.org/yro/03/04/03/2312220.shtml?tid=141
> > > >If you have lots of p2p traffic on your network you might want > to touched > >base with your general council, if you haven't already. > > > >Cheers - > > > >********** > >Participation and subscription information for this EDUCAUSE > Discussion > >Group discussion list can be found at > http://www.educause.edu/memdir/cg/. > > ********** > Participation and subscription information for this EDUCAUSE > Discussion Group discussion list can be found at > http://www.educause.edu/memdir/cg/. > ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Re: RIAA Moves Against College-Control of your Computers Dennis Meharchand, CEO Valt.x (Apr 04)