Educause Security Discussion mailing list archives
Data Retention & "Are universities protecting students from the RIAA?"
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Thu, 18 Oct 2007 07:40:17 -0600
I am normally reluctant to share and comment on news articles in this forum, especially regarding the topic of P2P filesharing (which is largely not a security issue, in my opinion). However, I wanted to bring to your attention that CNET has published a story on the issue of data retention at colleges and universities (which certainly is relevant to security professionals) and P2P filesharing available at http://www.news.com/8301-13578_3-9799271-38.html Of particular interest to this group might be the charge that colleges and universities are not being open about their data retention policies. The author, Declan McCullagh, also invites readers at the end of his post: (If you know more details about a particular university's data retention policy, please post them below...) Below are some excerpts from the story. Rodney Petersen EDUCAUSE/Internet2 Security Task Force
****************************************************** October 18, 2007 4:00 AM PDT Are universities protecting students from the RIAA? Posted by Declan McCullagh <http://www.news.com/8300-13578_3-38.html?authorId=111&tag=author> As I wrote earlier this week <http://www.news.com/8301-10784_3-9798784-7.html> , the Recording Industry Association of America has now expanded its campaign against illicit file-sharing to students at George Washington University.
. . .
If GWU has deleted its logs of who was using what IP address back then, the RIAA is going to be out of luck. So this becomes an important question: how long do universities keep logs showing who's been assigned a particular IP address? And why won't they say what the duration is?
. . ..
Now, there's no legal obligation for colleges or universities to keep records of temporary IP address assignment, assuming addresses are allocated on demand through a protocol like DHCP <http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol> . (They also can be allocated semi-permanently based on geographic location such as residence hall or campus office.)
. . .
While schools have the right to set whatever policies they want--in a pro-copyright or pro-privacy direction--they should at least be public about it. That would let students, faculty, and staff debate the topic in the open rather than let rules be set in private by attorneys or administrators who tend to be far too risk-averse <http://www.news.com/8301-13578_3-9795510-38.html> . It would also, I suppose, let students who are wavering between one school and another decide whether they'd rather attend a school that has chosen copyright as a paramount value, or one that has embraced privacy instead.
. . .
Current thread:
- Data Retention & "Are universities protecting students from the RIAA?" Rodney Petersen (Oct 18)