Educause Security Discussion mailing list archives
Re: DMCA Infringement Handling
From: "Jacobson, Dick" <dick.jacobson () NDUS EDU>
Date: Fri, 16 Sep 2011 10:12:43 -0700
This discussion pops up every now and then and invariably turns to the inadequacies or "blatant disregard for the law" by those sending the DMCA take down notices. In the past I have had numerous discussions with (among others) Steve Worona regarding the moral and ethical aspects of those employing the DMCA for their purposes. I believe we can take whatever personal stance we want but the one that we need to live with is that the DMCA is the law. Our words and actions can either protect our institutions or place them in jeopardy but, whatever our stance, our words and actions will serve to educate our students. We are not merely teaching them English and History but also, whether we want to admit it or not, we are teaching them a little bit of how to get along. Most of us are not attorneys or even in law school, so our moral and ethical education has a different focus but not necessarily a different impact. As someone else mentioned, I can help the students not only learn a legal lesson but this lesson does not entail huge fines or any jail time. I disagreed with one of our System Attorneys that told me that the takedown notices should be treated as valid even if they did not have the exact wording I wanted; but I think he was right for what we are trying to teach in our environment. Having said that, it has been a long time since I have seen a false positive. There have been times when our logs did not 100% identify an individual but that invariably turned out to be a deficiency in our logging environment or a bad clock on the box or .... In many of those instances we could easily identify someone by looking at other logs and, a couple times the machines and networks just did not keep the logs. And there are always the users that say "not me" but it has been a long time since I have seen a false positive. And I don't think I have ever seen a DMA complaint for an IP number not registered to us. There may be some that we have sublet to other entities, but they are still registered to us with ARIN. OK - off my soapbox and back to work. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Adrian Teo Sent: Thursday, September 15, 2011 5:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] DMCA Infringement Handling Agreed. I built a small homegrown script to help us automate DMCA Infringement handling. Out of this I learned a lot, and this is just by looking the DMCA reporting/notice system used by the copyright enforcers. 1. We get a ton of false positives. This includes mismatched IP/timestamps etc. 2. As Matt mentioned, a ton of the DMCA notices are for IP's outside our networks (i.e. Not even from our university network!!) 3. DMCA complaints have to be worded a certain way for them to be legally binding. Some "smart" enforcers have changed the wording of the complaint and that raises red flags making the notices invalid. 4. The enforcers seem to gravitate to the established ACNS XML standard for their complaint. We use this to automate our handling but several companies have arbitrarily defined their own modifications to their standard - which gives us a ton of headaches since they change them willy-nilly. I found that valid notices only account for less than 13% of the total notices that we receive daily. We had since implemented network filters to eliminate (almost 100%) all P2P traffic and the complaints have gone down significantly, but this has not changed the percentage of invalid complaints. Anyway, I hope that sharing this helps out by giving some insight to the DMCA complaint systems. Regards -AT -- ------------------------------------------------------------------- Adrian W Teo e: adrian.teo () asu edu p: 480.452.8165 Information Security Architect University Technology Office f: 480.965.6317 Arizona State University o: CPCOM 4S72 ------------------------------------------------------------------- ________________________________ From: "Arthur, Matt" <arthur () WUSTL EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Thu, 15 Sep 2011 16:13:17 -0500 To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] DMCA Infringement Handling A couple of thoughts (along with our 'policy' URL for students and copyright): 1) Neither DMCA nor HEAO requires you fine or disable anyone on a first offense. You must take 'action' for 'repeated' violations. 2) A policy that takes some kind of 'action' (fines or disable network access) on the first DMCA complaint seems to violate the concept of innocent until proven guilty. Something that I doubt institutions of higher learning in the United States should be doing (my opinion). 3) We have noticed that more and more of our DMCA notices are for IP addresses outside of the student networks. Do you 'fine' faculty and staff members as well? 4) Be sure your institutions policy covers your requirements pursuant to the HEOA P2P section. And then be sure you follow your policy! 5) Our student policy URL: http://sts.wustl.edu/index.php?option=com_content&view=article&id=59&Itemid=69 Matt ______________________________________ Matthew K. Arthur, CISSP | Director - Media Services & Incident Communications Solutions Information Services & Technology | Washington University in St. Louis Campus Box 1110, 7425 Forsyth Blvd, St. Louis, MO 63105-2161 314.935.3899 o | 314.323.9246 c | arthur () wustl edu <mailto:arthur () wustl edu> P Please consider the environment before printing This email, including attachments may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this email is not the intended recipient or his/her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is prohibited. If you have received this email in error, please notify the sender by replying to this message and delete this email immediately.
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn Sent: Thursday, September 15, 2011 3:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] DMCA Infringement Handling We are considering revising our DMCA infringement handling procedures, especially with regard to repeat infringers. I wonder what everybody else is doing with these issues? We match up the complaint with our IP>Etnernet assignment and network traffic logs. I forward the complaint to the student and disable their ethernet card registration. They are required to pay $50 and give an assurance that the infringing file(s) and filesharing software have been removed. I then re-enable their ethernet card registration for access to our network. Repeat infringers get the same procedure except that they also are referred to the VP for Student Services for some sort of an appointment. I do not know what happens in that appointment. Would you share with me, so I could tabulate it and present the options others use to our administration: 1) What is your charge or penalty for first and repeat infringement? 2) When do disciplinary staff intervene? first time or repeats? 3) How long do you deny network access? 4) If a student has multiple devices, do you deny access to all devices or just the one implicated in the complaint? 5) Who was involved in the approval process for your procedures? 6) How much pushback to you get from users who receive infringement notices? 7) Do you have an appeals process that has ever given an infringing user any relief? 8) May I use your institution name along with your other responses in my report to the administration? Finally, a slightly separate question: 9) Do you ever get complaints forwarded from an agent of the pornography industry? (we have seen a few recently) Thanks for any info you are willing to share. Bob Bayn (435)797-2396 IT Security Team We will never send you email asking for your password (never, never, never with this one exception: NEVER!) Office of Information Technology, Utah State University http://tinyurl.com/bicyclists-share-kidneys-v2-0 USU employees - join the Phirst Phish Contest http://it.usu.edu/security/htm/phirst-phish-contest
Current thread:
- Re: DMCA Infringement Handling, (continued)
- Re: DMCA Infringement Handling Doty, Timothy T. (Sep 15)
- DMCA Infringement Ozzie Paez (Sep 15)
- Re: DMCA Infringement hall, rand (Sep 16)
- Re: DMCA Infringement Ozzie Paez (Sep 16)
- DMCA Infringement Ozzie Paez (Sep 15)
- Re: DMCA Infringement Handling Doty, Timothy T. (Sep 15)
- Re: DMCA Infringement Handling Arthur, Matt (Sep 15)
- Re: DMCA Infringement Handling Doty, Timothy T. (Sep 15)
- Re: DMCA Infringement Handling Arthur, Matt (Sep 15)
- Re: DMCA Infringement Handling Adrian Teo (Sep 15)
- Re: DMCA Infringement Handling Valdis Kletnieks (Sep 16)
- Re: DMCA Infringement Handling Ed Zawacki (Sep 16)
- Re: DMCA Infringement Handling Jacobson, Dick (Sep 16)
- Re: DMCA Infringement Handling Doty, Timothy T. (Sep 15)
- Re: DMCA Infringement Handling VIEYRA, MARCOS (Sep 15)
- Re: DMCA Infringement Handling Bob Bayn (Sep 15)
- Re: DMCA Infringement Handling Joel Rosenblatt (Sep 15)
- Re: DMCA Infringement Handling Ed Zawacki (Sep 16)
- Security Survey Ozzie Paez (Sep 20)
- Re: Security Survey Valdis Kletnieks (Sep 20)
- Re: Security Survey Ozzie Paez (Sep 20)
- Security Survey Ozzie Paez (Sep 20)
- Re: DMCA Infringement Handling Tracy Mitrano (Sep 23)