Educause Security Discussion mailing list archives
DMCA responses
From: Jim Moore <jhmfa () CIS RIT EDU>
Date: Tue, 17 Dec 2002 14:03:26 -0500
I am in the process of consulting with our legal counsel to meet the requirements of the DMCA. As with any security initiative, security awareness is important. This will appear to be big brother. We clearly support in our policy the respect for copyrights and intellectual property. But I was wondering as to how other universities are handling this. From a legal standpoint, I can see passing on the complaint letter as an attachment that reiterates the position of the Institute. Our note should set expectations of increasing penalties over a short but reasonable point of time. This is where I need help. I imagine that people will scream no matter what, but if anyone has satisfaction that they have hit a reasonable balance, please let me know. I have thought of the following. 1) Immediately limit the student's network usage to campus, with the exception of port 80. If they figure out filesharing over port 80, then block that too. (P.S. I don't know if we can do that from a practical standpoint -- if there is too much overhead on the routers with this stance). That would keep the student focused on what they should be focused on all along, their work at the Institute. 2) State that they have 5 days of the school calendar to comply. Compliance can have 1 of 2 forms. a) The student removes the infringing material b) The student copies us in on a complaint to the copyright owner that the allegation is in error, complete with legal reasons why it is in error. Have language in there to acknowledge that the student may have had a system compromised, and that they did not place the content there, while maintaining that the removal of the content is still their responsibility. Specifically, I was wondering if going to the 2 steps is necessary, or if terminating network access is sufficient, and if so, how has it gone over. And for systems whose network access is terminated, how do you handle reconnection to the network? And what is reasonable or at least legally compliant time frame? (Students take long weekends, they leave their systems on over breaks between quarters etc. I would like to make sure that they don't come back from a weekend or break and find no network connection. I don't know if that is possible. Also, how specific do people get in terms of Safe Harbor provisions when corresponding to students, i.e. that the Institute/University is liable, if they don't comply, and that would surely take away funds from activities related to the pursuit of education and the support of the students. Jim -- -- Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Telephone: (585)475-5406 Fax: (585)475-7950 PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0DC9 963C D0C0 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- DMCA responses Jim Moore (Dec 17)
- <Possible follow-ups>
- Re: DMCA responses St. Laurent, Tim (Dec 17)