Educause Security Discussion mailing list archives
Re: DMCA Infringement Handling
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Thu, 15 Sep 2011 16:10:35 -0500
Most or all of our procedure is documented at http://communitystandards.mst.edu/technology.html and our HEOA page is at http://it.mst.edu/current_students/security/heoa_compliance.html
1) What is your charge or penalty for first and repeat infringement?
None, $100, $200 for first, second and third. These are processing fees as distinct from fines.
2) When do disciplinary staff intervene? first time or repeats?
Student Affairs talks with the student starting with the first offense
3) How long do you deny network access?
14 days, 28 days and 4 months for first, second and third
4) If a student has multiple devices, do you deny access to all devices or just the one implicated in the complaint?
All devices
5) Who was involved in the approval process for your procedures?
IT, Student Affairs and Student Council
6) How much pushback to you get from users who receive infringement notices?
A fair amount. I don't recall any that seriously questioned the evidence, many seem to think that anything short of absolute proof of the specific allegation completely absolves them. I had a student freely admit they pirated every console game they had, but challenged our ability to prove that the specific game was being shared at the specific time.
7) Do you have an appeals process that has ever given an infringing user any relief?
Appeal process? I don't think there is anything formalized. They can (and do) contest with Student Affairs. I provide them with the technical evidence. Sometimes the student insists on talking with IT. My position is that we are handling a notice of copyright infringement filed according to the DMCA and protecting the University's safe harbor status. We validate the allegation (date/time, IP address, port) against netflow and if the evidence isn't there we don't proceed, but respond to the filer that we were unable to substantiate their claim and need more evidence. We have never heard back and I doubt they read any of the correspondence. Systems are registered for use on our network and, by AUP, the registered owner is responsible for the activity. I don't really care if the identified device was an access point and had multiple users -- the owner made himself responsible when he registered the device. This surprises and upsets some students, but they get a lesson in responsibility that at least doesn't cost them thousands of dollars or involve jail time. Enterprising students sometimes suggest their IP address was spoofed, but a quick lesson in networking remedies their belief that IT has no clue. At least once a savvy student has tried to spread doubt by suggesting that someone else spoofed his mac address. DHCP logs go a long way to showing otherwise. (Or, as in the case of a non-DMCA complaint, demonstrating that mac spoofing *was* happening and identifying the culprit who had a nice chat with student affairs.) Bottom line, we have sufficient logging to demonstrate that the complaint was or was not valid and to tie it to a user. We do the leg work up front and put the documentation in the file. We only proceed if we can identify the infringer. And this is an administrative procedure, not civil court, much less criminal and even there the standard of evidence is not absolute proof.
8) May I use your institution name along with your other responses in my report to the administration?
I don't mind standing by what I say. And this is a public list. Though I do appreciate your asking ;^) For anything official refer to the link I started with. The rest are my personal statements and have not been approved by communications, much less legal, to be anything other than that.
Finally, a slightly separate question: 9) Do you ever get complaints forwarded from an agent of the pornography industry? (we have seen a few recently)
We have had some that claim to be from an agent of the pornography industry. The first of those we received was a few years ago and my recollection is that it consisted of: 1. an attempt to extort $20 or so from the user 2. was not actually filed in accordance with the DMCA 3. the filer did *not* appear to be a duly authorized agent of the copyright holder Since then we have had a scattering of such claims. If it is filed according to the DMCA and they are a duly authorized agent I process it the same as any other claim filed in such fashion. Others are handled on a case-by-case basis. Tim Doty System Security Analyst Missouri S&T
Attachment:
smime.p7s
Description:
Current thread:
- DMCA Infringement Handling Bob Bayn (Sep 15)
- Re: DMCA Infringement Handling James Farr '05 (Sep 15)
- Re: DMCA Infringement Handling Doty, Timothy T. (Sep 15)
- DMCA Infringement Ozzie Paez (Sep 15)
- Re: DMCA Infringement hall, rand (Sep 16)
- Re: DMCA Infringement Ozzie Paez (Sep 16)
- DMCA Infringement Ozzie Paez (Sep 15)
- Re: DMCA Infringement Handling Arthur, Matt (Sep 15)
- Re: DMCA Infringement Handling Doty, Timothy T. (Sep 15)
- Re: DMCA Infringement Handling Arthur, Matt (Sep 15)
- Re: DMCA Infringement Handling Adrian Teo (Sep 15)
- Re: DMCA Infringement Handling Valdis Kletnieks (Sep 16)
- Re: DMCA Infringement Handling Ed Zawacki (Sep 16)
- Re: DMCA Infringement Handling Jacobson, Dick (Sep 16)
- Re: DMCA Infringement Handling Doty, Timothy T. (Sep 15)