Re: DMCA Infringement Handling

["Arthur, Matt" <arthur () WUSTL EDU>]

Sorry if I was vague.  DMCA requires, as Tim points out, that the offending content have access removed - but only for 
resources that are owned by the institution (17 U.S.C. Section 512(c) ).  Since the thread seemed to pointed towards 
students and thus student-owned computers, I was referencing how the institution is affected for DMCA complaints about 
them (17 U.S.C. Sectin 512(a) ).  A good reference is the Educause DMCA FAQ 
(http://www.educause.edu/policy/campus/dmcafaq).

Matt
______________________________________
Matthew K. Arthur, CISSP | Director - Media Services & Incident Communications Solutions
Information Services & Technology | Washington University in St. Louis
Campus Box 1110, 7425 Forsyth Blvd, St. Louis, MO 63105-2161
314.935.3899 o | 314.323.9246 c | arthur () wustl edu<mailto:arthur () wustl edu>
P Please consider the environment before printing
This email, including attachments may include confidential and/or proprietary information, and may be used only by the 
person or entity to which it is addressed. If the reader of this email is not the intended recipient or his/her 
authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is 
prohibited. If you have received this email in error, please notify the sender by replying to this message and delete 
this email immediately.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Doty, 
Timothy T.
Sent: Thursday, September 15, 2011 4:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DMCA Infringement Handling

True, the DMCA does not require that you "disable" someone - that would probably be illegal :)

It does require removing access to the allegedly infringing work. ISPs/OSPs generally don't have authority to take 
action on the file system of the indicated system - whether that would be to delete the file or in some other way block 
access to it. Nor, thanks to the way P2P filesharing works, do ISPs/OSPs have the ability to wedge into the protocol 
and block access to the single indicated file. But it does require access to the allegedly infringing work be blocked. 
I don't find it particularly strange that ISPs/OSPs often comply with the requirement by terminating network access 
when dealing with content stored on a system they do not have legal access to.

We once received a very obviously false but quite properly filed DMCA notice. I gritted my teeth, but our general 
counsel required pulling the allegedly infringing content. A counterclaim can be filed and after some time the work can 
be restored. All without any real legal recourse against abuse of the DMCA system.

I suspect you were referring to our (and other) institutions disabling network access for all devices registered to the 
user. That is our response to a validated complaint concerning copyright infringing activities that, while it may be 
triggered by receipt of a notice filed according to the DMCA, does not solely spring from the requirements of the DMCA.

In my opinion institutions of higher learning in the United States should be encouraging ethical behavior. Copyright 
infringement is specifically against our student code of conduct. It is in the context of our student code that the 
consequences of copyright infringing (from a student's perspective are made).

Tim Doty



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Arthur, 
Matt
Sent: Thursday, September 15, 2011 4:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DMCA Infringement Handling


A couple of thoughts (along with our 'policy' URL for students and copyright):

1) Neither DMCA nor HEAO requires you fine or disable anyone on a first offense.  You must take 'action' for 'repeated' 
violations.

2) A policy that takes some kind of 'action' (fines or disable network access) on the first DMCA complaint seems to 
violate the concept of innocent until proven guilty.  Something that I doubt institutions of higher learning in the 
United States should be doing (my opinion).

3) We have noticed that more and more of our DMCA notices are for IP addresses outside of the student networks.  Do you 
'fine' faculty and staff members as well?

4) Be sure your institutions policy covers your requirements pursuant to the HEOA P2P section.  And then be sure you 
follow your policy!

5) Our student policy URL: http://sts.wustl.edu/index.php?option=com_content&view=article&id=59&Itemid=69


Matt
______________________________________
Matthew K. Arthur, CISSP | Director - Media Services & Incident Communications Solutions
Information Services & Technology | Washington University in St. Louis
Campus Box 1110, 7425 Forsyth Blvd, St. Louis, MO 63105-2161
314.935.3899 o | 314.323.9246 c | arthur () wustl edu<mailto:arthur () wustl edu>
P Please consider the environment before printing
This email, including attachments may include confidential and/or proprietary information, and may be used only by the 
person or entity to which it is addressed. If the reader of this email is not the intended recipient or his/her 
authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is 
prohibited. If you have received this email in error, please notify the sender by replying to this message and delete 
this email immediately.






> -----Original Message-----

> From: The EDUCAUSE Security Constituent Group Listserv

> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn

> Sent: Thursday, September 15, 2011 3:30 PM

> To: SECURITY () LISTSERV EDUCAUSE EDU

> Subject: [SECURITY] DMCA Infringement Handling

>

> We are considering revising our DMCA infringement handling procedures, especially with

> regard to repeat infringers.

>

> I wonder what everybody else is doing with these issues?

>

> We match up the complaint with our IP>Etnernet assignment and network traffic logs.  I

> forward the complaint to the student and disable their ethernet card registration.  They are

> required to pay $50 and give an assurance that the infringing file(s) and filesharing

> software have been removed.  I then re-enable their ethernet card registration for access to

> our network.

>

> Repeat infringers get the same procedure except that they also are referred to the VP for

> Student Services for some sort of an appointment.  I do not know what happens in that

> appointment.

>

> Would you share with me, so I could tabulate it and present the options others use to our

> administration:

>

> 1) What is your charge or penalty for first and repeat infringement?

> 2) When do disciplinary staff intervene?  first time or repeats?

> 3) How long do you deny network access?

> 4) If a student has multiple devices, do you deny access to all devices or just the one

> implicated in the complaint?

> 5) Who was involved in the approval process for your procedures?

> 6) How much pushback to you get from users who receive infringement notices?

> 7) Do you have an appeals process that has ever given an infringing user any relief?

> 8) May I use your institution name along with your other responses in my report to the

> administration?

>

> Finally, a slightly separate question:

> 9) Do you ever get complaints forwarded from an agent of the pornography industry?  (we

> have seen a few recently)

>

> Thanks for any info you are willing to share.

>

> Bob Bayn          (435)797-2396            IT Security Team

> We will never send you email asking for your password

> (never, never, never with this one exception: NEVER!)

> Office of Information Technology, Utah State University

>        http://tinyurl.com/bicyclists-share-kidneys-v2-0

>         USU employees - join the Phirst Phish Contest

>      http://it.usu.edu/security/htm/phirst-phish-contest