Re: DMCA Infringement Handling

[Adrian Teo <adrian.teo () ASU EDU>]

Agreed. 

I built a small homegrown script to help us automate DMCA Infringement
handling. Out of this I learned a lot, and this is just by looking the DMCA
reporting/notice system used by the copyright enforcers.

1. We get a ton of false positives. This includes mismatched IP/timestamps
etc. 
2. As Matt mentioned, a ton of the DMCA notices are for IP¹s outside our
networks (i.e. Not even from our university network!!)
3. DMCA complaints have to be worded a certain way for them to be legally
binding. Some ³smart² enforcers have changed the wording of the complaint
and that raises red flags making the notices invalid.
4. The enforcers seem to gravitate to the established ACNS XML standard for
their complaint. We use this to automate our handling but several companies
have arbitrarily defined their own modifications to their standard ­ which
gives us a ton of headaches since they change them willy-nilly.

I found that valid notices only account for less than 13% of the total
notices that we receive daily. We had since implemented network filters to
eliminate (almost 100%) all P2P traffic and the complaints have gone down
significantly, but this has not changed the percentage of invalid
complaints.

Anyway, I hope that sharing this helps out by giving some insight to the
DMCA complaint systems.

Regards

-AT

-- 
-------------------------------------------------------------------
Adrian W Teo       e: adrian.teo () asu edu      p: 480.452.8165
Information Security Architect            
University Technology Office                  f: 480.965.6317
Arizona State University                      o: CPCOM 4S72
-------------------------------------------------------------------

 



From: "Arthur, Matt" <arthur () WUSTL EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date: Thu, 15 Sep 2011 16:13:17 -0500
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] DMCA Infringement Handling

A couple of thoughts (along with our 'policy' URL for students and
copyright):
1) Neither DMCA nor HEAO requires you fine or disable anyone on a first
offense.  You must take 'action' for 'repeated' violations.
2) A policy that takes some kind of 'action' (fines or disable network
access) on the first DMCA complaint seems to violate the concept of innocent
until proven guilty.  Something that I doubt institutions of higher learning
in the United States should be doing (my opinion).
3) We have noticed that more and more of our DMCA notices are for IP
addresses outside of the student networks.  Do you 'fine' faculty and staff
members as well?
4) Be sure your institutions policy covers your requirements pursuant to the
HEOA P2P section.  And then be sure you follow your policy!
5) Our student policy URL:
http://sts.wustl.edu/index.php?option=com_content&view=article&id=59&Itemid=
69
 
Matt
______________________________________
Matthew K. Arthur, CISSP | Director - Media Services & Incident
Communications Solutions
Information Services & Technology | Washington University in St. Louis
Campus Box 1110, 7425 Forsyth Blvd, St. Louis, MO 63105-2161
314.935.3899 o | 314.323.9246 c | arthur () wustl edu <mailto:arthur () wustl edu>
P Please consider the environment before printing
This email, including attachments may include confidential and/or
proprietary information, and may be used only by the person or entity to
which it is addressed. If the reader of this email is not the intended
recipient or his/her authorized agent, the reader is hereby notified that
any dissemination, distribution or copying of this email is prohibited. If
you have received this email in error, please notify the sender by replying
to this message and delete this email immediately.
 
 
 
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn
> Sent: Thursday, September 15, 2011 3:30 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] DMCA Infringement Handling
>
> We are considering revising our DMCA infringement handling procedures,
especially with
> regard to repeat infringers.
>
> I wonder what everybody else is doing with these issues?
>
> We match up the complaint with our IP>Etnernet assignment and network traffic
logs.  I
> forward the complaint to the student and disable their ethernet card
registration.  They are
> required to pay $50 and give an assurance that the infringing file(s) and
filesharing
> software have been removed.  I then re-enable their ethernet card registration
for access to
> our network.
>
> Repeat infringers get the same procedure except that they also are referred to
the VP for
> Student Services for some sort of an appointment.  I do not know what happens
in that
> appointment.
>
> Would you share with me, so I could tabulate it and present the options others
use to our
> administration:
>
> 1) What is your charge or penalty for first and repeat infringement?
> 2) When do disciplinary staff intervene?  first time or repeats?
> 3) How long do you deny network access?
> 4) If a student has multiple devices, do you deny access to all devices or
just the one
> implicated in the complaint?
> 5) Who was involved in the approval process for your procedures?
> 6) How much pushback to you get from users who receive infringement notices?
> 7) Do you have an appeals process that has ever given an infringing user any
relief?
> 8) May I use your institution name along with your other responses in my
report to the
> administration?
>
> Finally, a slightly separate question:
> 9) Do you ever get complaints forwarded from an agent of the pornography
industry?  (we
> have seen a few recently)
>
> Thanks for any info you are willing to share.
>
> Bob Bayn          (435)797-2396            IT Security Team
> We will never send you email asking for your password
> (never, never, never with this one exception: NEVER!)
> Office of Information Technology, Utah State University
>        http://tinyurl.com/bicyclists-share-kidneys-v2-0
>         USU employees - join the Phirst Phish Contest
>      http://it.usu.edu/security/htm/phirst-phish-contest