Educause Security Discussion mailing list archives
Re: DMCA
From: randy marchany <marchany () VT EDU>
Date: Tue, 29 Nov 2011 21:49:11 -0500
I believe point #3 in Dave's note below is our "out". We certainly do #1-3 (listed below) here on our campus. Those actions, I believe, allow us to comply with HEOA and still allow our business processes that want to use P2P to do so. Don't get me wrong about restricting P2P if your bandwidth can't handle the traffic. If you don't have the bandwidth, it makes perfect sense to restrict P2P. Preventing a business function of the university from using a particular service arbitrarily just makes selling "security practices" to the general university community that much harder. If you can't give a legit reason for restricting a service (bandwidth issues are certainly valid), then you've alienated your user community (the business side of the university). We need to remember to solve the problem NOT the symptom. The problem is "illegal copyright usage". Today's symptom is P2P. Next year, there'll be a new transfer protocol and we'll still have to deal with "illegal copyright usage". -Randy Marchany CISO VA Tech IT Security Office & Lab On Tue, Nov 29, 2011 at 6:46 PM, Dave Koontz <dkoontz () mbc edu> wrote:
P2P is always a heated issue, and each school must find their own way.
I think the HEOA provision for technology-based deterrents is the core of
the issue for most of us, and certainly the law is not completely clear.
See this vague EduCause clarification on that provision.
- Clarification that the reference to using "a variety of
technology-based deterrents" (to unauthorized file-sharing) means "one or
more" such deterrents. The regulatory language does not define
"technology-based deterrents", leaving the definition to the four
categories specified in the Managers Report:
1. bandwidth shaping
2. traffic monitoring to identify the largest bandwidth users
3. a vigorous program of accepting and responding to Digital
Millennium Copyright Act (DMCA) notices
4. *a variety of commercial products designed to reduce or block
illegal file sharing*
While a Google search pulls a lot of information that seems to contradict
each other, this is the best EduCause specific link I could find quickly,
which the section above was taken from.
http://www.educause.edu/blog/SLWorona/UpdateonHEOAandP2P/174432
--
Dave Koontz
Mary Baldwin College
Staunton, VA
On 11/29/2011 6:01 PM, Alexander Kurt Keller wrote:
Hi David,
Re: My understanding of HEOA (2009) -- I am not a lawyer, and so I welcome correction -- is that Congress "found"
(established as a legal fact which should, but needn't, absolutely reflect Reality) that the raison d'être of P2P
applications and protocols is to violate copyrights, and that therefore access to federal funding would be denied to
institutions of higher education that do not take steps to block P2P.
I can't find any reference to this (peer to peer protocols should be arbitrarily blocked) in the EDUCAUSE HEOA
documentation:http://www.educause.edu/Resources/Browse/HEOA/34600
Do you have a reference for this?
Thanks,
alex
Alex Keller
Systems Administrator
Academic Technology, San Francisco State University
☛Burk Hall 155 ☎ (415)338-6117 ✉alkeller () sfsu edu
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY ()
LISTSERV EDUCAUSE EDU>] On Behalf Of David Gillett
Sent: Tuesday, November 29, 2011 11:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DMCA
Our campus Acceptable Use Policy rests on two principles: Comply with applicable law, and don't interfere with
others' access.
1. We've found that P2P applications generally, regardless of the legality of the content, try to saturate the
user's Internet connection. And since some users are on ports with as much bandwidth as their entire campus has to
the Internet (not as many as before our pipe got upgraded, but the next round of access-layer upgrades will boost
that number right back...), a user running P2P risks clogging Internet access for the whole rest of the campus.
2. I'm sure that to the makers of WoW, making users "donate" the bandwidth needed to distribute updates, instead of
purchasing it themselves, looks like a win. But our bandwidth is heavily subsidized by state taxpayers -- how does
this "donation" not qualify as a taxpayer subsidy to what is, after all, a for-profit enterprise? (My understanding
is that such subsidies are illegal in California -- other states may have other rules or institutional bandwidth may
be funded differently.)
3. My understanding of HEOA (2009) -- I am not a lawyer, and so I welcome correction -- is that Congress "found"
(established as a legal fact which should, but needn't, absolutely reflect Reality) that the raison d'être of P2P
applications and protocols is to violate copyrights, and that therefore access to federal funding would be denied to
institutions of higher education that do not take steps to block P2P. MAYBE one can get away with saying "P2P
application XYZ managed to circumvent the measures we put in place", but I doubt that "We permit P2P app ABC because
x% of the material our students download using it is not in violation of copyright" will be good enough to restore
access to funding--it doesn't, as far as I can see, comply with the requirements of the Act. I do not believe I am
authorized to commit civil disobedience in the name of our campuses, even if I believe Congress was mistaken.
On two or three occasions, people have requested BitTorrent access to download updates for Linux-based systems.
I've been ready to accommodate this on two conditions that I don't think are too onerous: that they use a static IP
address so the exception can be made just for specific machines, and that they agree not to be sharing additional
files beyond what those updates (see 1 above...). Strangely enough, in each case, they've gotten back to me to say
that they've found a way to get the updates they need without BitTorrent -- I'm not 100% certain, but my impression
is that that happened with WoW too. (An affiliate that goes through us to get to the Internet uses WoW in their
work, or at least that's what they told me.)
(We do not have residences on our campuses, so I can only imagine the additional pressures on those of you who do.
But I can't see that the principles of our AUP wouldn't or couldn't be applied to a residential setting, and in my
only recent direct experience of campus residential life
(3 recent summer sessions) the policy on network use appeared to be even stricter than our own.)
David Gillett, CISSP CCNP
Sr Security Engineer
Foothill-De Anza College District
-----Original Message-----
From: Kevin Hayes [mailto:krhayes () WAYNE EDU <krhayes () WAYNE EDU>]
Sent: Tuesday, November 29, 2011 06:41
To: SECURITY () listserv educause edu
Subject: Re: [SECURITY] DMCA
The World of Warcraft updater uses BitTorrent to help distribute their patches. Maybe not legitimate from an
academic standpoint, but virtually essential if you ask people in Residential Life.
--Kevin
Kevin Hayes
Lead Systems Security Specialist
C&IT - Network Engineering and Security
Wayne State University313-577-3454krhayes () wayne edu
<<< C&IT Staff will never, never, NEVER ask you for your password!
Please keep your computer and accounts safe - pass on the message!>>>
On 11/29/2011 9:32 AM, Joel Rosenblatt wrote:
Used by our students
Linux download, Skype
See <http://net.educause.edu/ir/library/pdf/EST0901.pdf> <http://net.educause.edu/ir/library/pdf/EST0901.pdf> THINGS
YOU
SHOULD KNOW ABOUT… P2P
<http://www.cs.columbia.edu/~danr/courses/6772/Fall06/papers/planetsca
le.pdf> <http://www.cs.columbia.edu/%7Edanr/courses/6772/Fall06/papers/planetscale.pdf>
Planet Scale Software Updates
My 2 cents
Joel
--On Tuesday, November 29, 2011 8:04 AM -0600 Brian L Cox <coxbl2 () UNK EDU> <coxbl2 () UNK EDU> wrote:
Ed,
We block P2P traffic. When we identify a new P2P application being
used by a student we block their access to the network and require
them to call and set up an appointment with our CIO before their
access is restored.
That application is then added to the default blocking list This may
seem a bit harsh but it has resulted in only 2 notices sent to us so
far this year. We will allow legitimate P2P traffic and so far the
only P2P traffic allowed is for those using games that require P2P
for updates etc.
We have yet to have anyone come forward with a legitimate
educational use
for P2P. I am sure those applications exist, but we have not
encountered
them so far. This brings up a second part to this question....what, if
any, legitimate P2P applications have been identified being used on
college campuses?
_________________
Brian L Cox
Information Technology Services
Assistant Director of Network Services University of Nebraska Kearney(308)865-8176
From: "Hudson, Edward" <ewhudson () CSUCHICO EDU> <ewhudson () CSUCHICO EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Date: 11/28/2011 05:47 PM
Subject: [SECURITY] DMCA
Sent by: The EDUCAUSE Security Constituent Group Listserv<SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY ()
LISTSERV EDUCAUSE EDU>
Hi All,
Polling to see how other campuses are handling DMCA take down notices.
Ours has risen to a level current process is not working efficiently.
We are hearing some universities are:
1) Ignoring notices from copyright holders
2) Outright blocking of file sharing as "95% are used for nefarious
purposes"
Interested to see how other institutions are addressing.
Thanks
Ed
Ed Hudson, CISM
Information Security Office
California State University, Chicohttp://www.csuchico.edu/isec/index.shtml
Office: (530) 898-6307ewhudson () csuchico edu
Joel Rosenblatt, Manager Network & Computer Security Columbia
Information Security Office (CISO) Columbia University, 612 W 115th
Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Public PGP keyhttp://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Current thread:
- Re: DMCA, (continued)
- Message not available
- DMCA hall, rand (Nov 30)
- Re: DMCA Colleen Keller (Nov 29)
- Re: DMCA Tim Doty (Nov 30)
- Re: DMCA John Ladwig (Nov 30)