Educause Security Discussion mailing list archives
Re: FW: Notice of Copyright Infringement, Case #: U213042791
From: Jarret Cummings <jcummings () EDUCAUSE EDU>
Date: Wed, 1 Jun 2016 21:14:03 +0000
Hi, All – In addition to the information Greg cites, and kudos again to Greg as well as Steve Worona for their extensive work on behalf of the community in this area, the 2008 joint memo from EDUCAUSE, ACE, NASULGC (now APLU), and AAU on HEOA peer-to-peer next steps brings together key legislative and related report language (http://net.educause.edu/ir/library/pdf/epo0815.pdf), including the following: · From the memo: “Report language that accompanies the law explicitly states that technology-based deterrents include ‘bandwidth shaping’ and ‘traffic monitoring to identify the largest bandwidth users,’ and indicates that certain education and enforcement programs will also qualify. The report language explicitly notes that institutions are not required to adopt any particular type of technology-based deterrent, recognizing that even institutions that ‘prohibit content monitoring’ retain the authority to determine their own plans.” · From the conference committee report explaining the intent of the legislation: “The Conferees intend that this Section be interpreted to be technology neutral and not imply that any particular technology measures are favored or required for inclusion in an institution’s plans. The Conferees intend for each institution to retain the authority to determine what its particular plans for compliance with this Section will be, including those that prohibit content monitoring.” It’s also worth noting that the Federal Student Aid Handbook includes a sample statement that many institutions use as the vehicle for notifying students of the potential penalties for copyright infringement, as required by the law and regulations (https://ifap.ed.gov/fsahandbook/attachments/1213FSAHbkVol2Ch6.pdf, see p. 2-105). - Jarret _______________________________________________ Jarret S. Cummings Director of Policy and Government Relations EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5372 | main: 202.872.4200 | educause.edu<http://www.educause.edu/> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Jackson Sent: Wednesday, June 1, 2016 4:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FW: Notice of Copyright Infringement, Case #: U213042791 On 6/1/2016 9:53 AM, Frank Barton wrote: Wendell - at least now there is publicly-available, archived proof that you respond to DMCA takedown notices in a timely fashion! Having spent several years embedded in this issue, first negotiating what became the ED rules and then persuading key entertainment entities to change their approach, I thought it might be useful to reiterate some important points. Campuses' responsibilities come primarily from * the Digital Millennium Copyright Act (DMCA, under which campuses are "network service providers" governed by some special "safe harbor" provisions), and * the so-called "peer to peer" (P2P) provisions of the 2009 Higher Education Opportunity Act (HEOA). We at EDUCAUSE provided extensive guidance when the latter took effect, and most of that is still available via its website (see http://www.educause.edu/blogs/slworona/final-heoa-regulations-issued-p2p-provisions, and links therefrom). Briefly, to avoid liability for copyright infringement on their networks campuses must take action to ensure that any violations brought to the campus's attention are ended (this is the DMCA requirement--more on this below, since the details are important). To avoid any risk to Federal support, campuses also must satisfy three basic policy requirements (these are the HEOA-P2P requirements): they must * provide an annual disclosure to students describing copyright law and campus policies related to violating copyright law, * have and implement "a plan to "effectively combat" copyright abuse on the campus network using "one or more technology-based deterrents", and * offer alternatives to illegal downloading. The first and third HEOA requirements are easily satisfied through appropriate student orientation material and by ensuring that students and others have access to known legitimate sources of music, movies, TV shows, and other online materials (there is no requirement that campuses pay for such services). The second HEOA requirement is murkier. For the most part, campuses satisfy it by implementing firewalls, bandwidth shaping, or other technologies that "combat" infringement (which may not be the same as "preventing" it) and/or by having policies and procedures to promptly and effectively address DMCA complaints. The most common approach to "technology-based deterrents" is configuring campus border firewalls to block BitTorrent and other protocols predominantly used by P2P by default (as many campuses do to simply to keep their commodity-bandwidth costs within bounds), with exception mechanisms for researchers, system managers, or others who have legitimate need for those protocols. There is no formal requirement that campuses do such blocking, however, or buy anti-infringement technologies such as Audible Magic; active network management combined with diligent handling of DMCA complaints satisfies the HEOA requirements just as well. In any event, how campuses handle DMCA complaints is important. As others have pointed out, there is no requirement that violations be made public, or that alleged violations result in any particular disciplinary outcome. But there are very specific requirements DMCA complaints must satisfy, and not all DMCA complaints call for the same action. * Valid DMCA complaints must come from the copyright holder or its legal representative, and must be sent to the "DMCA Agent" address registered at the Library of Congress (rather than to a campus's "abuse" or "help" address). MPAA and RIAA send out many notices on behalf of their members, some entities such as Fox, NBCUniversal, and Zappa send out their own, and some (as the one that Wendell provided) come from lawyers claiming to represent copyright holders. * Those last can be iffy, since there are law firms that go trolling for potential violators and threaten legal action if violators do not "settle" by making an online payment--in effect, their business model is to broadcast threats to a large audience, and to hope that some recipients pay the "settlement" (which may or may not reach the copyright holder). In general, entertainment companies send DMCA complaints in order to end violations, not to raise revenue through "settlements". It's always worth scrutinizing "settlement" DMCA notices carefully. * Remember that the campus's obligation is to end the violation, not to collect or encourage "settlements". Except in egregious cases, entertainment companies don't seek damages from individual violators (although at one point, years ago, they did). What they want these days is for violations to stop, and for violators to not infringe in the future, and if they sense that campuses are being helpful by dealing reasonably with violators--as the vast majority of campuses do--they're happy. * DMCA complaints must provide sufficient information for the network service provider (that's the campus) to track down the violation. That usually means the complaint designates the IP address and precise timestamp where the violation was detected. That an IP address was listed in some online index doesn't suffice, and most DMCA complainants are careful to confirm that infringing material is actually available rather than just "advertised". * If an IP address doesn't trace to an individual (for example, it's a shared library computer that doesn't identify users), or the infringing material appears not to be available as claimed, then a campus can tell the complainant that the violation cannot be confirmed (but the campus still must ensure that any infringing material is no longer accessible). A touchy issue arises around NAT, especially wireless networks that assign internal addresses dynamically but don't keep logs of who had which address when. Carried to an extreme (as was the case for one campus I encountered during my time at NBCU), unlogged NAT can make all violators unidentifiable, and copyright holders are not amused by this: they see this as a conscious and intentional failure to "effectively combat". I hope some of this is useful. Also, I've blogged on occasion about this domain, for example in the posts "Story of S<http://gjackson.us/ruminations/?p=674>", "Notes From (or is it To?) the Dark Side<http://gjackson.us/ruminations/?p=739>", and "Revisiting IT Policy #2: Campus DMCA Notices<http://gjackson.us/ruminations/?p=891>", which may provide more context for those interested (or who are gluttons for punishment). In any case, I'd be happy to advise further, privately or publicly, if that would be useful. -- ________________________________ Greg Jackson gjackson.us • 1-202-596-9425 ________________________________
Current thread:
- FW: Notice of Copyright Infringement, Case #: U213042791 Wendell McCarty (Jun 01)
- FW: Notice of Copyright Infringement, Case #: U213042791 Wendell McCarty (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Kevin Wilcox (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Frank Barton (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Ken Connelly (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Paul Chauvet (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Frank Barton (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Paul Chauvet (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Kevin Wilcox (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Greg Jackson (Jun 01)
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Jarret Cummings (Jun 01)
- FW: Notice of Copyright Infringement, Case #: U213042791 Wendell McCarty (Jun 01)
- Message not available
- Re: FW: Notice of Copyright Infringement, Case #: U213042791 Dennis Levine (Jun 01)